daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-0870.yaml

patch-1
Prince Chaddha 2022-04-02 16:26:03 +05:30 committed by GitHub
parent c371a40272
commit 51d9143fb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
cves/2022/CVE-2022-0870.yaml Normal file
View File

@ -0,0 +1,47 @@
id: CVE-2022-0870
info:
name: Gogs - SSRF
author: Akincibor
severity: medium
description: Server-Side Request Forgery (SSRF) in Gogs prior to 0.12.5.
reference: https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531/
tags: cve,ssrf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2022-0870
cwe-id: CWE-918
requests:
- method: GET
path:
- "{{BaseURL}}"
extractors:
- type: regex
name: version
internal: true
group: 1
regex:
- '<div class="ui left">\n\s+© \d{4} Gogs Version: ([\d.]+) Page:'
- type: regex
group: 1
regex:
- '<div class="ui left">\n\s+© \d{4} Gogs Version: ([\d.]+) Page:'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
part: body
regex:
- '<div class="ui left">\n\s+© \d{4} Gogs Version: ([\d.]+) Page:'
- type: dsl
dsl:
- to_string(version) < "0.12.5"