updated matcher

2024-08-25 06:35:44 +04:00 · 2024-08-25 06:35:44 +04:00 · 9278343c8c
parent 3f92960f83
commit 9278343c8c
1 changed files with 23 additions and 22 deletions
--- a/http/cves/2024/CVE-2024-6842.yaml
+++ b/http/cves/2024/CVE-2024-6842.yaml
@ -1,14 +1,16 @@
 id: CVE-2024-6842

 info:
-  name: AnythingLLM - Exposure sensitive info
-  author: ingbunga, rahaaaiii, asteria121, breakpack, gy741
+  name: AnythingLLM - Information Disclosure
+  author: ingbunga,rahaaaiii,asteria121,breakpack,gy741
  severity: high
  description: |
-    The /setup-complete API allows any user to access the current settings of AnythingLLM system.
-  impact: An attacker can use the vulnerability to obtain device administrator rights.
+    AnythingLLM suffers from an information disclosure vulnerability through the `/api/setup-complete` API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.
+  impact: |
+    An attacker can use the vulnerability to obtain device administrator rights.
  reference:
-    - Exposure of Sensitive Information to an Unauthorized Actor
+    - https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9e
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-6842
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -16,12 +18,11 @@ info:
    cwe-id: CWE-200
  metadata:
    max-request: 1
+    verified: true
    vendor: Mintplex Labs
    product: anything-llm
-    shodan-query:
-      - http.title:"AnythingLLM"
-      - http.title:"anythingllm"
-  tags: cve,cve2024,unauth,exposure,anything-llm,Mintplex-Labs
+    shodan-query: title:"AnythingLLM"
+  tags: cve,cve2024,unauth,exposure,anything-llm,mintplex-Labs

 requests:
  - method: GET
@ -30,18 +31,18 @@ requests:
    
    matchers-condition: and
    matchers:
+      - type: dsl
+        dsl:
+          - 'contains_all(body, "AuthToken\":true", "ApiKey\":true")'
+          - 'contains(header, "application/json")'
+          - 'status_code == 200'
+        condition: and
+
      - type: word
+        part: body
        words:
-          - "\"AgentGoogleSearchEngineId\":\""
-          - "\"AgentGoogleSearchEngineKey\":\""
-          - "\"AgentSerperApiKey\":\""
-          - "\"AgentBingSearchApiKey\":\""
-        
-      - type: word
-        words:
-          - "application/json"
-        part: header
-      
-      - type: status
-        status:
-          - 200
+          - '"AgentGoogleSearchEngineId":'
+          - -"AgentGoogleSearchEngineKey":'
+          - '"AgentSerperApiKey":'
+          - '"AgentBingSearchApiKey":'
+        condition: or