fix

http/cves/2024/CVE-2024-9014.yaml

@@ -1,11 +1,11 @@
 id: CVE-2024-9014
 
 info:
-  name: pgAdmin4 - OAuth2 Authentication Bypass
+  name: pgAdmin 4 - OAuth2 Authentication Bypass
   author: s4e-io
   severity: critical
   description: |
-    pgAdmin4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
+    pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
   reference:
     - https://github.com/EQSTLab/CVE-2024-9014
     - https://nvd.nist.gov/vuln/detail/CVE-2024-9014
@@ -18,12 +18,12 @@ info:
     epss-score: 0.00043
     epss-percentile: 0.09595
   metadata:
-    max-request: 1
     verified: true
+    max-request: 1
     vendor: pgadmin-org
     product: pgadmin4
     fofa-query: "pgadmin4"
-  tags: cve,cve2024,pgadmin,info-leak
+  tags: cve,cve2024,pgadmin,info-leak,bypass
 
 http:
   - raw:
@@ -31,10 +31,21 @@ http:
         GET /login?next=/ HTTP/1.1
         Host: {{Hostname}}
 
+    matchers-condition: and
     matchers:
-      - type: dsl
-        dsl:
-          - 'contains_all(body, "<title>pgAdmin 4</title>", "OAUTH2_CLIENT_SECRET", "OAUTH2_CLIENT_ID")'
-          - 'contains(content_type,"text/html")'
-          - 'status_code == 200'
+      - type: regex
+        part: body
+        negative: true
+        regex:
+          - 'OAUTH2_CLIENT_SECRET": null'
+
+      - type: word
+        part: body
+        words:
+          - '<title>pgAdmin 4</title>'
+          - 'OAUTH2_CLIENT_SECRET'
         condition: and
+
+      - type: status
+        status:
+          - 200