Update CVE-2020-12478.yaml

2022-08-17 16:45:20 +05:30 · 2022-08-17 16:45:20 +05:30 · d909ff8f56
parent 3dce4845b5
commit d909ff8f56
1 changed files with 13 additions and 12 deletions
--- a/cves/2020/CVE-2020-12478.yaml
+++ b/cves/2020/CVE-2020-12478.yaml
@ -1,34 +1,35 @@
 id: CVE-2020-12478

 info:
-  name: TeamPass 2.1.27.36 - Unauthenticated File Access
+  name: TeamPass 2.1.27.36 - Unauthenticated Access
  author: arafatansari
  severity: high
  description: |
    TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
  reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2020-12478
    - https://github.com/nilsteampassnet/TeamPass/issues/2764
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-12478
+  classification:
+    cve-id: CVE-2020-12478
  metadata:
+    verified: true
    shodan-query: http.html:"teampass"
-    verified: "true"
-  tags: file,cve,2020
+  tags: cve,cve2020,teampass,exposure

 requests:
-  - raw:
-      - |
-        GET /files/ldap.debug.txt HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - "{{BaseURL}}/files/ldap.debug.txt"

    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
-
      - type: word
        words:
          - 'Get all LDAP params'
          - 'type'
          - 'account_suffix'
        condition: and
+
+      - type: status
+        status:
+          - 200