Update CVE-2021-20114.yaml

2021-09-06 17:30:51 +05:30 · 2021-09-06 17:30:51 +05:30 · e1ab21616f
parent 47a892d375
commit e1ab21616f
1 changed files with 14 additions and 5 deletions
--- a/cves/2021/CVE-2021-20114.yaml
+++ b/cves/2021/CVE-2021-20114.yaml
@ -4,17 +4,26 @@ info:
  name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor
  author: n/a
  severity: high
-  reference: https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
-  description: |
-    When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
-  tags: cve,cve2021,tcexam
+  description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
+  reference:
+    - https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-20114
+  tags: cve,cve2021,tcexam,disclosure

 requests:
  - method: GET
    path:
      - "{{BaseURL}}/cache/backup/"

+    matchers-condition: and
    matchers:
+      - type: word
+        words:
+          - "Index of /cache/backup"
+          - "Parent Directory"
+          - ".sql.gz"
+        condition: and
+
      - type: status
        status:
-          - 200
+          - 200