Update CVE-2021-20114.yaml

patch-1
Prince Chaddha 2021-09-06 17:30:51 +05:30 committed by GitHub
parent 47a892d375
commit e1ab21616f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 5 deletions

View File

@ -4,17 +4,26 @@ info:
name: TCExam <= 14.8.1 Exposure of Sensitive Information to an Unauthorized Actor
author: n/a
severity: high
reference: https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
description: |
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
tags: cve,cve2021,tcexam
description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
reference:
- https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true
- https://nvd.nist.gov/vuln/detail/CVE-2021-20114
tags: cve,cve2021,tcexam,disclosure
requests:
- method: GET
path:
- "{{BaseURL}}/cache/backup/"
matchers-condition: and
matchers:
- type: word
words:
- "Index of /cache/backup"
- "Parent Directory"
- ".sql.gz"
condition: and
- type: status
status:
- 200