From 38d59c31fa6e6a46a8ee9306ce953a9a2395e5f8 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Fri, 7 Oct 2022 21:41:42 +0530 Subject: [PATCH 1/3] Added CVE-2022-40083 --- cves/2022/CVE-2022-40083.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 cves/2022/CVE-2022-40083.yaml diff --git a/cves/2022/CVE-2022-40083.yaml b/cves/2022/CVE-2022-40083.yaml new file mode 100644 index 0000000000..dd576199d5 --- /dev/null +++ b/cves/2022/CVE-2022-40083.yaml @@ -0,0 +1,31 @@ +id: CVE-2022-40083 + +info: + name: Labstack Echo < v4.9.0 - Open Redirect + author: pdteam + severity: medium + description: | + Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). + reference: + - https://github.com/labstack/echo/issues/2259 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-40083 + cwe-id: CWE-601 + +requests: + - method: GET + path: + - "{{BaseURL}}//interactsh.com%2f.." + + matchers-condition: and + matchers: + - type: word + part: location + words: + - '//interactsh.com/../' + + - type: status + status: + - 301 \ No newline at end of file From e275c207233e46ff163317945d660ab1aa5fbebf Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Fri, 7 Oct 2022 21:43:33 +0530 Subject: [PATCH 2/3] added tags --- cves/2022/CVE-2022-40083.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cves/2022/CVE-2022-40083.yaml b/cves/2022/CVE-2022-40083.yaml index dd576199d5..d6effe7301 100644 --- a/cves/2022/CVE-2022-40083.yaml +++ b/cves/2022/CVE-2022-40083.yaml @@ -13,6 +13,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-40083 cwe-id: CWE-601 + tags: cve,cve2022,redirect,labstack,echo requests: - method: GET @@ -28,4 +29,4 @@ requests: - type: status status: - - 301 \ No newline at end of file + - 301 From 838c426330350c42daa040fa4c87c3a30d6822e0 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 11 Oct 2022 15:48:48 +0530 Subject: [PATCH 3/3] Update CVE-2022-40083.yaml --- cves/2022/CVE-2022-40083.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2022/CVE-2022-40083.yaml b/cves/2022/CVE-2022-40083.yaml index d6effe7301..54cdac8d57 100644 --- a/cves/2022/CVE-2022-40083.yaml +++ b/cves/2022/CVE-2022-40083.yaml @@ -13,7 +13,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-40083 cwe-id: CWE-601 - tags: cve,cve2022,redirect,labstack,echo + tags: cve,cve2022,redirect,labstack requests: - method: GET