daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #666 from ree4pwn/master 

Add CVE-2019-11581
patch-1
bauthard 2020-12-06 15:04:16 +05:30 committed by GitHub
parent 3177a56ef6 04d566eea5
commit f55188d593
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -11,11 +11,11 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
An overview of the nuclei template directory including number of templates and HTTP request associated with each directory.
### Nuclei templates `v7.3.0` overview
### Nuclei templates `v7.2.3` overview
| Templates | Counts | Templates | Counts |
|----|----|----|----|
| cves | 139 | files | 43 |
| cves | 140 | files | 43 |
| vulnerabilities | 39 | panels | 45 |
| technologies | 37 | security-misconfiguration | 24 |
| workflows | 16 | tokens | 8 |
@ -25,7 +25,7 @@ An overview of the nuclei template directory including number of templates and H
| wordlists | 1 | misc | 13 |
### Nuclei templates `v7.3.0` tree overview
### Nuclei templates `v7.2.3` tree overview
<details>
<summary> Nuclei templates </summary>
@ -75,6 +75,7 @@ An overview of the nuclei template directory including number of templates and H
│   ├── CVE-2019-11248.yaml
│   ├── CVE-2019-11510.yaml
│   ├── CVE-2019-11580.yaml
│   ├── CVE-2019-11581.yaml
│   ├── CVE-2019-12314.yaml
│   ├── CVE-2019-12461.yaml
│   ├── CVE-2019-12593.yaml
@ -440,7 +441,7 @@ An overview of the nuclei template directory including number of templates and H
</details>
**16 directories, 389 files**.
**16 directories, 390 files**.
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding.

31
cves/CVE-2019-11581.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2019-11581
info:
name: Atlassian Jira template injection
description: There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
author: ree4pwn
severity: critical
reference: https://github.com/jas502n/CVE-2019-11581
product: Jira
# This is detection template only, use the referenced link for the exploitation.
requests:
- method: GET
path:
- "{{BaseURL}}/secure/ContactAdministrators!default.jspa"
matchers:
- type: regex
regex:
- "\\(v4\\.4\\."
- "\\(v5\\."
- "\\(v6\\."
- "\\(v7\\.[012345789]\\."
- "\\(v7\\.1[0-2]\\."
- "\\(v7\\.6\\.([0-9]|[1][0-3])"
- "\\(v7\\.\\13\\.[0-4]"
- "\\(v8\\.0\\.[0-2]"
- "\\(v8\\.1\\.[0-1]"
- "\\(v8\\.2\\.[0-2]"
part: body
condition: or

1
workflows/jira-workflow.yaml
View File

@ -20,6 +20,7 @@ workflows:
- template: cves/CVE-2019-8442.yaml
- template: cves/CVE-2019-8449.yaml
- template: cves/CVE-2019-8451.yaml
- template: cves/CVE-2019-11581.yaml
- template: cves/CVE-2020-14179.yaml
- template: cves/CVE-2020-14181.yaml
- template: security-misconfiguration/jira-service-desk-signup.yaml