id: CVE-2024-32651

info:
  name: Change Detection - Server Side Template Injection
  author: edoardottt
  severity: critical
  description: |
    A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-32651
    - https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3
    - https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21
    - https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2024-32651
    cwe-id: CWE-1336
    epss-score: 0.00045
    epss-percentile: 0.14322
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"Change Detection"
  tags: cve,cve2024,changedetection,ssti,rce,passive

http:
  - method: GET
    path:
      - "{{RootURL}}/"

    redirects: true
    max-redirects: 2

    extractors:
      - type: xpath
        name: version
        internal: true
        xpath:
          - "//*[@id=\"right-sticky\"]"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - "Change Detection"
        condition: and

      - type: dsl
        dsl:
          - compare_versions(version, '<= 0.45.20')
# digest: 490a004630440220166f3ac3c6c4657641c4499aa0d8cd1096190ee1a19bb4497770c30fac5558da0220174976fb80906ac6496cdb1e657106b3c93cdde5f8980ed3ab7c0bcf2de63113:922c64590222798bb761d5b6d8e72950