Skip to content

Commit

Permalink
automatic module_metadata_base.json update
Browse files Browse the repository at this point in the history
  • Loading branch information
msjenkins-r7 committed Dec 18, 2023
1 parent 45d2c7f commit be84dba
Showing 1 changed file with 60 additions and 0 deletions.
60 changes: 60 additions & 0 deletions db/modules_metadata_base.json
Original file line number Diff line number Diff line change
Expand Up @@ -95374,6 +95374,66 @@
"session_types": false,
"needs_cleanup": null
},
"exploit_multi/http/atlassian_confluence_unauth_backup": {
"name": "Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518)",
"fullname": "exploit/multi/http/atlassian_confluence_unauth_backup",
"aliases": [

],
"rank": 600,
"disclosure_date": "2023-10-31",
"type": "exploit",
"author": [
"Atlassian",
"jheysel-r7"
],
"description": "This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a\n Confluence instance administrator account. Using this account, an attacker can then perform all\n administrative actions that are available to Confluence instance administrator. This module uses the\n administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code\n execution on the target in the context of the of the user running the confluence server.",
"references": [
"URL-https://jira.atlassian.com/browse/CONFSERVER-93142",
"CVE-2023-22518"
],
"platform": "",
"arch": "",
"rport": 8090,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"Java"
],
"mod_time": "2023-12-14 12:42:23 +0000",
"path": "/modules/exploits/multi/http/atlassian_confluence_unauth_backup.rb",
"is_install_path": true,
"ref_name": "multi/http/atlassian_confluence_unauth_backup",
"check": true,
"post_auth": true,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"SideEffects": [
"config-changes"
],
"Reliability": [
"repeatable-session"
]
},
"session_types": false,
"needs_cleanup": null
},
"exploit_multi/http/atlassian_confluence_webwork_ognl_injection": {
"name": "Atlassian Confluence WebWork OGNL Injection",
"fullname": "exploit/multi/http/atlassian_confluence_webwork_ognl_injection",
Expand Down

0 comments on commit be84dba

Please sign in to comment.