nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

CVE-2022-29153

Open schreddies opened this issue 6 months ago • 1 comments

Template CVE-2022-29153 missing vulnerable instances of consul, as some are not responding with the 400 error page and information regarding field disable_redirects. That said, I am guessing at some point the change was introduced.

Nuclei Version:

v3.3.1

Template file:

http/cves/2022/CVE-2022-29153.yaml

Command to reproduce:

False negative

  • Run consul in versions under 1.6.10 (vulnerable),
  • Run nuclei template nuclei -t http/cves/2022/CVE-2022-29153.yaml -u {{host}}:8500,
  • No results from template.

True positive

  • consul > 1.7.0
  • Run nuclei template against nuclei -t http/cves/2022/CVE-2022-29153.yaml -u {{host}}:8500
  • Instances identified correctly

schreddies avatar Aug 26 '24 10:08 schreddies