Skip to content

Commit

Permalink
automatic module_metadata_base.json update
Browse files Browse the repository at this point in the history
  • Loading branch information
msjenkins-r7 committed Apr 19, 2024
1 parent 4733d1d commit dce1a0b
Showing 1 changed file with 127 additions and 0 deletions.
127 changes: 127 additions & 0 deletions db/modules_metadata_base.json
Original file line number Diff line number Diff line change
Expand Up @@ -25139,6 +25139,70 @@

]
},
"auxiliary_gather/rancher_authenticated_api_cred_exposure": {
"name": "Rancher Authenticated API Credential Exposure",
"fullname": "auxiliary/gather/rancher_authenticated_api_cred_exposure",
"aliases": [

],
"rank": 300,
"disclosure_date": "2022-08-18",
"type": "auxiliary",
"author": [
"h00die",
"Florian Struck",
"Marco Stuurman"
],
"description": "An issue was discovered in Rancher versions up to and including\n 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys\n and Ranchers service account token (used to provision clusters),\n were stored in plaintext directly on Kubernetes objects like Clusters,\n for example cluster.management.cattle.io. Anyone with read access to\n those objects in the Kubernetes API could retrieve the plaintext\n version of those sensitive data.",
"references": [
"URL-https://github.com/advisories/GHSA-g7j7-h4q8-8w2f",
"URL-https://github.com/fe-ax/tf-cve-2021-36782",
"URL-https://fe.ax/cve-2021-36782/",
"CVE-2021-36782"
],
"platform": "",
"arch": "",
"rport": 443,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": null,
"mod_time": "2024-04-19 12:55:46 +0000",
"path": "/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb",
"is_install_path": true,
"ref_name": "gather/rancher_authenticated_api_cred_exposure",
"check": true,
"post_auth": true,
"default_credential": false,
"notes": {
"Stability": [

],
"Reliability": [

],
"SideEffects": [

]
},
"session_types": false,
"needs_cleanup": false,
"actions": [

]
},
"auxiliary_gather/redis_extractor": {
"name": "Redis Extractor",
"fullname": "auxiliary/gather/redis_extractor",
Expand Down Expand Up @@ -77677,6 +77741,69 @@
"session_types": false,
"needs_cleanup": true
},
"exploit_linux/http/panos_telemetry_cmd_exec": {
"name": "Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution",
"fullname": "exploit/linux/http/panos_telemetry_cmd_exec",
"aliases": [

],
"rank": 600,
"disclosure_date": "2024-04-12",
"type": "exploit",
"author": [
"remmons-r7",
"sfewer-r7"
],
"description": "This module exploits two vulnerabilities in Palo Alto Networks PAN-OS that\n allow an unauthenticated attacker to create arbitrarily named files and execute\n shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or\n GlobalProtect Portal enabled and telemetry collection on (default). Affected versions\n include < 11.1.0-h3, < 11.1.1-h1, < 11.1.2-h3, < 11.0.2-h4, < 11.0.3-h10, < 11.0.4-h1,\n < 10.2.5-h6, < 10.2.6-h3, < 10.2.8-h3, and < 10.2.9-h1. Payloads may take up to\n one hour to execute, depending on how often the telemetry service is set to run.",
"references": [
"CVE-2024-3400",
"URL-https://security.paloaltonetworks.com/CVE-2024-3400",
"URL-https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/",
"URL-https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis"
],
"platform": "Linux,Unix",
"arch": "cmd",
"rport": 443,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"Default"
],
"mod_time": "2024-04-18 18:34:18 +0000",
"path": "/modules/exploits/linux/http/panos_telemetry_cmd_exec.rb",
"is_install_path": true,
"ref_name": "linux/http/panos_telemetry_cmd_exec",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"Reliability": [
"repeatable-session"
],
"SideEffects": [
"ioc-in-logs",
"artifacts-on-disk"
]
},
"session_types": false,
"needs_cleanup": true
},
"exploit_linux/http/peercast_url": {
"name": "PeerCast URL Handling Buffer Overflow",
"fullname": "exploit/linux/http/peercast_url",
Expand Down

0 comments on commit dce1a0b

Please sign in to comment.