ET WEB_SPECIFIC_APPS Metabase Setup-Token Information Disclosure - Required for CVE-2023-38646 - Suricata Rule 2047018 (et/open)

ET WEB_SPECIFIC_APPS Metabase Setup-Token Information Disclosure - Required for CVE-2023-38646

SID: 2047018Rev: 16 viewsHistory

Sourceet/open

CreatedAugust 2, 2023

UpdatedAugust 2, 2023

Classificationsuccessful-recon-limited

alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Metabase Setup-Token Information Disclosure - Required for CVE-2023-38646"; flow:established,to_client; http.response_body; content:"|22|Metabase|22 2c 22|"; fast_pattern; content:"|22|setup|2d|token|22 3a 22|"; pcre:"/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\x22/R"; reference:url,blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/; reference:cve,2023-38646; classtype:successful-recon-limited; sid:2047018; rev:1; metadata:attack_target Web_Server, created_at 2023_08_02, cve CVE_2023_38646, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_08_02, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:src_ip;)

References

url	blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
cve	2023-38646

Metadata

attack targetWeb_Server

created at2023_08_02

cveCVE-2023-38646

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityMajor

updated at2023_08_02

mitre tactic idTA0007

mitre tactic nameDiscovery

mitre technique idT1082

mitre technique nameSystem_Information_Discovery

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!