From bf8bafec12b70f2815b29340b639039e93beaf1b Mon Sep 17 00:00:00 2001 From: nmasdoufi-ol Date: Tue, 29 Oct 2024 10:47:51 +0100 Subject: [PATCH 1/2] Add detection for CVE-2024-37383 --- agent/exploits/cve_2024_37383.py | 36 ++++++++++++ tests/exploits/cve_2024_37383_test.py | 81 +++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 agent/exploits/cve_2024_37383.py create mode 100644 tests/exploits/cve_2024_37383_test.py diff --git a/agent/exploits/cve_2024_37383.py b/agent/exploits/cve_2024_37383.py new file mode 100644 index 0000000..264fd62 --- /dev/null +++ b/agent/exploits/cve_2024_37383.py @@ -0,0 +1,36 @@ +"""Agent Asteroid implementation for CVE-2024-37383""" + +import re + +from agent import definitions +from agent import exploits_registry +from agent.exploits import webexploit + +VULNERABILITY_TITLE = "XSS via SVG Animate Attributes in Roundcube Webmail" +VULNERABILITY_REFERENCE = "CVE-2024-37383" +VULNERABILITY_DESCRIPTION = ( + "Roundcube Webmail before version 1.5.7 and versions 1.6.x before 1.6.7 contains a " + "cross-site scripting vulnerability that can be exploited via SVG animate attributes." +) +RISK_RATING = "HIGH" + + +@exploits_registry.register +class CVE202437383Exploit(webexploit.WebExploit): + accept_request = definitions.Request(method="GET", path="/") + check_request = definitions.Request(method="GET", path="/") + accept_pattern = [re.compile('"rcversion":')] + + # Matches: + # - All versions up to 1.5.7 (10507) + # - Versions 1.6.0 through 1.6.6 (10600-10606) + match_pattern = [ + re.compile(r'"rcversion":\s*(?:[0-1]0[0-5]0[0-6]|1060[0-6])'), + ] + + metadata = definitions.VulnerabilityMetadata( + title=VULNERABILITY_TITLE, + description=VULNERABILITY_DESCRIPTION, + reference=VULNERABILITY_REFERENCE, + risk_rating=RISK_RATING, + ) diff --git a/tests/exploits/cve_2024_37383_test.py b/tests/exploits/cve_2024_37383_test.py new file mode 100644 index 0000000..ecf2238 --- /dev/null +++ b/tests/exploits/cve_2024_37383_test.py @@ -0,0 +1,81 @@ +"""Unit tests for Agent Asteroid: CVE-2024-37383""" + +import requests_mock as req_mock + +from agent import definitions +from agent.exploits import cve_2024_37383 + + +def testCVE202437383_whenVersion156_reportFinding( + requests_mock: req_mock.mocker.Mocker, +) -> None: + """CVE-2024-37383 unit test: case when target is vulnerable (1.5.6).""" + requests_mock.get( + "http://localhost:80/", + text="""{"rcversion":10506,"product":"Roundcube Webmail"}""", + status_code=200, + ) + exploit_instance = cve_2024_37383.CVE202437383Exploit() + target = definitions.Target("http", "localhost", 80) + + accept = exploit_instance.accept(target) + vulnerabilities = exploit_instance.check(target) + + assert accept is True + assert len(vulnerabilities) > 0 + vulnerability = vulnerabilities[0] + assert ( + vulnerability.entry.title + == "XSS via SVG Animate Attributes in Roundcube Webmail" + ) + assert vulnerability.technical_detail == ( + "http://localhost:80 is vulnerable to CVE-2024-37383, " + "XSS via SVG Animate Attributes in Roundcube Webmail" + ) + + +def testCVE202437383_whenVersion166_reportFinding( + requests_mock: req_mock.mocker.Mocker, +) -> None: + """CVE-2024-37383 unit test: case when target is vulnerable (1.6.6).""" + requests_mock.get( + "http://localhost:80/", + text="""{"rcversion":10606,"product":"Roundcube Webmail"}""", + status_code=200, + ) + exploit_instance = cve_2024_37383.CVE202437383Exploit() + target = definitions.Target("http", "localhost", 80) + + accept = exploit_instance.accept(target) + vulnerabilities = exploit_instance.check(target) + + assert accept is True + assert len(vulnerabilities) > 0 + vulnerability = vulnerabilities[0] + assert ( + vulnerability.entry.title + == "XSS via SVG Animate Attributes in Roundcube Webmail" + ) + assert vulnerability.technical_detail == ( + "http://localhost:80 is vulnerable to CVE-2024-37383, " + "XSS via SVG Animate Attributes in Roundcube Webmail" + ) + + +def testCVE202437383_whenSafe_reportNothing( + requests_mock: req_mock.mocker.Mocker, +) -> None: + """CVE-2024-37383 unit test: case when target is safe.""" + requests_mock.get( + "http://localhost:80/", + text="""{"rcversion":10607,"product":"Roundcube Webmail"}""", + status_code=200, + ) + exploit_instance = cve_2024_37383.CVE202437383Exploit() + target = definitions.Target("http", "localhost", 80) + + accept = exploit_instance.accept(target) + vulnerabilities = exploit_instance.check(target) + + assert accept is True + assert len(vulnerabilities) == 0 From 6f93a4bcc2ca78b14a6b73b995ad575a786d0daf Mon Sep 17 00:00:00 2001 From: Nour Eddine Masdoufi Date: Tue, 29 Oct 2024 13:17:49 +0100 Subject: [PATCH 2/2] Update agent/exploits/cve_2024_37383.py Co-authored-by: Abderrahim HADDADI --- agent/exploits/cve_2024_37383.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/exploits/cve_2024_37383.py b/agent/exploits/cve_2024_37383.py index 264fd62..1ed8be9 100644 --- a/agent/exploits/cve_2024_37383.py +++ b/agent/exploits/cve_2024_37383.py @@ -12,7 +12,7 @@ "Roundcube Webmail before version 1.5.7 and versions 1.6.x before 1.6.7 contains a " "cross-site scripting vulnerability that can be exploited via SVG animate attributes." ) -RISK_RATING = "HIGH" +RISK_RATING = "MEDIUM" @exploits_registry.register