.. / CVE-2020-26214

Exploit for Alerta < 8.1.0 - Authentication Bypass (CVE-2020-26214)

Description:

Alerta prior to version 8.1.0 is prone to authentication bypass when using LDAP as an authorization provider and the LDAP server accepts Unauthenticated Bind requests.

Nuclei Template

View the template here CVE-2020-26214.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-26214.yaml

References:

https://tools.ietf.org/html/rfc4513#section-5.1.2
https://pypi.org/project/alerta-server/8.1.0/
https://nvd.nist.gov/vuln/detail/CVE-2020-26214
https://github.com/advisories/GHSA-5hmm-x8q8-w5jh
https://github.com/alerta/alerta/commit/2bfa31779a4c9df2fa68fa4d0c5c909698c5ef65

.. / CVE-2020-26214 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Alerta < 8.1.0 - Authentication Bypass (CVE-2020-26214)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-26214