saving uncommitted changes in /etc prior to dnf run

crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22518.yaml

@@ -0,0 +1,21 @@
+type: trigger
+#debug: true
+name: crowdsecurity/CVE-2023-22518
+description: "Detect CVE-2023-22518 exploits"
+filter: |
+  Upper(evt.Meta.http_path) contains Upper('/json/setup-restore.action') &&
+  Upper(evt.Parsed.verb) == 'POST'
+blackhole: 1m
+groupby: "evt.Meta.source_ip"
+labels:
+  type: exploit
+  remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2023-22518
+  spoofable: 0
+  confidence: 1
+  behavior: "http:exploit"
+  label: "Atlassian Confluence Server CVE-2023-22518"
+  service: Atlassian Confluence