saving uncommitted changes in /etc prior to dnf run

2023-10-23 15:56:04 +03:00
parent 04237a62d6
commit 7817b40ae2
84 changed files with 6999 additions and 3629 deletions
--- a/crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22515.yaml
+++ b/crowdsec/hub/scenarios/crowdsecurity/CVE-2023-22515.yaml
@@ -0,0 +1,22 @@
+## CVE-2023-22515
+type: trigger
+name: crowdsecurity/CVE-2023-22515
+description: "Detect CVE-2023-22515 exploitation"
+filter: |
+  Lower(evt.Parsed.file_ext) == '.action' &&
+  (Lower(evt.Parsed.file_dir) contains '/setup' || Lower(evt.Parsed.file_frag) == 'server-info') &&
+  evt.Parsed.file_frag != nil
+blackhole: 1m
+groupby: "evt.Meta.source_ip"
+labels:
+  type: exploit
+  remediation: true
+  classification:
+    - attack.T1595
+    - attack.T1190
+    - cve.CVE-2023-22515
+  spoofable: 0
+  confidence: 1
+  behavior: "http:exploit"
+  label: "Confluence CVE-2023-22515"
+  service: confluence