Cluster Overview - Unauthenticated Dashboard Exposure

What is the "Cluster Overview - Unauthenticated Dashboard Exposure?"

The "Cluster Overview - Unauthenticated Dashboard Exposure" module is designed to detect a specific misconfiguration vulnerability in a cluster. It targets the Trino software and focuses on the exposure of an unauthenticated dashboard. This module has a medium severity level and was authored by tess.

Impact

If this vulnerability is present, it could allow unauthorized access to the cluster's dashboard, potentially exposing sensitive information and allowing malicious actors to perform unauthorized actions.

How the module works?

This module works by sending an HTTP POST request to the "/ui/login" path of the target cluster. The request includes the necessary headers, such as "Content-Type: application/x-www-form-urlencoded". The module then applies matching conditions to the response to determine if the vulnerability is present.

The matching conditions include:

- Checking if the response body contains the words "Cluster Overview" and "Query Details". - Verifying that the response status is 200.

If both conditions are met, the module reports the vulnerability.

Example HTTP request:

POST /ui/login
Content-Type: application/x-www-form-urlencoded

[Request Body]

Note: The actual request body content is not provided in the module definition.