From 65d2b6380b3950d6e810bb6efb3d1ebfa1bd6401 Mon Sep 17 00:00:00 2001 From: Takah1ro Date: Sun, 2 Mar 2025 12:14:25 +0900 Subject: [PATCH] Update vulnerable version --- .../modules/exploit/linux/http/dtale_rce_cve_2025_0655.md | 5 ++++- modules/exploits/linux/http/dtale_rce_cve_2025_0655.rb | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/documentation/modules/exploit/linux/http/dtale_rce_cve_2025_0655.md b/documentation/modules/exploit/linux/http/dtale_rce_cve_2025_0655.md index 699a2990be..52e86fa662 100644 --- a/documentation/modules/exploit/linux/http/dtale_rce_cve_2025_0655.md +++ b/documentation/modules/exploit/linux/http/dtale_rce_cve_2025_0655.md @@ -8,13 +8,16 @@ Once enabled, the /test-filter endpoint of the Custom Filters functionality can The vulnerability affects: - * 3.10.0 <= D-Tale <= 3.15.1 + * D-Tale <= 3.15.1 This module was successfully tested on: * D-Tale 3.15.1 installed on Ubuntu 24.04 * D-Tale 3.12.0 installed on Ubuntu 22.04 * D-Tale 3.10.0 installed on Ubuntu 22.04 + * D-Tale 3.0.0 installed on Ubuntu 22.04 + * D-Tale 2.5.1 installed on Ubuntu 22.04 + * D-Tale 2.4.0 installed on Ubuntu 22.04 ### Installation diff --git a/modules/exploits/linux/http/dtale_rce_cve_2025_0655.rb b/modules/exploits/linux/http/dtale_rce_cve_2025_0655.rb index 079fbf8fa5..35e6b7bd69 100644 --- a/modules/exploits/linux/http/dtale_rce_cve_2025_0655.rb +++ b/modules/exploits/linux/http/dtale_rce_cve_2025_0655.rb @@ -89,7 +89,7 @@ class MetasploitModule < Msf::Exploit::Remote return Exploit::CheckCode::Unknown('Failed to get version element.') if version_element.blank? version = Rex::Version.new(version_element&.text) - return Exploit::CheckCode::Safe("Version #{version} detected, which is not vulnerable.") unless version.between?(Rex::Version.new('3.10.0'), Rex::Version.new('3.15.1')) + return Exploit::CheckCode::Safe("Version #{version} detected, which is not vulnerable.") unless version <= Rex::Version.new('3.15.1') Exploit::CheckCode::Appears("Version #{version} detected.") end