nuclei-templates/cloud/aws/acm/acm-cert-expired.yaml

41 lines
1.3 KiB
YAML
Raw Normal View History

id: acm-cert-expired
info:
name: Expired ACM Certificates
author: princechaddha
severity: high
description: |
Ensure removal of expired SSL/TLS certificates in AWS Certificate Manager to comply with Amazon Security Best Practices.
impact: |
Expired certificates can lead to service interruptions and expose applications to man-in-the-middle attacks.
remediation: |
Regularly review ACM for expired certificates and delete them or replace with updated versions.
reference:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables:
region: "us-east-1"
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws acm list-certificates --region $region --certificate-statuses EXPIRED
matchers:
- type: word
words:
- 'CertificateArn'
extractors:
- type: json
name: certificatearn
json:
- '.CertificateSummaryList[] | .CertificateArn'
- type: dsl
dsl:
- 'region + " AWS region have expired SSL/TLS certificates"'
# digest: 490a00463044022020875df0814bb41d33d015a50a6a2d23309be5b695bad8ba9840f77e139f719b02205052abd88786969a3d7dcc2594b881841f82308df082a71df3b221085d1e9ceb:922c64590222798bb761d5b6d8e72950