Merge branch 'main' into sns

patch-4
Prince Chaddha 2024-06-11 22:53:41 +04:00 committed by GitHub
commit 356ce0df99
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2500 changed files with 20958 additions and 15494 deletions

View File

@ -3,83 +3,17 @@ on:
push: push:
paths: paths:
- '.new-additions' - '.new-additions'
- 'cloud/aws/sns/sns-topic-public-accessible.yaml' - 'http/cves/2021/CVE-2021-38146.yaml'
- 'headless/webpack-sourcemap.yaml' - 'http/cves/2021/CVE-2021-38147.yaml'
- 'http/cnvd/2024/CNVD-2024-15077.yaml' - 'http/cves/2023/CVE-2023-38194.yaml'
- 'http/cves/2022/CVE-2022-0666.yaml' - 'http/cves/2023/CVE-2023-43472.yaml'
- 'http/cves/2022/CVE-2022-1580.yaml' - 'http/cves/2023/CVE-2023-6505.yaml'
- 'http/cves/2022/CVE-2022-34534.yaml' - 'http/cves/2023/CVE-2023-6786.yaml'
- 'http/cves/2023/CVE-2023-2059.yaml' - 'http/cves/2024/CVE-2024-23692.yaml'
- 'http/cves/2023/CVE-2023-3077.yaml' - 'http/exposed-panels/oracle-application-server-panel.yaml'
- 'http/cves/2023/CVE-2023-35162.yaml' - 'http/exposed-panels/veeam-backup-manager-login.yaml'
- 'http/cves/2023/CVE-2023-48084.yaml' - 'http/exposed-panels/wildix-collaboration-panel.yaml'
- 'http/cves/2024/CVE-2024-1380.yaml' - 'http/technologies/nperf-server-detect.yaml'
- 'http/cves/2024/CVE-2024-21683.yaml'
- 'http/cves/2024/CVE-2024-24919.yaml'
- 'http/cves/2024/CVE-2024-27348.yaml'
- 'http/cves/2024/CVE-2024-34470.yaml'
- 'http/cves/2024/CVE-2024-3495.yaml'
- 'http/cves/2024/CVE-2024-3822.yaml'
- 'http/cves/2024/CVE-2024-4358.yaml'
- 'http/cves/2024/CVE-2024-5230.yaml'
- 'http/default-logins/ampjuke-default-login.yaml'
- 'http/default-logins/cambium-networks/cambium-networks-default-login.yaml'
- 'http/default-logins/digital-watchdog/digital-watchdog-default-login.yaml'
- 'http/exposed-panels/busybox-repository-browser.yaml'
- 'http/exposed-panels/cisco-firepower-panel.yaml'
- 'http/exposed-panels/cox-business-panel.yaml'
- 'http/exposed-panels/digital-watchdog-panel.yaml'
- 'http/exposed-panels/f5-admin-interface.yaml'
- 'http/exposed-panels/fortinet/fortisiem-panel.yaml'
- 'http/exposed-panels/oracle-access-management.yaml'
- 'http/exposed-panels/oracle-peoplesoft-panel.yaml'
- 'http/exposed-panels/vrealize-hyperic-login-panel.yaml'
- 'http/exposures/tokens/wechat/wechat-secret-key.yaml'
- 'http/iot/netgear-boarddataww-rce.yaml'
- 'http/miscellaneous/directory-listing.yaml'
- 'http/misconfiguration/dont-panic-traceback.yaml'
- 'http/misconfiguration/installer/activecollab-installer.yaml'
- 'http/misconfiguration/installer/call-com-installer.yaml'
- 'http/misconfiguration/installer/cms-made-simple-installer.yaml'
- 'http/misconfiguration/installer/confluence-installer.yaml'
- 'http/misconfiguration/installer/cubebackup-setup-installer.yaml'
- 'http/misconfiguration/installer/easy-wi-installer.yaml'
- 'http/misconfiguration/installer/ejbca-enterprise-installer.yaml'
- 'http/misconfiguration/installer/flarum-installer.yaml'
- 'http/misconfiguration/installer/fleetcart-installer.yaml'
- 'http/misconfiguration/installer/glpi-installer.yaml'
- 'http/misconfiguration/installer/invicti-enterprise-installer.yaml'
- 'http/misconfiguration/installer/invoice-ninja-installer.yaml'
- 'http/misconfiguration/installer/jfa-go-installer.yaml'
- 'http/misconfiguration/installer/justfans-installer.yaml'
- 'http/misconfiguration/installer/librenms-installer.yaml'
- 'http/misconfiguration/installer/mura-cms-setup-installer.yaml'
- 'http/misconfiguration/installer/onlyoffice-installer.yaml'
- 'http/misconfiguration/installer/openemr-setup-installer.yaml'
- 'http/misconfiguration/installer/orchard-installer.yaml'
- 'http/misconfiguration/installer/pandora-fms-installer.yaml'
- 'http/misconfiguration/installer/profittrailer-installer.yaml'
- 'http/misconfiguration/installer/projectsend-installer.yaml'
- 'http/misconfiguration/installer/snipe-it-installer.yaml'
- 'http/misconfiguration/installer/stackposts-installer.yaml'
- 'http/misconfiguration/installer/tastyigniter-installer.yaml'
- 'http/misconfiguration/installer/ubersmith-installer.yaml'
- 'http/misconfiguration/installer/uvdesk-helpdesk-installer.yaml'
- 'http/misconfiguration/installer/virtual-smartzone-installer.yaml'
- 'http/misconfiguration/installer/wowonder-installer.yaml'
- 'http/technologies/cowboy-detect.yaml'
- 'http/technologies/gabia-server-detect.yaml'
- 'http/technologies/gotweb-detect.yaml'
- 'http/technologies/sparklighter-detect.yaml'
- 'http/vulnerabilities/other/aquatronica-info-leak.yaml'
- 'http/vulnerabilities/other/array-vpn-lfi.yaml'
- 'http/vulnerabilities/other/cerio-dt-rce.yaml'
- 'http/vulnerabilities/other/easycvr-info-leak.yaml'
- 'javascript/backdoor/proftpd-backdoor.yaml'
- 'javascript/detection/samba-detect.yaml'
- 'javascript/enumeration/rsync/rsync-list-modules.yaml'
- 'network/detection/bitvise-ssh-detect.yaml'
- 'passive/cves/2024/CVE-2024-25723.yaml'
workflow_dispatch: workflow_dispatch:
jobs: jobs:
triggerRemoteWorkflow: triggerRemoteWorkflow:

View File

@ -1,77 +1,11 @@
cloud/aws/sns/sns-topic-public-accessible.yaml http/cves/2021/CVE-2021-38146.yaml
headless/webpack-sourcemap.yaml http/cves/2021/CVE-2021-38147.yaml
http/cnvd/2024/CNVD-2024-15077.yaml http/cves/2023/CVE-2023-38194.yaml
http/cves/2022/CVE-2022-0666.yaml http/cves/2023/CVE-2023-43472.yaml
http/cves/2022/CVE-2022-1580.yaml http/cves/2023/CVE-2023-6505.yaml
http/cves/2022/CVE-2022-34534.yaml http/cves/2023/CVE-2023-6786.yaml
http/cves/2023/CVE-2023-2059.yaml http/cves/2024/CVE-2024-23692.yaml
http/cves/2023/CVE-2023-3077.yaml http/exposed-panels/oracle-application-server-panel.yaml
http/cves/2023/CVE-2023-35162.yaml http/exposed-panels/veeam-backup-manager-login.yaml
http/cves/2023/CVE-2023-48084.yaml http/exposed-panels/wildix-collaboration-panel.yaml
http/cves/2024/CVE-2024-1380.yaml http/technologies/nperf-server-detect.yaml
http/cves/2024/CVE-2024-21683.yaml
http/cves/2024/CVE-2024-24919.yaml
http/cves/2024/CVE-2024-27348.yaml
http/cves/2024/CVE-2024-34470.yaml
http/cves/2024/CVE-2024-3495.yaml
http/cves/2024/CVE-2024-3822.yaml
http/cves/2024/CVE-2024-4358.yaml
http/cves/2024/CVE-2024-5230.yaml
http/default-logins/ampjuke-default-login.yaml
http/default-logins/cambium-networks/cambium-networks-default-login.yaml
http/default-logins/digital-watchdog/digital-watchdog-default-login.yaml
http/exposed-panels/busybox-repository-browser.yaml
http/exposed-panels/cisco-firepower-panel.yaml
http/exposed-panels/cox-business-panel.yaml
http/exposed-panels/digital-watchdog-panel.yaml
http/exposed-panels/f5-admin-interface.yaml
http/exposed-panels/fortinet/fortisiem-panel.yaml
http/exposed-panels/oracle-access-management.yaml
http/exposed-panels/oracle-peoplesoft-panel.yaml
http/exposed-panels/vrealize-hyperic-login-panel.yaml
http/exposures/tokens/wechat/wechat-secret-key.yaml
http/iot/netgear-boarddataww-rce.yaml
http/miscellaneous/directory-listing.yaml
http/misconfiguration/dont-panic-traceback.yaml
http/misconfiguration/installer/activecollab-installer.yaml
http/misconfiguration/installer/call-com-installer.yaml
http/misconfiguration/installer/cms-made-simple-installer.yaml
http/misconfiguration/installer/confluence-installer.yaml
http/misconfiguration/installer/cubebackup-setup-installer.yaml
http/misconfiguration/installer/easy-wi-installer.yaml
http/misconfiguration/installer/ejbca-enterprise-installer.yaml
http/misconfiguration/installer/flarum-installer.yaml
http/misconfiguration/installer/fleetcart-installer.yaml
http/misconfiguration/installer/glpi-installer.yaml
http/misconfiguration/installer/invicti-enterprise-installer.yaml
http/misconfiguration/installer/invoice-ninja-installer.yaml
http/misconfiguration/installer/jfa-go-installer.yaml
http/misconfiguration/installer/justfans-installer.yaml
http/misconfiguration/installer/librenms-installer.yaml
http/misconfiguration/installer/mura-cms-setup-installer.yaml
http/misconfiguration/installer/onlyoffice-installer.yaml
http/misconfiguration/installer/openemr-setup-installer.yaml
http/misconfiguration/installer/orchard-installer.yaml
http/misconfiguration/installer/pandora-fms-installer.yaml
http/misconfiguration/installer/profittrailer-installer.yaml
http/misconfiguration/installer/projectsend-installer.yaml
http/misconfiguration/installer/snipe-it-installer.yaml
http/misconfiguration/installer/stackposts-installer.yaml
http/misconfiguration/installer/tastyigniter-installer.yaml
http/misconfiguration/installer/ubersmith-installer.yaml
http/misconfiguration/installer/uvdesk-helpdesk-installer.yaml
http/misconfiguration/installer/virtual-smartzone-installer.yaml
http/misconfiguration/installer/wowonder-installer.yaml
http/technologies/cowboy-detect.yaml
http/technologies/gabia-server-detect.yaml
http/technologies/gotweb-detect.yaml
http/technologies/sparklighter-detect.yaml
http/vulnerabilities/other/aquatronica-info-leak.yaml
http/vulnerabilities/other/array-vpn-lfi.yaml
http/vulnerabilities/other/cerio-dt-rce.yaml
http/vulnerabilities/other/easycvr-info-leak.yaml
javascript/backdoor/proftpd-backdoor.yaml
javascript/detection/samba-detect.yaml
javascript/enumeration/rsync/rsync-list-modules.yaml
network/detection/bitvise-ssh-detect.yaml
passive/cves/2024/CVE-2024-25723.yaml

View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------| |-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2490 | dhiyaneshdk | 1289 | http | 7477 | info | 3683 | file | 337 | | cve | 2511 | dhiyaneshdk | 1322 | http | 7547 | info | 3697 | file | 337 |
| panel | 1145 | daffainfo | 864 | file | 337 | high | 1728 | dns | 25 | | panel | 1157 | daffainfo | 865 | file | 337 | high | 1770 | dns | 25 |
| wordpress | 976 | dwisiswant0 | 803 | workflows | 191 | medium | 1520 | | | | wordpress | 983 | dwisiswant0 | 803 | workflows | 191 | medium | 1528 | | |
| exposure | 916 | pussycat0x | 354 | network | 135 | critical | 1035 | | | | exposure | 948 | pussycat0x | 362 | network | 134 | critical | 1044 | | |
| xss | 906 | pikpikcu | 353 | cloud | 98 | low | 263 | | | | xss | 911 | ritikchaddha | 354 | cloud | 99 | low | 265 | | |
| wp-plugin | 847 | ritikchaddha | 346 | code | 81 | unknown | 39 | | | | wp-plugin | 852 | pikpikcu | 353 | code | 81 | unknown | 39 | | |
| osint | 804 | pdteam | 297 | javascript | 57 | | | | | | osint | 804 | pdteam | 297 | javascript | 60 | | | | |
| tech | 682 | princechaddha | 269 | ssl | 29 | | | | | | tech | 686 | princechaddha | 269 | ssl | 29 | | | | |
| lfi | 658 | ricardomaia | 232 | dns | 22 | | | | | | lfi | 662 | ricardomaia | 232 | dns | 22 | | | | |
| misconfig | 620 | geeknik | 231 | dast | 21 | | | | | | misconfig | 659 | geeknik | 231 | dast | 21 | | | | |
**640 directories, 8753 files**. **649 directories, 8828 files**.
</td> </td>
</tr> </tr>

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------| |-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2490 | dhiyaneshdk | 1289 | http | 7477 | info | 3683 | file | 337 | | cve | 2511 | dhiyaneshdk | 1322 | http | 7547 | info | 3697 | file | 337 |
| panel | 1145 | daffainfo | 864 | file | 337 | high | 1728 | dns | 25 | | panel | 1157 | daffainfo | 865 | file | 337 | high | 1770 | dns | 25 |
| wordpress | 976 | dwisiswant0 | 803 | workflows | 191 | medium | 1520 | | | | wordpress | 983 | dwisiswant0 | 803 | workflows | 191 | medium | 1528 | | |
| exposure | 916 | pussycat0x | 354 | network | 135 | critical | 1035 | | | | exposure | 948 | pussycat0x | 362 | network | 134 | critical | 1044 | | |
| xss | 906 | pikpikcu | 353 | cloud | 98 | low | 263 | | | | xss | 911 | ritikchaddha | 354 | cloud | 99 | low | 265 | | |
| wp-plugin | 847 | ritikchaddha | 346 | code | 81 | unknown | 39 | | | | wp-plugin | 852 | pikpikcu | 353 | code | 81 | unknown | 39 | | |
| osint | 804 | pdteam | 297 | javascript | 57 | | | | | | osint | 804 | pdteam | 297 | javascript | 60 | | | | |
| tech | 682 | princechaddha | 269 | ssl | 29 | | | | | | tech | 686 | princechaddha | 269 | ssl | 29 | | | | |
| lfi | 658 | ricardomaia | 232 | dns | 22 | | | | | | lfi | 662 | ricardomaia | 232 | dns | 22 | | | | |
| misconfig | 620 | geeknik | 231 | dast | 21 | | | | | | misconfig | 659 | geeknik | 231 | dast | 21 | | | | |

View File

@ -11,8 +11,9 @@ info:
Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes. Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes.
reference: reference:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html - https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -54,4 +55,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The AWS ACM Certificate " + certificate +" is about to expire in 30 days"' - '"The AWS ACM Certificate " + certificate +" is about to expire in 30 days"'
# digest: 4a0a004730450220756b5be6dcc7136b4b633c69403bc8a7d096c35c2a8275b99855b974e5c6ddd102210097de27a237f011112a45966e4320e15b0b9ee2af6762bd66817106963c31b0d8:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100bc7d6e62968fc709c8201354d29b61784664ef5c5ebed70a6a8b305447b93725022100bad54d48aab6fdd1356608d1940730ea10536641398de6172861695612abd412:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes. Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes.
reference: reference:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html - https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -54,4 +55,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The AWS ACM Certificate " + certificate +" is about to expire in 30 days"' - '"The AWS ACM Certificate " + certificate +" is about to expire in 30 days"'
# digest: 490a00463044022030b5597eb0c060a9e40e23a74f07216222b2df8f53391b091624a8fb3a5fc7b8022007201e8fa3b8699eed20222e46d207fb8b271fbc1c20092e96bb5a2d3740a5d5:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402202b2fedb03a19db3f9d0f87fdc3982c926a2478e6e2903d2fbb55b63561d3a29c0220337c43e0512cc540287235d9f3489fb5af0dc783ae118c4341c27e2812a8d8c7:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Use AWS ACM for certificate provisioning and ensure domain validation steps are correctly followed for each certificate issued or renewed. Use AWS ACM for certificate provisioning and ensure domain validation steps are correctly followed for each certificate issued or renewed.
reference: reference:
- https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html - https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The issue/renewal request for " + certificatearn + " SSL/TLS certificate was not validated"' - '"The issue/renewal request for " + certificatearn + " SSL/TLS certificate was not validated"'
# digest: 4a0a0047304502210089639de3f7c36e53216707ebb4296d7ca7744e1227c45977772e3a5a2fa492e2022032c5f3a8a70224d2aad87a042558ad554bc58170e274510715cca40dc0e67ec3:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502210092b18eb3a24d6dea12fc385763c84745bf8201424ef620661e9c9fbb1b3b513a02201dc10c6f007cea631d51e81c2b6c883bf6c530a4de13398dea1c605b4a925714:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Replace wildcard ACM certificates with single domain name certificates for each domain/subdomain within your AWS account. This enhances security by ensuring each domain/subdomain has its own unique private key and certificate. Replace wildcard ACM certificates with single domain name certificates for each domain/subdomain within your AWS account. This enhances security by ensuring each domain/subdomain has its own unique private key and certificate.
reference: reference:
- https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html - https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- 'certificatearn + " AWS ACM certificate is a wildcard certificate"' - 'certificatearn + " AWS ACM certificate is a wildcard certificate"'
# digest: 4a0a00473045022100f6ea9830b40920522f8151d891ae384572efefa30076cbf061bb313303abe50d022030dcf2a11227f66c51c43294228e264bf6b0eee1ae359cc2b84272c834de6351:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022078c25c2aeb4e1ecb7851bfcf3e176bbd0eff547432a2a5ec04d150b1c3fbfdaf022100b3e428a513082fb7357f95e92309d0dfe47823bc6eb40cc403cc2836756ccd60:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Checks if AWS CLI is set up and all necessary tools are installed on the environment. Checks if AWS CLI is set up and all necessary tools are installed on the environment.
reference: reference:
- https://aws.amazon.com/cli/ - https://aws.amazon.com/cli/
metadata:
max-request: 2
tags: cloud,devops,aws,amazone,aws-cloud-config tags: cloud,devops,aws,amazone,aws-cloud-config
variables: variables:
@ -50,4 +52,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"AWS CLI is properly configured for account \"" + account + "\" and all the necessary tools required are installed"' - '"AWS CLI is properly configured for account \"" + account + "\" and all the necessary tools required are installed"'
# digest: 4b0a00483046022100a05a196d8113f7a6f2a0ad341f9cecb882fe6fb7067812b6fc3d60482a736759022100a2d1867891aecfc696770bef70553de20c1cf97b6dbb29a4158fee3a08522c69:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100c79a6583acb05a00dfa742962972031f8c42ae9ce85aabc1c9edb1ae7ebd9368022100b98762cb406a952a4115e28bb639f0d16d02e0b737012da638e3bf3f5d73f5f5:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable data event logging in CloudTrail for S3 buckets to ensure detailed activity monitoring and logging for better security and compliance. Enable data event logging in CloudTrail for S3 buckets to ensure detailed activity monitoring and logging for better security and compliance.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"CloudTrail trail" + trail + " is not configured to capture resource operations performed on or within an AWS cloud resource"' - '"CloudTrail trail" + trail + " is not configured to capture resource operations performed on or within an AWS cloud resource"'
# digest: 490a0046304402201faa9752ffea7342ad3012c17528ce7ac93a419f258bc0022f82daca0c116b060220047829932aa4d96d6a578faf2884e39bb46badf9ec8f4f4704a2cabdc2cc93a5:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100da87f9b597db66bbcf87384782b53d2b838ad5c8b6c89924afc2607aa6c92bdf022100849208d4cb009645e9a5d9bf73dd7dfa351b390b23991bffa72a85d99ca0ac4c:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable CloudTrail in all AWS regions through the AWS Management Console or CLI to ensure comprehensive activity logging and monitoring. Enable CloudTrail in all AWS regions through the AWS Management Console or CLI to ensure comprehensive activity logging and monitoring.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-getting-started.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-getting-started.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"CloudTrail trail" + trail + " is not configured to receive log files from all the AWS cloud regions"' - '"CloudTrail trail" + trail + " is not configured to receive log files from all the AWS cloud regions"'
# digest: 490a0046304402201443ece0d6b4fbc1cddf7c13cedcdea324540e873081d0b64225178ee3dc2d1402203d677bdd02490a8f5a90d8e2abfa5499df844303bd18b1c2250ee3737a6ce1c3:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100a7330af1aa9ad989dc95304b0e71f8479849de9782179443c3b7caf9d9373add022034c783da46b9b3b530bbb04d08b70e1803c5d298104e3d65659addd1a8c839d9:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Configure only one multi-region trail to log global service events and disable global service logging for all other trails. Configure only one multi-region trail to log global service events and disable global service logging for all other trails.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Ensure only one trail in Amazon CloudTrail is configured for global service events to avoid duplicates: " + trail' - '"Ensure only one trail in Amazon CloudTrail is configured for global service events to avoid duplicates: " + trail'
# digest: 4a0a00473045022100863a23e0d723ae8fd1912b96f52fdd5a22168d4fedd110138ac6b8e75434ef83022040c6c4f2d88276a08fc5faa9c4601c70615bcf8d0969cbe2dbf642c7f8186b43:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100c35edad75ea1ac20bfb4e2cbe8b2b4e8fc3b29c40e7ff611808957ab6d83f303022100a77f7c148769b6ca2d6277298d4a5269e1bb2092f609f67cef8e8152a67f02eb:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable global service logging in CloudTrail by creating or updating a trail to include global services. This ensures comprehensive activity monitoring. Enable global service logging in CloudTrail by creating or updating a trail to include global services. This ensures comprehensive activity monitoring.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"CloudTrail trail" + trail + " is not configured to record API calls for AWS global services"' - '"CloudTrail trail" + trail + " is not configured to record API calls for AWS global services"'
# digest: 4a0a004730450221009edff671d27bdeaf0556428297d56afb1404ff3032d9ae4b61578c2b239ec4c502202ea0baf81ef1917992591736e8dfd44578f85f84bbb8c869fca718fecefac3c0:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100f10c2c9b4cb87ac0e4d1bdcdbf1f22db6d84b775136499410fe1fd92ba1ad9c5022100eecaa6515470a95ff633ad2df025ded9d8c20f051189a648b1f862861ceb3599:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable CloudTrail log file validation and configure CloudWatch Logs to monitor CloudTrail log files. Create CloudWatch Alarms for specific events of interest. Enable CloudTrail log file validation and configure CloudWatch Logs to monitor CloudTrail log files. Create CloudWatch Alarms for specific events of interest.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,cloudwatch,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,cloudwatch,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"CloudTrail trail" + trail + " is not configured to send events to CloudWatch Logs for monitoring purposes"' - '"CloudTrail trail" + trail + " is not configured to send events to CloudWatch Logs for monitoring purposes"'
# digest: 4a0a00473045022003841e6c5e526ca9c51573554cb8b79f921518607b91025823f13325bc700fd7022100c936d849e5d2106d6079dc7524894c444881996c94755ba76bff9a313b01b47b:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450221008bdf150f8abb8be1e258c067aae73857443f219a130cf41d0cc3d9c0c6d45ab302205479a358041954f9d0aa04b2145860008c3732d303a381268f0c31a0148495dd:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable log file integrity validation on all CloudTrail trails to ensure the integrity and authenticity of your logs. Enable log file integrity validation on all CloudTrail trails to ensure the integrity and authenticity of your logs.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The log file integrity validation is not enabled for CloudTrail trail" + trail' - '"The log file integrity validation is not enabled for CloudTrail trail" + trail'
# digest: 4a0a00473045022100facdee59eb1d2eca53313cf4f8de941c2f7a0857645f153ad2a64c81b51d9a67022059981aa1842b49de13fc78b6673e74c755632f673f08c402ad66f59074cc2e37:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100e301d2ce8df52b0170dbbbee6ca44cc69ea46fd81c0ff3dd3264dc81a8548c2402206321af47afdb4655e6ed862dbdc015d73cf98840e24c43636f0a2a28e2feb81c:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable Server-Side Encryption (SSE) for CloudTrail logs using an AWS KMS key through the CloudTrail console or AWS CLI. Enable Server-Side Encryption (SSE) for CloudTrail logs using an AWS KMS key through the CloudTrail console or AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -60,4 +61,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"CloudTrail trail " + trail + " is not configured to encrypt log files using SSE-KMS encryption"' - '"CloudTrail trail " + trail + " is not configured to encrypt log files using SSE-KMS encryption"'
# digest: 4b0a00483046022100b39586900f3cb7a7ce2582be709c7b3d1b25bceaf0f6d35887c3a3d62bfff8d80221009aa3a72ddade09b522655349a54b6cb7e6e0ebd3b36d85b30899b283e77dc90d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100fb8aa2e414f88294926325f90076733d4a7d4af4ac18c47b9b82564412f5a2250220104bc5c6dcda1248db44229720dda05561319e3549bb6437ea1c97c6c099421c:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable MFA Delete on CloudTrail buckets via the S3 console or AWS CLI. Enable MFA Delete on CloudTrail buckets via the S3 console or AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html - https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html
metadata:
max-request: 3
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -70,4 +71,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The MFA Delete feature is not enabled for the S3 bucket " + bucket + " associated with the CloudTrail " + trail' - '"The MFA Delete feature is not enabled for the S3 bucket " + bucket + " associated with the CloudTrail " + trail'
# digest: 490a00463044022042298637fc3947aaaab32dc59fb448c2c08e310bc0ca8a81f04d219b3e3643e4022029d99b37008c16622b5f08d7c27548c42cbfa80b8face6e766a180fe14abb003:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022003bb18e55eae6aa19233a988216a85ab85d1321a68dee66dc295ce19735d9900022100bbfbf82a13f2a4e5693299287c29e50507941e1576d01425abdb7a5b0e68f775:922c64590222798bb761d5b6d8e72950

View File

@ -11,9 +11,9 @@ info:
Enable management event logging in CloudTrail by creating a new trail or updating existing trails to include management events. Enable management event logging in CloudTrail by creating a new trail or updating existing trails to include management events.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -54,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"CloudTrail trail" + trail + " is not configured to capture management operations performed on your AWS cloud resources"' - '"CloudTrail trail" + trail + " is not configured to capture management operations performed on your AWS cloud resources"'
# digest: 4a0a00473045022071c61afb61f0c431e2f7edf10563f582ede9a3a52e70a847ac8c6423758f5777022100e921cca38de3640c42ba86369837d9015c0b7b371c218eac3281f789392f77bd:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100f0879bcbe45c9ed0c8921338f6384c009e9a4e2b4e9b8199e3b462fcb93ca7bb02202ba77a0927be3707abc226f4b5d0c4116cd8f2b4d463e8f822e8defbe7934e4e:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Restrict S3 bucket access using bucket policies or IAM policies to ensure that CloudTrail logs are not publicly accessible. Restrict S3 bucket access using bucket policies or IAM policies to ensure that CloudTrail logs are not publicly accessible.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"CloudTrail trail" + trail + " is not configured to record API calls for AWS global services"' - '"CloudTrail trail" + trail + " is not configured to record API calls for AWS global services"'
# digest: 4a0a00473045022039127acbaf7f578247fb47cdfe1a2fdd2a67e57bca815a7786011743df98451c022100c8e1b247da863d14ae8ba023a1f7d05ea77faf28cc1d1c4eb5752c0976d54b0b:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450220153c8058c6e3274fd6caf2b309baa876492c64fa5978590b21938000e9416aa6022100faaf8886e0deb971d17b2f325fc402814e59ce66ff16ea343543e3b6b3f13773:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable Server Access Logging on the S3 bucket used by CloudTrail. Configure the logging feature to capture all requests made to the CloudTrail bucket. Enable Server Access Logging on the S3 bucket used by CloudTrail. Configure the logging feature to capture all requests made to the CloudTrail bucket.
reference: reference:
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
metadata:
max-request: 3
tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -70,4 +71,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Access logging is not enabled for the S3 bucket associated with CloudTrail trail " + trail' - '"Access logging is not enabled for the S3 bucket associated with CloudTrail trail " + trail'
# digest: 4a0a00473045022100fc881c1ddc9a2e0229e8f3fbac211a1e5c3b7dac4363cd0611c002a55f455dc602201c3c0d885e1b03e7c10a09dbe42871bd2eeb1ffb62360ece9e5297a0d07e6953:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100bfe94b20d18063458c694381cd23f96dd8023473e8b9e8151922295b88bff033022044b9f7a79baa2caa0d4ae5406a2701c73c77ddc43da72190b32f1e6ec1fa21ca:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable S3 Object Lock in Governance mode with a retention period that meets your compliance requirements for CloudTrail S3 buckets. Enable S3 Object Lock in Governance mode with a retention period that meets your compliance requirements for CloudTrail S3 buckets.
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html - https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
metadata:
max-request: 3
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
variables: variables:
region: "ap-south-1" region: "ap-south-1"
@ -71,4 +72,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The Object Lock feature is not enabled for the S3 bucket associated with the CloudTrail trail " + trail' - '"The Object Lock feature is not enabled for the S3 bucket associated with the CloudTrail trail " + trail'
# digest: 4b0a00483046022100cdae2dc4719a039aae0873a5c1a1b4f5797593a1f555ee93a6752d408a181ebd022100f0decf46ad9b338bbcd2ea531acf088dcb76a0e605d9d7032130351113b92b43:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100adf9327a943f74cada1c893502adad96b8db198c24c0211486944503bc818dc202205d41291ad41820b5afe0d7d1eb4061acde307124ff04b588b1cb3fbeec75f54c:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Configure at least one action for each CloudWatch alarm to ensure timely response to monitored issues. Configure at least one action for each CloudWatch alarm to ensure timely response to monitored issues.
reference: reference:
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The Amazon CloudWatch " + alarm +" is not configured with any actions for the ALARM state."' - '"The Amazon CloudWatch " + alarm +" is not configured with any actions for the ALARM state."'
# digest: 4a0a004730450220699edd21da9a908d8160230a38300e78c76cce31988d83565ed8b7a0c9b41d70022100c607f34933362074e992f81390dae32347f888ffa68a9d97aac8aad03a388f55:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100f3558add899cfc87cef41ebadd1b931c1250bf0f7255e53a67e1aa663b37925b02204010a3c40e8a0ad49ac62d537bcf1a2e4da4d59b40ebc78d5c56e03d1f89348d:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable actions for each CloudWatch alarm by setting the ActionEnabled parameter to true, allowing for automated responses to alarms. Enable actions for each CloudWatch alarm by setting the ActionEnabled parameter to true, allowing for automated responses to alarms.
reference: reference:
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The Amazon CloudWatch " + alarm + " does not have any active actions configured"' - '"The Amazon CloudWatch " + alarm + " does not have any active actions configured"'
# digest: 4b0a00483046022100c25b4a5bed3d8e28421708a03ab05c2b09f619f6c38472a34377d2db18e4d730022100d057819cf7fbf55503e3a93b82daa4b438fb204056422e34bbcb5a6ddb4d425e:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402204f22697b5c7a4b568fa37b48600e0f99f469922bdd208491966d4eef4fd6355d02204f33504b85a9de2df430dde270e0f481760be59ca0340bb93c245143558b0444:922c64590222798bb761d5b6d8e72950

View File

@ -11,9 +11,9 @@ info:
Modify the EC2 instance metadata options to set `HttpTokens` to `required`, enforcing the use of IMDSv2. This can be done via the AWS Management Console, CLI, or EC2 API. Modify the EC2 instance metadata options to set `HttpTokens` to `required`, enforcing the use of IMDSv2. This can be done via the AWS Management Console, CLI, or EC2 API.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +53,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- 'ami + " is publically shared"' - 'ami + " is publically shared"'
# digest: 4b0a00483046022100a9c93182cc816c3d5bc33cf11b0b8fa7f667153ee8f1c742c1c50da21309f666022100eec3b3b58d54dc9609e9b3b5cbe5feefd239ed07c12958cf75456d961aa3258a:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022014b5f386ded068e3ca4990545da3f49124b5e48e86bea8ea94a380c367e3aeb9022100ed0ecb915d4c1b7be7a7906ffa2a55a2988669e3418301b6886a45df6a57b337:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Restrict public IP assignment for EC2 instances, particularly for backend instances. Use private IPs and manage access via AWS VPC and security groups. Restrict public IP assignment for EC2 instances, particularly for backend instances. Use private IPs and manage access via AWS VPC and security groups.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The Amazon Instance " + ec2instance + " uses public IP addresses"' - '"The Amazon Instance " + ec2instance + " uses public IP addresses"'
# digest: 4a0a00473045022100f1dcc6e7fab82b9688102b0f02fddc8c9930007bc885800ac26e4e5ea412ed670220667fdf2d67ebff9d4346a853856402dbd78197c727feae253e6629f53de0f957:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100d6d48dea82c4b3c88a81c6060dbedadb56502f1d2b692dd7d309e67b7d20504602203063ae7dcaa055dc54d9d6f0f534a96feb3966280b2a9004201fc21fe7752964:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Restrict egress traffic in EC2 security groups to only necessary IP addresses and ranges, adhering to the Principle of Least Privilege. Restrict egress traffic in EC2 security groups to only necessary IP addresses and ranges, adhering to the Principle of Least Privilege.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#sg-rules - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#sg-rules
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -54,4 +55,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Amazon EC2 security group(s) " + groupid + " allows unrestricted outbound traffic"' - '"Amazon EC2 security group(s) " + groupid + " allows unrestricted outbound traffic"'
# digest: 490a0046304402200e8c75db5d5e8809d4e97173605a8d845e49d80bd788de5a7ba6cefc77f9110202200e57d1342300e4858c189e8dd15e8084cbf17f2f75ab3f8fbe8134979f4a6bbe:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022020d4b03ec7e884a6a9516b16ab27112d3d1e307bdd145875d8a47c5f85e8c5dd022100c3bcec6be21508dcf10fe542df392d777029d8f8658479f1690c7d38f234f7fc:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Restrict access to uncommon ports in EC2 security groups, permitting only necessary traffic and implementing stringent access controls. Restrict access to uncommon ports in EC2 security groups, permitting only necessary traffic and implementing stringent access controls.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -54,4 +55,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Amazon EC2 security group(s) " + groupid + " allows unrestricted inbound traffic"' - '"Amazon EC2 security group(s) " + groupid + " allows unrestricted inbound traffic"'
# digest: 4b0a004830460221009b9e3e94679739de1a688c3b15bc4f592472272245df9bfbc675211eeaa6f45602210097597c2bae7f04a1d2440e25e37986679daa91e6e8fe277cb1fb99874d2e5fd0:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100881b4639e87b866a26e2397b65cebda755a3e870faa83f93122314e58a111837022100bf8b00a4e7ac9fc0f71faf6314470a221c9a95af8b3590c7076267d4badd9592:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Restrict AMI sharing to specific, trusted AWS accounts and ensure they are not publicly accessible. Restrict AMI sharing to specific, trusted AWS accounts and ensure they are not publicly accessible.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ami,aws-cloud-config tags: cloud,devops,aws,amazon,ami,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- 'ami + " AMI is publically shared"' - 'ami + " AMI is publically shared"'
# digest: 4a0a004730450220193e6725ccb97bbd7071e4dad36601e0e8625dd4901a653eacf3141faf6e8a82022100d7d61c14183f4a6563ac749634aa9af5e01332d52583cba6e703cf4958bbe63f:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502202170a728aa9a257c4f5c57f8cbe604df3b4288eb8d54deeaf7e1c8961e392c4d022100c0f6fffcdfbf887cdf6b0bf253f5d468b33670e054ff2669b3dc4c2245560595:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Encrypt your AMIs using AWS managed keys or customer-managed keys in the AWS Key Management Service (KMS) to ensure data security. Encrypt your AMIs using AWS managed keys or customer-managed keys in the AWS Key Management Service (KMS) to ensure data security.
reference: reference:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- 'ami + " AMI is not encrypted"' - 'ami + " AMI is not encrypted"'
# digest: 4a0a00473045022100a7b00e475c508994eab83d044d65086d511d0dcdde83abed644133c35775d4a402203ff217b94895c174e5d6036a27c3cedba4e74cc0b2a4fb957b71390c2d7454eb:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022006b2a8f1493aca05a5bbb6dd85e177cfacec3cf7e380e0bdd32179719555a881022100f893098f309383eacc3b8fff8a3394101a3bd39897babe77b4ac0911555498ba:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Verifies that no Amazon IAM policies grant full administrative privileges, ensuring adherence to the Principle of Least Privilege Verifies that no Amazon IAM policies grant full administrative privileges, ensuring adherence to the Principle of Least Privilege
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy-version.html - https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy-version.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,iam,aws-cloud-config tags: cloud,devops,aws,amazon,iam,aws-cloud-config
flow: | flow: |
@ -49,4 +51,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The IAM policy " + policy +" is Overly Permissive"' - '"The IAM policy " + policy +" is Overly Permissive"'
# digest: 4a0a0047304502203eeeb24dbf1cfd3f41550e0c0b66bfb9ba23ea9912139aa2385e48b3a668d336022100dcb4c90fbb816ab247ea9d506497b900640b3d052bb2ce2b2f8b9a9e7fe58d9e:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450221008bc9f722616e4216ee5bccead511cb6086d4f998014314d8a8478ec44f424f40022029c5288eda6b59b7217a8836cb5d506e7b7ad234f6272fe94570815dc7b0d0a6:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Checks if IAM user access keys are rotated every 90 days to minimize accidental exposures and unauthorized access risks Checks if IAM user access keys are rotated every 90 days to minimize accidental exposures and unauthorized access risks
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html - https://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,iam,aws-cloud-config tags: cloud,devops,aws,amazon,iam,aws-cloud-config
flow: | flow: |
@ -47,4 +49,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The IAM Key " + accesskey +" is older than 90 days"' - '"The IAM Key " + accesskey +" is older than 90 days"'
# digest: 4a0a00473045022100d15b76ce838fa09da565afb9414204e3a5bc5487d1cca1ea4fb3560c339ac6f60220291edc1503af6dfa14709487d50d0eff776aafaaf1d07580cc1199ea21fb48ed:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502202a9b12e596c433a426976cc985f93e87eb624f05932b7e78a72dd633496726fa022100db223fbc664946a1d52e6916fa64fb18bb07efcb40ddba5110bb24c8a29d932b:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Verifies that Multi-Factor Authentication (MFA) is enabled for all IAM users with console access in AWS Verifies that Multi-Factor Authentication (MFA) is enabled for all IAM users with console access in AWS
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-mfa-devices.html - https://docs.aws.amazon.com/cli/latest/reference/iam/list-mfa-devices.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,iam,aws-cloud-config tags: cloud,devops,aws,amazon,iam,aws-cloud-config
flow: | flow: |
@ -46,4 +48,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"MFA is no enabled for IAM User " + user' - '"MFA is no enabled for IAM User " + user'
# digest: 4a0a00473045022100f326cf9a9fdd5f737d1126dd4938a233059a58f816e7e75a9a0bbab2f9a5d8230220219f4277870b52c124be28db9d8adfe6b88d2ea8b1570756a3f7772384887eff:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450221008072a04e0f68ee2345d1bfeee304675bc22468a061fd9fa3fbed31279e399640022057efc7bfe58fc41c86be4cfdc0870e4d998282ff71b6d70a3da557cb67cd2d09:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Verifies that IAM SSH public keys are rotated every 90 days, enhancing security and preventing unauthorized access to AWS CodeCommit repositories Verifies that IAM SSH public keys are rotated every 90 days, enhancing security and preventing unauthorized access to AWS CodeCommit repositories
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-ssh-public-keys.html - https://docs.aws.amazon.com/cli/latest/reference/iam/list-ssh-public-keys.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,iam,ssh,aws-cloud-config tags: cloud,devops,aws,amazon,iam,ssh,aws-cloud-config
flow: | flow: |
@ -47,4 +49,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The SSH Public Key " + accesskey +" is older than 90 days"' - '"The SSH Public Key " + accesskey +" is older than 90 days"'
# digest: 490a00463044022017e707c66f9a058bd875e7a516d99585a1be526405545647011958874bd784a702201259fdf89b05b2fa171d789e014fe98d7949010ff420be02f0ef7183565544ef:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502200df47806e0ebcba6e0cbd3e933b7db44c7e85cb3e43bbb634ee48521d2c441e7022100b0694e5404356f0219d841a6ec17f3d756542a0c4137973b21d45dec07f12e47:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable Copy Tags to Snapshots for Aurora clusters via the AWS Management Console or modify the DB cluster to include this feature using AWS CLI. Enable Copy Tags to Snapshots for Aurora clusters via the AWS Management Console or modify the DB cluster to include this feature using AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Copy Tags To Snapshot is not enable for cluster " + cluster' - '"Copy Tags To Snapshot is not enable for cluster " + cluster'
# digest: 490a00463044022017828b27f24bd205df0e6c14c80b4cae52d2f6366dde8c60cc58302d7ca9c8ba022062233631583c3e674bb1daebdb9375c3501900fb1ba9ed7a06d972f8b7265b85:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100bc4ba9d64dbc0cb8bfebf677ff5b05c1eae8736bf8e64544dd8d0fc9b6daa762022100fd690deaf7ba10c756be945828cd76f7a03eb4442aeadf3c2cadf5bdb6f995c9:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable Deletion Protection by modifying the Aurora cluster settings in the AWS Management Console or via the AWS CLI. Enable Deletion Protection by modifying the Aurora cluster settings in the AWS Management Console or via the AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBInstanceDeletionProtection.html - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBInstanceDeletionProtection.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Deletion Protection safety feature is not enabled for " + cluster' - '"Deletion Protection safety feature is not enabled for " + cluster'
# digest: 4b0a00483046022100c1c1ed75c7401266f13e1fc388a357df843c7994ab44ae8f501b14842ab7ec24022100b6c077b49006fb9ca13885abddf6be9c787d64eb415a13972e5fa3ea637792f3:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402203957dae25c011794e69952e0a2122ce835294c72217b3dab63dfb30cec9fb36a02200bcd6f0ed9487a240393aebd0937196c729d98ecf8a3c86cb65a854534da925c:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable IAM Database Authentication for MySQL and PostgreSQL RDS database instances to leverage IAM for secure, token-based access control. Enable IAM Database Authentication for MySQL and PostgreSQL RDS database instances to leverage IAM for secure, token-based access control.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Database Authentication feature is not enabled for RDS database instance " + db' - '"Database Authentication feature is not enabled for RDS database instance " + db'
# digest: 4a0a00473045022100de421600413f2bb3306a9173334cd465c628dd5a198cec9ebe3bf5a373b4479602200bd9a29ac4bc3efe52763411a53243855f599f703baa22c7292da16898754f12:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100c13b8d1e92988ff64fb71594f77d83105a2c8381fb5de3a284e41ee9b5c707940220585d60f323e31b9bc5ad2c72b045b1645c4a1546555f29c1ffb99936519dea83:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable automated backups for RDS instances by setting the backup retention period to a value other than 0. Enable automated backups for RDS instances by setting the backup retention period to a value other than 0.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Automated backups are not enabled for " + db + " RDS database instance"' - '"Automated backups are not enabled for " + db + " RDS database instance"'
# digest: 490a0046304402202cafc27efb26d112eaeeda54182636abc27e1c7d4c685250eee139e6016ad0e00220696ff967f5e74543e24b1f563a48870e20c7a651ebf098221cb3aa53d92d0a4a:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100886ff717bb53ef7b235b73d9d22a861dee9a08a2c196289d611085a7e0418faa02200ad55fc97ce71f4828dc428a743be339174c1fdd6b0e68b4501e0ef6acf6b9de:922c64590222798bb761d5b6d8e72950

View File

@ -11,9 +11,9 @@ info:
Enable Deletion Protection for all Amazon RDS instances via the AWS Management Console or using the AWS CLI. Enable Deletion Protection for all Amazon RDS instances via the AWS Management Console or using the AWS CLI.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -54,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"RDS Deletion protection feature is not enabled for RDS database instance " + db' - '"RDS Deletion protection feature is not enabled for RDS database instance " + db'
# digest: 4b0a00483046022100914032dbc9479e0c23f03d553ff358b24dbb159d2b0e39591c929e1b7392f357022100dd0d109579a0dba307e0e203996af0754cc7d40cf1ef7adb218b01cba7fae2a0:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022038daa8448190d837886c059bdc5c6ac4e48af03bf77572125c2465420d62224a02206ee2419a639762e33d52f890714e4e1dcb9aac3b10882d8accbdfc4e3324d67f:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable encryption for your Amazon RDS instances by modifying the instance and setting the "Storage Encrypted" option to true. For new instances, enable encryption within the launch wizard. Enable encryption for your Amazon RDS instances by modifying the instance and setting the "Storage Encrypted" option to true. For new instances, enable encryption within the launch wizard.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The encryption of data at rest is not enabled for " + db + " RDS database instance"' - '"The encryption of data at rest is not enabled for " + db + " RDS database instance"'
# digest: 4a0a00473045022057333f0cba59e048aec18908bd8cbda6a4ab5398581190a3602a82d1f7f63f140221008c6002f40daa4eef203c0be542377e675dd0b28d3595fa4664449f30f13f325d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022013a493868c5989511d93d8702f49b30f995463ea94c0e0b9bfc859864b301cf3022100e40eecfced944d0776dcc8cc0f6b762902df7fcffc45e727b3a6a2b25630cf79:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Convert RDS instances from Provisioned IOPS to General Purpose SSDs to optimize costs without sacrificing I/O performance for most database workloads. Convert RDS instances from Provisioned IOPS to General Purpose SSDs to optimize costs without sacrificing I/O performance for most database workloads.
reference: reference:
- https://aws.amazon.com/rds/features/storage/ - https://aws.amazon.com/rds/features/storage/
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- 'db + " RDS instance uses Provisioned IOPS SSD, not the most cost-effective storage"' - 'db + " RDS instance uses Provisioned IOPS SSD, not the most cost-effective storage"'
# digest: 4a0a00473045022002f5c7fdd4d9d80a6820cfc1f222bfed3a1d9ad2e9f25cd1ef7757d60774a7dc022100c202e64f627d1aadd2a131aecdc048917a11798572597b382064897ed0848d3d:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402204abe02c1e1c465599d29b1e4d649d7076822a9529f8bd82e2005335f88b3e19402203cfedc9da10ff590c6b8dd01917ebce8b1c58c4c78f6af76e826b94d5aaa50e7:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Modify the snapshot's visibility settings to ensure it is not public, only shared with specific AWS accounts. Modify the snapshot's visibility settings to ensure it is not public, only shared with specific AWS accounts.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"RDS snapshot " + snapshot + " is public"' - '"RDS snapshot " + snapshot + " is public"'
# digest: 4a0a0047304502210081a28e626fa15113ec4728cae1cd78218b292f7c71adc72cdb0b6d957475955302207063c6eda8c853ca2b1041f2751246979a75381a89e64b262b679667da1eb1eb:922c64590222798bb761d5b6d8e72950 # digest: 490a004630440220406064aac939d4deee904e965a39e74b5b6a866aa0120dc7a3ac03683a464fcb02204c1c229f967d74c64b9b3ebc03c6d31678f471305d10f708528996202549111f:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Migrate RDS instances to private subnets within the VPC and ensure proper network ACLs and security group settings are in place to restrict access. Migrate RDS instances to private subnets within the VPC and ensure proper network ACLs and security group settings are in place to restrict access.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets
metadata:
max-request: 3
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -71,4 +72,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- 'db + " RDS instance is setup within a public subnet"' - 'db + " RDS instance is setup within a public subnet"'
# digest: 4b0a00483046022100d05dd8cfd16004c66141210fee94b5b5b1bdca54b4320091e86f7b7d018c336e022100fcf57d954bb32ef2d5eaf09ca000c729ef9d372ef651d5066f8d1a1e6aee8746:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402201e28cc0c54504b565396262e298134db5eda4e445c0dace7e8fea7908536db5a02207fe42a32f0d5dad744c51a08700afaad542699ee0d0e6edcef743ccf825ec3f0:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Review the payment methods on file and retry the reservation purchase for RDS instances to secure discounted rates. Review the payment methods on file and retry the reservation purchase for RDS instances to secure discounted rates.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"RDS Reserved Instance purchase has failed for " + db' - '"RDS Reserved Instance purchase has failed for " + db'
# digest: 4a0a00473045022040705df585fbeec117d8605a7eb385b6fb0ae5cca87f948b79aef51f4a4b5b19022100a62f52ca4c10ab087a8d672d8288e120540531595b354c0663a7b5c7426ee198:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402204a87e8dbc52f8aa2867a09fe762c4eace58048fadd793ae073b556f4814e4e50022013d99683b2f38021dd6593524fc114936c990879b36fe374fde999d9a7764d00:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable encryption for RDS snapshots by using AWS KMS Customer Master Keys (CMKs) for enhanced data security and compliance. Enable encryption for RDS snapshots by using AWS KMS Customer Master Keys (CMKs) for enhanced data security and compliance.
reference: reference:
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_EncryptSnapshot.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_EncryptSnapshot.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,rds,aws-cloud-config tags: cloud,devops,aws,amazon,rds,aws-cloud-config
variables: variables:
region: "ap-northeast-1" region: "ap-northeast-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Amazon RDS database snapshot " + snapshot + " is not encrypted"' - '"Amazon RDS database snapshot " + snapshot + " is not encrypted"'
# digest: 490a0046304402207212f314b007f635435474f0ab2253e018047b2f878450e253223d5daa74da3f022064293bf9b3a736189797d2b46e1ad224dd05fa73dfe1ff2d0531a229ab2c89c5:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402205835b9ea589fc13c9871eb2bb67185366bd4e82f24d8f172fd9f92ba53042e890220604cdbd900e33f44ad4e7dbf7b801719455093a3b1a326b0a06dd364ac6e9528:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
This template verifies if the Server Access Logging feature is enabled for Amazon S3 buckets, which is essential for tracking access requests for security and audit purposes. This template verifies if the Server Access Logging feature is enabled for Amazon S3 buckets, which is essential for tracking access requests for security and audit purposes.
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -46,4 +48,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The S3 bucket " + bucket +" does not have access logging enabled."' - '"The S3 bucket " + bucket +" does not have access logging enabled."'
# digest: 4b0a004830460221009c7c7b0d5efd419b91df9f3a9c18cbb5c3cf3e05586c1a2feaf8e1c1c1b5d5b5022100ac7392ba990a22432ad62945a93d61578dd95013697d6c3aefd30fa5e9decaac:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100fd29baed40f4c511911881ff79e5672f4533dfa6b19e717d05a961de2df470d502202eb21cdb29ae73b3bfbeabf3cb447bdfc777887e9e6a85b5cfe7edb82bba6e81:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Checks if Amazon S3 buckets grant FULL_CONTROL access to authenticated users, preventing unauthorized operations Checks if Amazon S3 buckets grant FULL_CONTROL access to authenticated users, preventing unauthorized operations
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html - https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -46,4 +48,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"FULL_CONTROL is enabled for Authenticated Users on S3 Bucket " + bucket' - '"FULL_CONTROL is enabled for Authenticated Users on S3 Bucket " + bucket'
# digest: 4b0a00483046022100ae50a09843b165ba2fcd9f5fb5774c60c2ba2ca3ec8461b893c6eb47cce50cf8022100ab31d7ca772ca4fdce476fb02441aaae4130fe68605b346dd30bcaa9f2fb0c3d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022030e1999b1896b95b962ca877986fb0cf30c6804d6833dd62593a6f4e679759cc022100e43b6694c7aa13dff4686ad1d99e980cef361871b9267b06da36f2878c923a60:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
This template verifies if Amazon S3 buckets have bucket keys enabled to optimize the cost of AWS Key Management Service (SSE-KMS) for server-side encryption This template verifies if Amazon S3 buckets have bucket keys enabled to optimize the cost of AWS Key Management Service (SSE-KMS) for server-side encryption
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html - https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -46,4 +48,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Key is not enabled for S3 Bucket " + bucket' - '"Key is not enabled for S3 Bucket " + bucket'
# digest: 490a0046304402207628f02f223a9c45013004373f631bfe358fe0898a91b4558b461cdbcb0cb33f02204c02ff4be552778912c6b81a4d7f06b0436bf0facd4066dd1b7b6a60c7fe8727:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502201c522f260419eb69ca4b6a84f00cb91ab124c3bffc1e43e212b56ac15819dbce022100abbef96323f036a8483f553224f7a98cf8c6d5c863ac4faab4ef6b6e7831ab50:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
This template checks if Amazon S3 buckets are configured to prevent public access via bucket policies This template checks if Amazon S3 buckets are configured to prevent public access via bucket policies
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-policy.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-policy.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -54,4 +56,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The S3 bucket " + bucket +" is publicly accessible via Policy"' - '"The S3 bucket " + bucket +" is publicly accessible via Policy"'
# digest: 4b0a004830460221009b48d546c9c75d61879e6371e646807f994d64408c3f84d48c9a9b344b9743410221009ed66db2acf2d13fb22b03344e70b7679191e4d76de5615fb69753c02d49306d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502204fae5eb6e1f955f5a9d53c8f30d1d5fb8742e57e0c2ee96f342abbaa4e2c86fd022100dce6a398ef04206209cf3fc4714c9a933458aca9558d8387e8b42a0aabcc0c57:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
This template verifies that Amazon S3 buckets are configured with Multi-Factor Authentication (MFA) Delete feature, ensuring enhanced protection against unauthorized deletion of versioned objects This template verifies that Amazon S3 buckets are configured with Multi-Factor Authentication (MFA) Delete feature, ensuring enhanced protection against unauthorized deletion of versioned objects
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-versioning.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-versioning.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -46,4 +48,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The S3 bucket " + bucket +" is not configured to use MFA Delete feature"' - '"The S3 bucket " + bucket +" is not configured to use MFA Delete feature"'
# digest: 4a0a0047304502207b18bcd326a382b691f9645ba66223e79733146fbaaa7632197a652cb7319085022100d690b22a500eb8036ca670d596ead85d56ce5e576f1147e5e73430a5d49c3765:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502206258e96a2294f4871ad68d7abdd1564bcb2de1c6696b48b399eb483f48b80f6102210083bc2afe82afaa0825a8360e89b22f988e7e989ac57c9f4a1d9f8169a5e6f0bc:922c64590222798bb761d5b6d8e72950

View File

@ -8,6 +8,8 @@ info:
Verifies that Amazon S3 buckets do not permit public 'READ_ACP' (LIST) access to anonymous users, protecting against unauthorized data exposure Verifies that Amazon S3 buckets do not permit public 'READ_ACP' (LIST) access to anonymous users, protecting against unauthorized data exposure
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -47,4 +49,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The S3 bucket " + bucket +" have public READ_ACP access"' - '"The S3 bucket " + bucket +" have public READ_ACP access"'
# digest: 4b0a00483046022100ed3c7c8177b632e1968b920b9eef94ffdc0784d3b4cfef7073e31fa45879d929022100a4515cf3df6e19fdcc7f9c9460074d6310983bbdd4687e83cce86c290cb62c18:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100bcbc17aee844273a0b66faf3957469462eec3e5869547d8652d739501fa028d2022070cd3aa2cf6fcd572dbe1e0e9b989cc1e3a3d25bbe5d7c3f1f45182d0a9047bc:922c64590222798bb761d5b6d8e72950

View File

@ -8,6 +8,8 @@ info:
Verifies that Amazon S3 buckets do not permit public 'READ' (LIST) access to anonymous users, protecting against unauthorized data exposure Verifies that Amazon S3 buckets do not permit public 'READ' (LIST) access to anonymous users, protecting against unauthorized data exposure
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -47,4 +49,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The S3 bucket " + bucket +" have public READ access"' - '"The S3 bucket " + bucket +" have public READ access"'
# digest: 4a0a0047304502210096282cee509cda8603576b6bf36e9726a85cd0e5c7ffbf1a1b521840e04b9a0f022003295ca19e84cf783276bd6c7a2fa978a92543199f6da355ddfb130e465442da:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100c0a9951cf1834f311dda7e8506d77563ca19b261254b07db518196933a224149022073682f61c196ae7d6f8f09f162fa702d05ee6f9e70b813d796517a318b6a3724:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Checks if Amazon S3 buckets are secured against public WRITE_ACP access, preventing unauthorized modifications to access control permissions. Checks if Amazon S3 buckets are secured against public WRITE_ACP access, preventing unauthorized modifications to access control permissions.
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -46,4 +48,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The S3 bucket " + bucket +" have public WRITE_ACP access"' - '"The S3 bucket " + bucket +" have public WRITE_ACP access"'
# digest: 490a004630440220164c9d55d2b50ac44caa26edd47e799e3ec62871676e74736d108a8541f0c2440220136ef5897894c74ad7fb3f936e269b6a777cc4e8f520c42142558990bea8eba9:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402204de77d0507f74d782786aef08b62ecbcf9c82eea8522955eb98af9573cccdeb102206b485a9f8b358d4a10de5c2aa8f2c8a0592eb8a32a757b2cd49de953f7c58de5:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Checks if Amazon S3 buckets are secured against public WRITE access, preventing unauthorized modifications to access control permissions. Checks if Amazon S3 buckets are secured against public WRITE access, preventing unauthorized modifications to access control permissions.
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -46,4 +48,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The S3 bucket " + bucket +" have public WRITE access"' - '"The S3 bucket " + bucket +" have public WRITE access"'
# digest: 490a004630440220795c3882ab9cb8a093b5e2e83c7822aaf15bfe4cff0426f3a6e5743196aa67730220375072f3c8dff6626dd361a31d12615188c7e8bd445e92f41fe755c323cefc22:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100845642c440c897503168e56980b76b3c167ec82fe1804b8302f0b8de3e0b2578022100f876c6d5ef3bb7c84e665b0c31fc7614bf7c9ec46b630fa6cb90f72e7f7f2d78:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
This template verifies if Amazon S3 buckets have server-side encryption enabled for protecting sensitive content at rest, using either AWS S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). This template verifies if Amazon S3 buckets have server-side encryption enabled for protecting sensitive content at rest, using either AWS S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).
reference: reference:
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html - https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -46,4 +48,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The S3 bucket " + bucket +" is not encrypted at rest"' - '"The S3 bucket " + bucket +" is not encrypted at rest"'
# digest: 490a0046304402203e012cd857cace30b445932f893b9bd0f7bc709eec9f6cb5689fd30a520525e0022029cde524c58042593e654d36bfd7dcfb81b9508c534ec7750afe9ff96ad921d1:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100b2f7ec06942729d8e4cd463ded9ad780f70660535ae12edcd5371d8c4726b213022100acc1da483bedd46efe1004ba122b638b7e429dcc291052bb7b784f139af5815d:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
Verifies that Amazon S3 buckets have object versioning enabled, providing a safeguard for recovering overwritten or deleted objects Verifies that Amazon S3 buckets have object versioning enabled, providing a safeguard for recovering overwritten or deleted objects
reference: reference:
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html - https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,s3,aws-cloud-config tags: cloud,devops,aws,amazon,s3,aws-cloud-config
flow: | flow: |
@ -47,4 +49,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Versioning is not enabled for S3 Bucket " + bucket' - '"Versioning is not enabled for S3 Bucket " + bucket'
# digest: 4b0a00483046022100ceb8b6be9871b6b9b57c5aa9add8902c3177845310afee02c6f8acc0cec48331022100fc98d53a049eaf0f8450f979233fffec17fd5c23d4c90fb78e68d8f05869f7d4:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450220188c6eff76e5890e9487a7990ebc939706257a8d168f4e746b7a10b168f69882022100871f34e7125204a00ffb042ccaf984570af3f3a6a2c582613b4e8333a4f3ba87:922c64590222798bb761d5b6d8e72950

View File

@ -8,6 +8,8 @@ info:
This template checks if Amazon SNS topics are configured to prevent public access via topic policies. This template checks if Amazon SNS topics are configured to prevent public access via topic policies.
reference: reference:
- https://docs.aws.amazon.com/sns/latest/api/API_GetTopicAttributes.html - https://docs.aws.amazon.com/sns/latest/api/API_GetTopicAttributes.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,sns,aws-cloud-config tags: cloud,devops,aws,amazon,sns,aws-cloud-config
flow: | flow: |
@ -60,4 +62,5 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"The SNS topic " + topicArn + " is publicly accessible via Policy"' - '"The SNS topic " + topicArn + " is publicly accessible via Policy"'
# digest: 4a0a0047304502200dff8839ea05345d4fbf9399ef0c6b3b5efd891edbfcc049b16f9509cc6147ef022100f333312e0dfe72993ca40c3ad6b5ba91e7237fa0871eb620f2ede5529c5ab328:366f2a24c8eb519f6968bd8801c08ebe
# digest: 4b0a00483046022100cbb02679b206daa0a1138c3c7d400ca3ccf3aea22840064633a6ac54fbe6a44d022100f23545b9fc5cdb35c1c853d68c2cb35904bd22385117daa75cf0923441d212d4:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Restrict Network ACL inbound rules to only allow necessary IP ranges and ports as per the Principle of Least Privilege. Restrict Network ACL inbound rules to only allow necessary IP ranges and ports as per the Principle of Least Privilege.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -60,4 +61,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."' - '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
# digest: 4a0a0047304502200de3239f933f1b468292a1ac4504bc398cad18ac3aa6f2de12357bd0e8a65759022100ee901336ec076eb9058f105f779e66be7bac556e1751713419df333cca4eaddf:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502210090f1a4c3cf579052839a7c17926792dc80956b0a3ef6716f594d5dd3539e0e3f02205c9073431d5ad40af0eeb8a4ee457808e7ecac97f253ab129e5f27b78e4e9377:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Modify NACL outbound rules to limit traffic to only the ports required for legitimate business needs. Modify NACL outbound rules to limit traffic to only the ports required for legitimate business needs.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -60,4 +61,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."' - '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
# digest: 4a0a00473045022021e25dd23124572a8f6dbe6381024f3ecb8f78907d7ba0aafa2eb9c63990e140022100ba7669b283e58bf5b0fd08f3d5501d54221fc7a48b73b088c95330ea4c633f67:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022024d4f02c513a648afb7661835f3744b1696e4866ac46f3be73f69d11264f6c69022100ce93ba9b7fb4b0e9f750ed04fbd68eb6df23e4979ecc05906bd8be9a19bd320e:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Replace NAT instances with Amazon Managed NAT Gateway to ensure high availability and scalability in your VPC network. Replace NAT instances with Amazon Managed NAT Gateway to ensure high availability and scalability in your VPC network.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- 'vpc + " VPC is not using Managed NAT Gateways"' - 'vpc + " VPC is not using Managed NAT Gateways"'
# digest: 4b0a00483046022100f5f55c1da4e2aaca4b9547bf032c91c95a45a559e294e66e3a04343878e6416c022100919f04f7539cccd971883f2ac51a5a40f17c588dc2bb561902f5397715facf2a:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100f15845608859adbcb7bc461874985337e016b6bcb1d26f443fd2a91ff851c9340220694f547d8ddea40af0456426f61944e9ca77f5cffbe76e991099683455728858:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Restrict access to ports 22 and 3389 to trusted IPs or IP ranges to adhere to the Principle of Least Privilege (POLP). Restrict access to ports 22 and 3389 to trusted IPs or IP ranges to adhere to the Principle of Least Privilege (POLP).
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -62,4 +63,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."' - '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
# digest: 4a0a0047304502204e05c381a073d28047bdf9026597e5d331abca5011bbd8887ac323dd2b2983fb02210097ddd0dd706718f37b2c2f54820e543a9c6549883adc31296235e4b04fe04e97:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022028901135e75f8db19081e604cf1a970f707aba8ba33166b67eba938ebd823cf3022100d783804e924a32e191e35df29155fb31db60251900a5b60efe4aefceb91db299:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Update the VPC endpoint's policy to restrict access only to authorized entities and ensure all requests are signed. Update the VPC endpoint's policy to restrict access only to authorized entities and ensure all requests are signed.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -60,4 +61,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"VPC endpoints for " + vpc + "are exposed."' - '"VPC endpoints for " + vpc + "are exposed."'
# digest: 4a0a004730450221009cd9ca7d1c7ce5d6db43cc95291be7e509c29f9ed1c7559ee1aeb31a6579920902206e30e36ec371d03d1c5d805d349458ee43fd27bd65917e4f33050e359de8ea3b:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402200506111e97b28461eceb3c5334265051c3383b8a0eb553d5177f1c6344d933fb0220455e9ba374c56d762b53f3261e06eb79fca8809640330ecac13021f99a98aaed:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Implement VPC endpoints for supported AWS services to secure and optimize connectivity within your VPC, minimizing external access risks. Implement VPC endpoints for supported AWS services to secure and optimize connectivity within your VPC, minimizing external access risks.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"VPC Endpoints Not Deployed in the VPC network " + vpc' - '"VPC Endpoints Not Deployed in the VPC network " + vpc'
# digest: 4a0a004730450220305c7cb9ef27a7249c71a3e30664db9f051b0f5438fe8ce42f2024ea91bfa24e022100e5b9e9b019adf2b1fcfd5121540efdbaf0c5fd39072523eacf41b5a50319666e:922c64590222798bb761d5b6d8e72950 # digest: 4b0a004830460221009cd67a7be189a4090753f24473354d6e9ea5260fefa513d791e762adabe13082022100d3ef3e2c090c022def55697e03a329df0cfb9ef0bba2b3a7e01e1438af444617:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Enable VPC Flow Logs in the AWS Management Console under the VPC dashboard to collect data on IP traffic going to and from network interfaces in your VPC. Enable VPC Flow Logs in the AWS Management Console under the VPC dashboard to collect data on IP traffic going to and from network interfaces in your VPC.
reference: reference:
- https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html - https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -55,4 +56,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- '"Flow Logs feature is not enabled for the VPC " + vpc' - '"Flow Logs feature is not enabled for the VPC " + vpc'
# digest: 4a0a00473045022016d83c316f318298be2c514542422c1a2f3a42517ac740d4b85ca980c9bf4676022100e7af7b416817f374b418962094ee777893f8fed6b17880fea736d1eb6caa38b2:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402204d7a7d1871ae4512c2ddb09b3645f3c6198d9b1a2e3a23f9f6c4b64dd72f50270220375ec12b44621a7a765b301bf627747d6610602e3275091e81cabf53f0a65684:922c64590222798bb761d5b6d8e72950

View File

@ -11,8 +11,9 @@ info:
Monitor VPN tunnel status via the AWS Management Console or CLI. If a tunnel is DOWN, troubleshoot according to AWS documentation and ensure redundancy by configuring multiple tunnels. Monitor VPN tunnel status via the AWS Management Console or CLI. If a tunnel is DOWN, troubleshoot according to AWS documentation and ensure redundancy by configuring multiple tunnels.
reference: reference:
- https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNConnections.html - https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNConnections.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,vpn,aws-cloud-config tags: cloud,devops,aws,amazon,vpn,aws-cloud-config
variables: variables:
region: "us-east-1" region: "us-east-1"
@ -53,4 +54,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- 'vpnid + " VPN tunnel is down"' - 'vpnid + " VPN tunnel is down"'
# digest: 490a0046304402205ecec5a00e3d0521ad5a2e9ac0cebbe83e91d206c2233f683dcd750ff5b3841c02205528afb57d459d2c5075638280afcf53459f71aaeb2a5cabc21c41659d91f510:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100dbcc51ec0d056e6f9a356238c660009c4b4fc8f3664e147b8c98c8a417631463022056928c4b49b652c38428461808244e27882fa7e30c7580d1d67511571d4b9c35:922c64590222798bb761d5b6d8e72950

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
verified: true verified: true
max-request: 1 max-request: 1
tags: cloud,enum,cloud-enum,azure tags: cloud,enum,cloud-enum,azure,dns
self-contained: true self-contained: true
@ -29,5 +29,4 @@ dns:
part: answer part: answer
words: words:
- "IN\tA" - "IN\tA"
# digest: 490a0046304402202d82e21007ea9d2f9d609d5737dc4073c578f37b06b0023c12b39024ed7b63c302203b740c9bff84e6e2e21d0edf1cde2ed9dc4d878a5bf35e6080edfe32cb24fee0:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502206a999e317308128dc9a9f3114f003b2c29cad9f569d6922502a8ac90971cf927022100c4fe9eea1496997e9ef66f8a46c2ece4bd511dede88aaf58d36410be3f2cc758:922c64590222798bb761d5b6d8e72950

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
verified: true verified: true
max-request: 1 max-request: 1
tags: cloud,cloud-enum,azure,fuzz,enum tags: cloud,cloud-enum,azure,fuzz,enum,dns
self-contained: true self-contained: true
@ -63,5 +63,4 @@ dns:
part: answer part: answer
words: words:
- "IN\tA" - "IN\tA"
# digest: 4a0a0047304502210098b015215646fc57a33bf05ec1cd3363b21d9f635738f80193fab1edb1eb41c5022029c97c1df1d99734a1b67093023f2540fc877695c84573d61d3072c6167572ab:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402200614bd35195e042742d9840244b46d9f68e4918956d5672a7549edaedbfe5f2e022051271716ac72339c39f76569585c0a256b19ce6238da5e3ea6a9d36b2d80011e:922c64590222798bb761d5b6d8e72950

View File

@ -25,7 +25,7 @@ info:
max-request: 2 max-request: 2
vendor: sudo_project vendor: sudo_project
product: sudo product: sudo
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical,sudo_project
self-contained: true self-contained: true
code: code:
@ -47,4 +47,4 @@ code:
- '!contains(code_1_response, "root")' - '!contains(code_1_response, "root")'
- 'contains(code_2_response, "root")' - 'contains(code_2_response, "root")'
condition: and condition: and
# digest: 4a0a0047304502204e166f9afc32a9e3f2aa20cf10f4dc7c4ccc6d9ecfb25279db42ee4884fd9a09022100e24c0145e3cb670939ecba31b847513224c52277827290d7358cd3b5e8531825:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402207c6a17c6dcfa5e1c0705af985ede699d418ae7488b1f1a1d29faf8b7dcc7e8920220008d95bc160ad21eb5224ab61a5f4ffc0c7ae1d1b6513f4add54a8e1624df386:922c64590222798bb761d5b6d8e72950

View File

@ -24,7 +24,7 @@ info:
verified: true verified: true
vendor: sudo_project vendor: sudo_project
product: sudo product: sudo
tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev,sudo_project
self-contained: true self-contained: true
code: code:
@ -40,4 +40,4 @@ code:
- "malloc(): memory corruption" - "malloc(): memory corruption"
- "Aborted (core dumped)" - "Aborted (core dumped)"
condition: and condition: and
# digest: 4a0a0047304502204de6d29ee97c296f1046225fd664237cb80c163370f316bfa2c0174718fa0654022100cbd49f46b75314934af75dde946dbe4a3d135d87368f2dead3b9b2fa40bb839b:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100b0e1b0f8d02b42918c0845dc5e5d78fc1c8d9a16120a30c0607392239fd7acc1022000b3670974ad0b3ae3912068b5315a610b9a2e6028401acf310cc430a4d9facc:922c64590222798bb761d5b6d8e72950

View File

@ -29,6 +29,7 @@ info:
max-request: 2 max-request: 2
vendor: canonical vendor: canonical
product: ubuntu_linux product: ubuntu_linux
shodan-query: cpe:"cpe:2.3:o:canonical:ubuntu_linux"
tags: cve,cve2023,code,packetstorm,kernel,ubuntu,linux,privesc,local,canonical tags: cve,cve2023,code,packetstorm,kernel,ubuntu,linux,privesc,local,canonical
self-contained: true self-contained: true
@ -54,4 +55,4 @@ code:
- '!contains(code_1_response, "(root)")' - '!contains(code_1_response, "(root)")'
- 'contains(code_2_response, "(root)")' - 'contains(code_2_response, "(root)")'
condition: and condition: and
# digest: 490a004630440220115656a336b2d20b4c44fe1ade030de40d947cf0fd7fb8f8a5a910dca2ab200602205ead45f6f081b3555a7924050cd922e13d30139e64254790b1368627d59b4389:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100f71ea7f284c92f61ede41dec7bf632da2b6f19950112c01dc700e8ad877d5e6e0221009569eafc6aacde58eeb2243f2af58f3e80fc23ae5631b894d03b5a17be1d7201:922c64590222798bb761d5b6d8e72950

View File

@ -17,14 +17,18 @@ info:
cvss-score: 9.8 cvss-score: 9.8
cve-id: CVE-2023-49105 cve-id: CVE-2023-49105
cwe-id: CWE-287 cwe-id: CWE-287
epss-score: 0.21237 epss-score: 0.18166
epss-percentile: 0.96302 epss-percentile: 0.96172
cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:* cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
metadata: metadata:
max-request: 2 max-request: 2
vendor: owncloud vendor: owncloud
product: owncloud product: owncloud
shodan-query: title:"owncloud" shodan-query:
- title:"owncloud"
- http.title:"owncloud"
fofa-query: title="owncloud"
google-query: intitle:"owncloud"
tags: cve,cve2023,code,owncloud,auth-bypass tags: cve,cve2023,code,owncloud,auth-bypass
variables: variables:
username: admin username: admin
@ -86,4 +90,4 @@ http:
- type: dsl - type: dsl
dsl: dsl:
- '"Username => "+ username' - '"Username => "+ username'
# digest: 490a00463044022036740507180fa43831d3d59a5ccaae05fa1108c27c42a19564fa3f0fc5da439f02205a94a9cbb26731a679d9d39a80c72ff0ff1c48346680963d6aa05f94de9b2e95:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100cd75893be6bdbdd291261de98eaaf9655419b306536c647069f97bc6b71ddbe2022029ba873b1e50b5a01e59c18aaa95b53a8217ef58ccec9e655b60d8dfc63259eb:922c64590222798bb761d5b6d8e72950

View File

@ -24,7 +24,7 @@ info:
max-request: 1 max-request: 1
vendor: gnu vendor: gnu
product: glibc product: glibc
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev,gnu
self-contained: true self-contained: true
code: code:
@ -39,4 +39,4 @@ code:
- type: word - type: word
words: words:
- "139" # Segmentation Fault Exit Code - "139" # Segmentation Fault Exit Code
# digest: 4a0a00473045022100f0ab74cd6ae5323c4a571e6c858cbbb8ced3b3b2b8dbb8d8c65b380a03a28f8302203aced1de4878bced98bb7d6bd296b9187a2d4795325e1f62debb338f363295f5:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402202d08133fa6531aad4e00eb212908470e14839334ed5db3de00407ea2cee249660220021a38d5d167fb379028d9c9f8fecd46d3360fd546c566ad3767be0e9913cca4:922c64590222798bb761d5b6d8e72950

View File

@ -24,7 +24,7 @@ info:
max-request: 1 max-request: 1
vendor: gnu vendor: gnu
product: glibc product: glibc
tags: cve,cve2023,code,glibc,linux,privesc,local tags: cve,cve2023,code,glibc,linux,privesc,local,gnu
self-contained: true self-contained: true
code: code:
@ -39,4 +39,4 @@ code:
- type: word - type: word
words: words:
- "127" # Segmentation Fault Exit Code - "127" # Segmentation Fault Exit Code
# digest: 490a0046304402204e884ed16aed759a6b31c001e50ee4aed4db45f060d3335e1b6f28935eae4135022051929119a0bf2eac944500d98af2720a6ff835dcb875f35cc6390fbdf47c8bda:922c64590222798bb761d5b6d8e72950 # digest: 4b0a004830460221009a919cd26f6c36adc91930b301d7861d1049bb0bc1222498a4f3115bc53ff10a022100954ecf5dc41c3dad43fb10d639f353368aed51b849f59d1b23462b1a02ab86a1:922c64590222798bb761d5b6d8e72950

View File

@ -24,7 +24,7 @@ info:
verified: true verified: true
vendor: tukaani vendor: tukaani
product: xz product: xz
tags: cve,cve2024,local,code,xz,backdoor tags: cve,cve2024,local,code,xz,backdoor,tukaani
self-contained: true self-contained: true
code: code:
@ -59,4 +59,4 @@ code:
- type: dsl - type: dsl
dsl: dsl:
- response - response
# digest: 4b0a00483046022100ac6864410c93e586885b4473cebffd245bb5c0448e7ece0ab162f92f0ecfe4f302210092315c5373e9393c838e7b5e78d7dbc755ccaf673efdb536ec799630299352e3:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100ff27fd00a95152d34d7bfd96983b912ed0539184f94ee57f0fc4446451a0536402203929b77426326e3cb6baa2e5afcf3bdf3cf73bd93195f7ed2432dede184b3ff6:922c64590222798bb761d5b6d8e72950

View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
verified: true verified: true
max-request: 3 max-request: 3
tags: code,linux,sqlite3,privesc,local tags: code,linux,sqlite3,privesc,local,sqli
self-contained: true self-contained: true
code: code:
@ -46,4 +46,4 @@ code:
- 'contains(code_2_response, "root")' - 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")' - 'contains(code_3_response, "root")'
condition: or condition: or
# digest: 4a0a00473045022022a00ad1518880dc881748fd331a8f7a3c599927934d342c7221c5ecccd445c1022100cff484fd929a67261efcef2917d8976308c8062ca11652d78b36b40c195c08aa:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100aa56cf60985d9b7af0481de9704b276f7dfb4729c6247f40e41e195c36dbfe51022100a36990c84dd3cc92747016bf36d3c1eb1fddbec3e40c312393abde1d75d1489f:922c64590222798bb761d5b6d8e72950

View File

@ -1372,6 +1372,8 @@
{"ID":"CVE-2021-37589","Info":{"Name":"Virtua Software Cobranca \u003c12R - Blind SQL Injection","Severity":"high","Description":"Virtua Cobranca before 12R allows blind SQL injection on the login page.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37589.yaml"} {"ID":"CVE-2021-37589","Info":{"Name":"Virtua Software Cobranca \u003c12R - Blind SQL Injection","Severity":"high","Description":"Virtua Cobranca before 12R allows blind SQL injection on the login page.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37589.yaml"}
{"ID":"CVE-2021-37704","Info":{"Name":"phpfastcache - phpinfo Resource Exposure","Severity":"medium","Description":"phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2021/CVE-2021-37704.yaml"} {"ID":"CVE-2021-37704","Info":{"Name":"phpfastcache - phpinfo Resource Exposure","Severity":"medium","Description":"phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2021/CVE-2021-37704.yaml"}
{"ID":"CVE-2021-37833","Info":{"Name":"Hotel Druid 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37833.yaml"} {"ID":"CVE-2021-37833","Info":{"Name":"Hotel Druid 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37833.yaml"}
{"ID":"CVE-2021-38146","Info":{"Name":"Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download","Severity":"high","Description":"The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-38146.yaml"}
{"ID":"CVE-2021-38147","Info":{"Name":"Wipro Holmes Orchestrator 20.4.1 - Information Disclosure","Severity":"high","Description":"Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-38147.yaml"}
{"ID":"CVE-2021-38314","Info":{"Name":"WordPress Redux Framework \u003c=4.2.11 - Information Disclosure","Severity":"medium","Description":"WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 hash of the site URL with a known salt value of -redux and an md5 hash of the previous hash with a known salt value of -support. An attacker can potentially employ these AJAX actions to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of the site's AUTH_KEY concatenated with the SECURE_AUTH_KEY.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-38314.yaml"} {"ID":"CVE-2021-38314","Info":{"Name":"WordPress Redux Framework \u003c=4.2.11 - Information Disclosure","Severity":"medium","Description":"WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 hash of the site URL with a known salt value of -redux and an md5 hash of the previous hash with a known salt value of -support. An attacker can potentially employ these AJAX actions to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of the site's AUTH_KEY concatenated with the SECURE_AUTH_KEY.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-38314.yaml"}
{"ID":"CVE-2021-38540","Info":{"Name":"Apache Airflow - Unauthenticated Variable Import","Severity":"critical","Description":"Apache Airflow Airflow \u003e=2.0.0 and \u003c2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-38540.yaml"} {"ID":"CVE-2021-38540","Info":{"Name":"Apache Airflow - Unauthenticated Variable Import","Severity":"critical","Description":"Apache Airflow Airflow \u003e=2.0.0 and \u003c2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-38540.yaml"}
{"ID":"CVE-2021-38647","Info":{"Name":"Microsoft Open Management Infrastructure - Remote Code Execution","Severity":"critical","Description":"Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-38647.yaml"} {"ID":"CVE-2021-38647","Info":{"Name":"Microsoft Open Management Infrastructure - Remote Code Execution","Severity":"critical","Description":"Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-38647.yaml"}
@ -1789,7 +1791,6 @@
{"ID":"CVE-2022-31846","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31846.yaml"} {"ID":"CVE-2022-31846","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31846.yaml"}
{"ID":"CVE-2022-31847","Info":{"Name":"WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure","Severity":"high","Description":"WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31847.yaml"} {"ID":"CVE-2022-31847","Info":{"Name":"WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure","Severity":"high","Description":"WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31847.yaml"}
{"ID":"CVE-2022-31854","Info":{"Name":"Codoforum 5.1 - Arbitrary File Upload","Severity":"high","Description":"Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31854.yaml"} {"ID":"CVE-2022-31854","Info":{"Name":"Codoforum 5.1 - Arbitrary File Upload","Severity":"high","Description":"Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31854.yaml"}
{"ID":"CVE-2022-31879","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-31879.yaml"}
{"ID":"CVE-2022-31974","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports\u0026date=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31974.yaml"} {"ID":"CVE-2022-31974","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports\u0026date=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31974.yaml"}
{"ID":"CVE-2022-31975","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31975.yaml"} {"ID":"CVE-2022-31975","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31975.yaml"}
{"ID":"CVE-2022-31976","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31976.yaml"} {"ID":"CVE-2022-31976","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31976.yaml"}
@ -2181,6 +2182,7 @@
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"} {"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web applications security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"} {"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web applications security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
{"ID":"CVE-2023-35158","Info":{"Name":"XWiki - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: \u003e /xwiki/bin/view/XWiki/Main?xpage=restore\u0026showBatch=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35158.yaml"} {"ID":"CVE-2023-35158","Info":{"Name":"XWiki - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: \u003e /xwiki/bin/view/XWiki/Main?xpage=restore\u0026showBatch=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35158.yaml"}
{"ID":"CVE-2023-35162","Info":{"Name":"XWiki \u003c 14.10.5 - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is vulnerable to reflected XSS via the previewactions template. An attacker can inject JavaScript through the xcontinue parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35162.yaml"}
{"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"} {"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"} {"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"} {"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
@ -2208,6 +2210,7 @@
{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"} {"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
{"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"} {"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"} {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
{"ID":"CVE-2023-38194","Info":{"Name":"SuperWebMailer - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38194.yaml"}
{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"} {"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"} {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"} {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
@ -2271,6 +2274,7 @@
{"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"} {"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"}
{"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"} {"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
{"ID":"CVE-2023-43374","Info":{"Name":"Hoteldruid v3.0.5 - SQL Injection","Severity":"critical","Description":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43374.yaml"} {"ID":"CVE-2023-43374","Info":{"Name":"Hoteldruid v3.0.5 - SQL Injection","Severity":"critical","Description":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43374.yaml"}
{"ID":"CVE-2023-43472","Info":{"Name":"MLFlow \u003c 2.8.1 - Sensitive Information Disclosure","Severity":"high","Description":"An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43472.yaml"}
{"ID":"CVE-2023-43795","Info":{"Name":"GeoServer WPS - Server Side Request Forgery","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43795.yaml"} {"ID":"CVE-2023-43795","Info":{"Name":"GeoServer WPS - Server Side Request Forgery","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43795.yaml"}
{"ID":"CVE-2023-4415","Info":{"Name":"Ruijie RG-EW1200G Router Background - Login Bypass","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4415.yaml"} {"ID":"CVE-2023-4415","Info":{"Name":"Ruijie RG-EW1200G Router Background - Login Bypass","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4415.yaml"}
{"ID":"CVE-2023-44352","Info":{"Name":"Adobe Coldfusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44352.yaml"} {"ID":"CVE-2023-44352","Info":{"Name":"Adobe Coldfusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44352.yaml"}
@ -2302,7 +2306,7 @@
{"ID":"CVE-2023-47643","Info":{"Name":"SuiteCRM Unauthenticated Graphql Introspection","Severity":"medium","Description":"Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-47643.yaml"} {"ID":"CVE-2023-47643","Info":{"Name":"SuiteCRM Unauthenticated Graphql Introspection","Severity":"medium","Description":"Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-47643.yaml"}
{"ID":"CVE-2023-48023","Info":{"Name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","Severity":"high","Description":"The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-48023.yaml"} {"ID":"CVE-2023-48023","Info":{"Name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","Severity":"high","Description":"The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-48023.yaml"}
{"ID":"CVE-2023-48084","Info":{"Name":"Nagios XI \u003c 5.11.3 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-48084.yaml"} {"ID":"CVE-2023-48084","Info":{"Name":"Nagios XI \u003c 5.11.3 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-48084.yaml"}
{"ID":"CVE-2023-48777","Info":{"Name":"WordPress Elementor 3.18.1 - File Upload/Remote Code Execution","Severity":"critical","Description":"The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-48777.yaml"} {"ID":"CVE-2023-48777","Info":{"Name":"WordPress Elementor 3.18.1 - File Upload/Remote Code Execution","Severity":"critical","Description":"The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-48777.yaml"}
{"ID":"CVE-2023-49070","Info":{"Name":"Apache OFBiz \u003c 18.12.10 - Arbitrary Code Execution","Severity":"critical","Description":"Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-49070.yaml"} {"ID":"CVE-2023-49070","Info":{"Name":"Apache OFBiz \u003c 18.12.10 - Arbitrary Code Execution","Severity":"critical","Description":"Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-49070.yaml"}
{"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"} {"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"} {"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
@ -2336,10 +2340,12 @@
{"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"} {"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"}
{"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"} {"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"}
{"ID":"CVE-2023-6389","Info":{"Name":"WordPress Toolbar \u003c= 2.2.6 - Open Redirect","Severity":"medium","Description":"The plugin redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6389.yaml"} {"ID":"CVE-2023-6389","Info":{"Name":"WordPress Toolbar \u003c= 2.2.6 - Open Redirect","Severity":"medium","Description":"The plugin redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6389.yaml"}
{"ID":"CVE-2023-6505","Info":{"Name":"Prime Mover \u003c 1.9.3 - Sensitive Data Exposure","Severity":"high","Description":"Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and configuration information, directories, files, and password hashes.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6505.yaml"}
{"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"} {"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"}
{"ID":"CVE-2023-6567","Info":{"Name":"LearnPress \u003c= 4.2.5.7 - SQL Injection","Severity":"high","Description":"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6567.yaml"} {"ID":"CVE-2023-6567","Info":{"Name":"LearnPress \u003c= 4.2.5.7 - SQL Injection","Severity":"high","Description":"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6567.yaml"}
{"ID":"CVE-2023-6623","Info":{"Name":"Essential Blocks \u003c 4.4.3 - Local File Inclusion","Severity":"critical","Description":"Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6623.yaml"} {"ID":"CVE-2023-6623","Info":{"Name":"Essential Blocks \u003c 4.4.3 - Local File Inclusion","Severity":"critical","Description":"Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6623.yaml"}
{"ID":"CVE-2023-6634","Info":{"Name":"LearnPress \u003c 4.2.5.8 - Remote Code Execution","Severity":"critical","Description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6634.yaml"} {"ID":"CVE-2023-6634","Info":{"Name":"LearnPress \u003c 4.2.5.8 - Remote Code Execution","Severity":"critical","Description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6634.yaml"}
{"ID":"CVE-2023-6786","Info":{"Name":"Payment Gateway for Telcell \u003c 2.0.4 - Open Redirect","Severity":"medium","Description":"The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-6786.yaml"}
{"ID":"CVE-2023-6831","Info":{"Name":"mlflow - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-6831.yaml"} {"ID":"CVE-2023-6831","Info":{"Name":"mlflow - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-6831.yaml"}
{"ID":"CVE-2023-6875","Info":{"Name":"WordPress POST SMTP Mailer \u003c= 2.8.7 - Authorization Bypass","Severity":"critical","Description":"The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6875.yaml"} {"ID":"CVE-2023-6875","Info":{"Name":"WordPress POST SMTP Mailer \u003c= 2.8.7 - Authorization Bypass","Severity":"critical","Description":"The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6875.yaml"}
{"ID":"CVE-2023-6895","Info":{"Name":"Hikvision IP ping.php - Command Execution","Severity":"critical","Description":"A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"} {"ID":"CVE-2023-6895","Info":{"Name":"Hikvision IP ping.php - Command Execution","Severity":"critical","Description":"A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"}
@ -2351,6 +2357,7 @@
{"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"} {"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"}
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"} {"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
{"ID":"CVE-2024-0235","Info":{"Name":"EventON (Free \u003c 2.2.8, Premium \u003c 4.5.5) - Information Disclosure","Severity":"medium","Description":"The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-0235.yaml"} {"ID":"CVE-2024-0235","Info":{"Name":"EventON (Free \u003c 2.2.8, Premium \u003c 4.5.5) - Information Disclosure","Severity":"medium","Description":"The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-0235.yaml"}
{"ID":"CVE-2024-0250","Info":{"Name":"Analytics Insights for Google Analytics 4 \u003c 6.3 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0250.yaml"}
{"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"} {"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"}
{"ID":"CVE-2024-0337","Info":{"Name":"Travelpayouts \u003c= 1.1.16 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0337.yaml"} {"ID":"CVE-2024-0337","Info":{"Name":"Travelpayouts \u003c= 1.1.16 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0337.yaml"}
{"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"} {"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
@ -2380,6 +2387,7 @@
{"ID":"CVE-2024-22927","Info":{"Name":"eyoucms v.1.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-22927.yaml"} {"ID":"CVE-2024-22927","Info":{"Name":"eyoucms v.1.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-22927.yaml"}
{"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"} {"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"}
{"ID":"CVE-2024-2340","Info":{"Name":"Avada \u003c 7.11.7 - Information Disclosure","Severity":"medium","Description":"The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-2340.yaml"} {"ID":"CVE-2024-2340","Info":{"Name":"Avada \u003c 7.11.7 - Information Disclosure","Severity":"medium","Description":"The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-2340.yaml"}
{"ID":"CVE-2024-23692","Info":{"Name":"Rejetto HTTP File Server - Template injection","Severity":"critical","Description":"This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23692.yaml"}
{"ID":"CVE-2024-2389","Info":{"Name":"Progress Kemp Flowmon - Command Injection","Severity":"critical","Description":"In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-2389.yaml"} {"ID":"CVE-2024-2389","Info":{"Name":"Progress Kemp Flowmon - Command Injection","Severity":"critical","Description":"In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-2389.yaml"}
{"ID":"CVE-2024-23917","Info":{"Name":"JetBrains TeamCity \u003e 2023.11.3 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23917.yaml"} {"ID":"CVE-2024-23917","Info":{"Name":"JetBrains TeamCity \u003e 2023.11.3 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23917.yaml"}
{"ID":"CVE-2024-24131","Info":{"Name":"SuperWebMailer 9.31.0.01799 - Cross-Site Scripting","Severity":"medium","Description":"SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-24131.yaml"} {"ID":"CVE-2024-24131","Info":{"Name":"SuperWebMailer 9.31.0.01799 - Cross-Site Scripting","Severity":"medium","Description":"SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-24131.yaml"}
@ -2422,6 +2430,7 @@
{"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"} {"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"}
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"} {"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}
{"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"} {"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"}
{"ID":"CVE-2024-4577","Info":{"Name":"PHP CGI - Argument Injection","Severity":"critical","Description":"PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4577.yaml"}
{"ID":"CVE-2024-4956","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Local File Inclusion","Severity":"high","Description":"Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-4956.yaml"} {"ID":"CVE-2024-4956","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Local File Inclusion","Severity":"high","Description":"Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-4956.yaml"}
{"ID":"CVE-2024-5230","Info":{"Name":"FleetCart 4.1.1 - Information Disclosure","Severity":"medium","Description":"Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the \"Razorpay\" \"razorpayKeyId\".\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-5230.yaml"} {"ID":"CVE-2024-5230","Info":{"Name":"FleetCart 4.1.1 - Information Disclosure","Severity":"medium","Description":"Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the \"Razorpay\" \"razorpayKeyId\".\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-5230.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"} {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}

View File

@ -1 +1 @@
b850ce0a43b8e25fcc5d4b47a2edd438 ccfb062d74fe49f673c3566b7bedbb47

View File

@ -17,6 +17,7 @@ info:
cve-id: CVE-2018-19518 cve-id: CVE-2018-19518
cwe-id: CWE-88 cwe-id: CWE-88
metadata: metadata:
max-request: 1
confidence: tenative confidence: tenative
tags: imap,dast,vulhub,cve,cve2018,rce,oast,php tags: imap,dast,vulhub,cve,cve2018,rce,oast,php
@ -46,4 +47,4 @@ http:
part: interactsh_request part: interactsh_request
words: words:
- "User-Agent: curl" - "User-Agent: curl"
# digest: 4a0a00473045022100af7a090c8826b8f7eb0934a5a130dc05780441afce33b5e31dda44213d47691e02205499f8bad4923cabbddd841491363890751a97b823905e848b6ed457c4d2ecab:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502201f31f8ec34e95d06649fe4f66b2a6d12228cfb9ee6419361b4fded4af16c0e40022100d8f11206e0687b2d6aaa0982697f3ec62313b744167209f819487b74b40df159:922c64590222798bb761d5b6d8e72950

View File

@ -17,6 +17,7 @@ info:
cve-id: CVE-2021-45046 cve-id: CVE-2021-45046
cwe-id: CWE-502 cwe-id: CWE-502
metadata: metadata:
max-request: 1
confidence: tenative confidence: tenative
tags: cve,cve2021,rce,oast,log4j,injection,dast tags: cve,cve2021,rce,oast,log4j,injection,dast
@ -59,4 +60,4 @@ http:
group: 1 group: 1
regex: regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
# digest: 4a0a00473045022036888452035d1bfa69cbc32805393a712fdcd5595224466cc327e681ba5ef5770221008096d4d19c6975ad5bd44b06d4bc1cdfd0746570cb65c17c50cf4eb2e8a7b10d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502200467421a3a87f908e224035a2fdc0fb73bd7d08eecf66f046a0d240588621b35022100b03c60899e681e43c7b4a94df8b13f392e82abc07c9dfc12f41ba3028d9b3038:922c64590222798bb761d5b6d8e72950

View File

@ -6,19 +6,20 @@ info:
severity: critical severity: critical
description: | description: |
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
reference: reference:
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om - https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
- http://www.openwall.com/lists/oss-security/2022/10/13/4 - http://www.openwall.com/lists/oss-security/2022/10/13/4
- http://www.openwall.com/lists/oss-security/2022/10/18/1 - http://www.openwall.com/lists/oss-security/2022/10/18/1
- https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/ - https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
- https://github.com/silentsignal/burp-text4shell - https://github.com/silentsignal/burp-text4shell
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
cve-id: CVE-2022-42889 cve-id: CVE-2022-42889
cwe-id: CWE-94 cwe-id: CWE-94
metadata: metadata:
max-request: 1
confidence: tenative confidence: tenative
tags: cve,cve2022,rce,oast,text4shell,dast tags: cve,cve2022,rce,oast,text4shell,dast
@ -65,4 +66,4 @@ http:
group: 1 group: 1
regex: regex:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
# digest: 4a0a00473045022100adec8de25b518a2bc2dec461a62f19c384ddac2951bd98b9ec21df05061c84d9022013f544b276c203c4846921eddf8c0be1a997fd68f5d3c8b8ff71f02873788aed:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100e9bdde7ed78042f12c288dcd94dfa4c5ffbf89b2a02783733b4b129e589296aa02202d2ddef37d3aadf3ca90725eb0718fd6115f2528a2517b612e9f1c1c5598ee89:922c64590222798bb761d5b6d8e72950

View File

@ -10,6 +10,8 @@ info:
reference: reference:
- https://portswigger.net/research/hunting-asynchronous-vulnerabilities - https://portswigger.net/research/hunting-asynchronous-vulnerabilities
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
metadata:
max-request: 4
tags: cmdi,oast,dast,blind,polyglot tags: cmdi,oast,dast,blind,polyglot
variables: variables:
@ -45,4 +47,4 @@ http:
part: interactsh_protocol part: interactsh_protocol
words: words:
- "http" - "http"
# digest: 490a00463044022058dacdd25a0687edf873bcfed32eb383e77deb0e9ea9673e111501121429df2702202005d54354bf6a06cd873145dea3139f0b094a3baad9e7313fd9d65ef7b31876:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100dae6b9cabb8758e509dbba100f4df5f2372bdcad798fb059c701f05913f90ef202202f043730c663c513439af2ea02f13a86704c53b728b584e3ffaf148070eb9d40:922c64590222798bb761d5b6d8e72950

View File

@ -9,6 +9,8 @@ info:
reference: reference:
- https://bishopfox.com/blog/ruby-vulnerabilities-exploits - https://bishopfox.com/blog/ruby-vulnerabilities-exploits
- https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/ - https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
metadata:
max-request: 1
tags: cmdi,oast,dast,blind,ruby,rce tags: cmdi,oast,dast,blind,ruby,rce
variables: variables:
@ -35,4 +37,4 @@ http:
part: interactsh_protocol part: interactsh_protocol
words: words:
- "dns" - "dns"
# digest: 490a0046304402206aa8aaaae832c775eb192a6fa98138271fa21bc2ac34b3881f0e06d24fb48f78022040513ba5b73cbfb5fe42c3a312ae9d8e76fb0d6f942ad7bcfe8dfff4f173d00c:922c64590222798bb761d5b6d8e72950 # digest: 490a004630440220424a72be2b73d7cb1af746905a58c5e09a4f4a4a4b1426742a5cf4f958f0ba6a02200a7a101e4035dee4feaadf003a37eb1e4d8f3ecca542337e5dc9767075863334:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
reference: reference:
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/ - https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm - https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
metadata:
max-request: 1
tags: reflected,dast,cookie,injection tags: reflected,dast,cookie,injection
variables: variables:
@ -33,4 +35,4 @@ http:
part: header part: header
regex: regex:
- '(?m)(?i)(^set-cookie.*cookie_injection.*)' - '(?m)(?i)(^set-cookie.*cookie_injection.*)'
# digest: 4a0a00473045022100af6e35a8b4c4d4533e339e81393faed157da2e68144557ca3fe73fb16178919c022073127c1b729ab0c8c273cbc022b2aca2b7a91a6c4c314633a20059e6b10e22ed:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450221008e8261dd2cb7d91b396e9113182736c74c9d2bf320de2e64cb7f21012c6a8eff022014e9227dd17849eac076639e72ffe2e84da4bb5b4b01cffb95771968b4f0ad21:922c64590222798bb761d5b6d8e72950

View File

@ -4,6 +4,8 @@ info:
name: CRLF Injection name: CRLF Injection
author: pdteam author: pdteam
severity: low severity: low
metadata:
max-request: 41
tags: crlf,dast tags: crlf,dast
http: http:
@ -68,4 +70,4 @@ http:
part: header part: header
regex: regex:
- '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)' - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
# digest: 4b0a00483046022100cb88bef820fa9247bc7ddc126d8bb67c4d2371c0b4a33f64b4caa5360007f1750221009ea9e7de7dc5fe7e75cf9d215a9c2d9e3323f2caa40b7c4b39cf214f661cce48:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022000c5e1faa6655bbb3adcbba890473900bb1a7ea522bbee7684da04fcd58ad613022100c3dffcd18d8133aebdad962d7013490ca3e90c50a0cfdf684c5ac54ab0ad2e34:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: unknown severity: unknown
reference: reference:
- https://owasp.org/www-community/attacks/Unicode_Encoding - https://owasp.org/www-community/attacks/Unicode_Encoding
metadata:
max-request: 25
tags: dast,pathtraversal,lfi tags: dast,pathtraversal,lfi
variables: variables:
@ -117,4 +119,4 @@ http:
part: body part: body
regex: regex:
- '(<system.webServer[\s\S]+<\/system.webServer>)' - '(<system.webServer[\s\S]+<\/system.webServer>)'
# digest: 4b0a004830460221008cfcfdf2c3bffd887bfe964b433efe76af72df0f94ecea20ec1917cd00641c0f022100874e6ff747dbd4fa96124d034a126534558b56a7c317b32525e3d08199409065:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402204f25e304b713186e620bc4448b9277a9874b77763bbf31e8b099b97bbcab85c702207be12ef346bdc11f03b226da7811a9f0fccbf6dc7e818020cdd707dade3c7508:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
reference: reference:
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
metadata:
max-request: 46
tags: lfi,dast,linux tags: lfi,dast,linux
http: http:
@ -77,4 +79,4 @@ http:
part: body part: body
regex: regex:
- 'root:.*:0:0:' - 'root:.*:0:0:'
# digest: 4b0a00483046022100a1e70a22bc4f17a046a9b366a9015608da82f88439ab75d052b64088a7009da8022100e29c115d86b47951f1da2fb56d7953ec1e59e93d86b70d24d34ad8c14ad3064d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502206c53383c7a148e9311173ee5bb2bf1177386db240eff9b2f6d8256e88cbf5f1a022100ddb39020f7957af58c62c6ec59c7094277c8193e4ab089cd4cce994da4d140d8:922c64590222798bb761d5b6d8e72950

View File

@ -4,6 +4,8 @@ info:
name: Local File Inclusion - Windows name: Local File Inclusion - Windows
author: pussycat0x author: pussycat0x
severity: high severity: high
metadata:
max-request: 39
tags: lfi,windows,dast tags: lfi,windows,dast
http: http:
@ -70,4 +72,4 @@ http:
- "fonts" - "fonts"
- "extensions" - "extensions"
condition: and condition: and
# digest: 490a00463044022061480301387935155bae9c0e84b58e21d4d9f1051b2e5fd9954c1397fdd9b67202204b03f96125fa3991ac2a30b43dac7a140a9ec509131b4203cd15efe2179f3b4a:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100a6f8ee294173fc629f71ec9dfe9c61ad2fbec55dce015a895d126264c15db4f902204dd04d624e3dd7f4bc7cec991d5d87df7c33db24bf681c23b6f18564abfbf644:922c64590222798bb761d5b6d8e72950

View File

@ -4,6 +4,8 @@ info:
name: Open Redirect Detection name: Open Redirect Detection
author: princechaddha,AmirHossein Raeisi author: princechaddha,AmirHossein Raeisi
severity: medium severity: medium
metadata:
max-request: 1
tags: redirect,dast tags: redirect,dast
http: http:
@ -179,4 +181,4 @@ http:
- 301 - 301
- 302 - 302
- 307 - 307
# digest: 4b0a00483046022100e9bf67056b260dc2bc0f200f2d1853287f4f9b916a9a10f53fc7e643868df3200221008daacf7355ba1c40d34b672e78c096110e60601fdd1afa5932cd69b109c27d18:922c64590222798bb761d5b6d8e72950 # digest: 490a004630440220798dab0882b46e287f296c1f1ba1f9b47422c2b080486183184727f3de119087022044b26046d5aba5529bb7583ccebd65748198fff98a625c16b07432abf5a4fe8c:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: high severity: high
reference: reference:
- https://www.invicti.com/learn/remote-file-inclusion-rfi/ - https://www.invicti.com/learn/remote-file-inclusion-rfi/
metadata:
max-request: 1
tags: rfi,dast,oast tags: rfi,dast,oast
http: http:
@ -30,4 +32,4 @@ http:
part: body # Confirms the PHP was executed part: body # Confirms the PHP was executed
words: words:
- "NessusCodeExecTest" - "NessusCodeExecTest"
# digest: 490a0046304402201f706bb5944d3a4a5ee6f4a6920de5a04d097d9a8abaa3a4b3fc992dc96b97c6022059107f23f16f0e83e38f27702bf6184e2a17c11940d204a50a060879c932a76e:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022029d2873c4bd52bc2237f5807f6053de597738e331d83ff8661e78b54b9f8eabc02200aef90a617b1a1997f782d347cdea43e3cba3e453b60aa77148a0632bade8d7c:922c64590222798bb761d5b6d8e72950

View File

@ -8,6 +8,8 @@ info:
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
or to override valuable ones, or even to execute dangerous system level commands on the database host. or to override valuable ones, or even to execute dangerous system level commands on the database host.
This is accomplished by the application taking user input and combining it with static parameters to build an SQL query . This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
metadata:
max-request: 3
tags: sqli,error,dast tags: sqli,error,dast
http: http:
@ -491,4 +493,4 @@ http:
- "SQ200: No table " - "SQ200: No table "
- "Virtuoso S0002 Error" - "Virtuoso S0002 Error"
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"
# digest: 4a0a00473045022100991ee3aa73500a4773ffbc23f50ab000999d53da3f5ab8723a4abc146eba69ee02207ef58106e21c140b29dfabac8270bbe11bd86b7b14f51b785f437e20d1f124de:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100def6b6c4c85fe7786b61273d67b03bdcee001f0c68a862eaefdb3b9683291467022016d745831a21fa1c90b37bd0b0557828da77cf36662ddec1898ee436d5990a38:922c64590222798bb761d5b6d8e72950

View File

@ -4,6 +4,8 @@ info:
name: Blind SSRF OAST Detection name: Blind SSRF OAST Detection
author: pdteam author: pdteam
severity: medium severity: medium
metadata:
max-request: 3
tags: ssrf,dast,oast tags: ssrf,dast,oast
http: http:
@ -39,4 +41,4 @@ http:
part: interactsh_protocol # Confirms the HTTP Interaction part: interactsh_protocol # Confirms the HTTP Interaction
words: words:
- "http" - "http"
# digest: 4a0a004730450221008e67c53d4368607db787a520c50ce1ae8c742483ea80c0e7d34ab8ef529d2c9902205c049079f166eae9a8e5c5c99b72a048bebaa05de3eb3828adb9d81fab3543aa:922c64590222798bb761d5b6d8e72950 # digest: 490a00463044022043639a2b3d837698f0ad1d5c78b81a92dc67cfe8ea18afeb57f006cf44e2803902204a61e6eeb0c529913899c9f8aae306dbddcac78f5f41837679b8ba15ada3b5db:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: high severity: high
reference: reference:
- https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py - https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
metadata:
max-request: 12
tags: ssrf,dast tags: ssrf,dast
http: http:
@ -126,4 +128,4 @@ http:
part: body part: body
regex: regex:
- 'id[\s\S]+interfaces\/' - 'id[\s\S]+interfaces\/'
# digest: 4a0a00473045022100f1036d0d83d2d319f244f143873a16f2ae222e1f0d7dfa3a12604bc50547945c022014f428e033f9ac02ba873325301b910fde7ae7fac3613ab0388ea5d9a14e5f56:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100df5e466f9b2de4655561801dacd8444d412cca9556662839a5955b6c360fe47e022070272a7069a37a5df17d1177769fa87a3c21dcf8b8898e2b36652602d64adc9c:922c64590222798bb761d5b6d8e72950

View File

@ -7,6 +7,8 @@ info:
reference: reference:
- https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java - https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
- https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update - https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
metadata:
max-request: 14
tags: ssti,dast tags: ssti,dast
variables: variables:
@ -50,4 +52,4 @@ http:
part: body part: body
words: words:
- "{{result}}" - "{{result}}"
# digest: 4a0a00473045022060b24ab805932a9aae5635d76725d92d78d3366f76b103480386f7db2231b750022100cf4e3feff8153a59a9b668bbe6c989c4940074ec6857c5f4f4f920660719143d:922c64590222798bb761d5b6d8e72950 # digest: 4a0a00473045022100d708d1c94470ed6b8905dc03b2e87fd5408f31412d9cb8e002a271e13eae29ed02204c3c34ba3a148255d64a9513e36fe35a57032a0c9c5ede1d1c4d14d7813cc6c4:922c64590222798bb761d5b6d8e72950

View File

@ -4,6 +4,8 @@ info:
name: Reflected Cross Site Scripting name: Reflected Cross Site Scripting
author: pdteam author: pdteam
severity: medium severity: medium
metadata:
max-request: 1
tags: xss,rxss,dast tags: xss,rxss,dast
variables: variables:
@ -38,4 +40,4 @@ http:
part: header part: header
words: words:
- "text/html" - "text/html"
# digest: 4a0a0047304502205a9aa38841e7308e5d1bf21526d6ae14c3ea4b5b00def0f0f0b95501c0df237d022100ca9a3145f00b6278b60ccc0cb44b525a7bfcf2f86ead8664c33c0ce345a623ea:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502205821d73014fc8d11f73cd6310b813fe726e0a079b64f64e68b4ec264862ca17e0221008b5588348307f431509fb585b4920dc44a9de1f9330154b012be8dc4520fd47d:922c64590222798bb761d5b6d8e72950

View File

@ -6,6 +6,8 @@ info:
severity: medium severity: medium
reference: reference:
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
metadata:
max-request: 2
tags: dast,xxe tags: dast,xxe
variables: variables:
@ -49,4 +51,4 @@ http:
part: body part: body
words: words:
- 'for 16-bit app support' - 'for 16-bit app support'
# digest: 490a00463044022057ed734a899a6e84282567122e7cbd55d596db47869a9f1079fdda8222765cdd02206129d4a12c906388ae43c37e4048a1913371fc637748eaaefc1356dbae82d139:922c64590222798bb761d5b6d8e72950 # digest: 490a0046304402200765457e7ce86f2875c9b0446d1e4d4a3f035e95c8cb70d2c685bed047e1883c022000fb0dbfce1acce174129de4808904972d457aae4cc27dd68672d8e5a14d49b1:922c64590222798bb761d5b6d8e72950

View File

@ -8,8 +8,9 @@ info:
A BIMI record was detected A BIMI record was detected
reference: reference:
- https://postmarkapp.com/blog/what-the-heck-is-bimi - https://postmarkapp.com/blog/what-the-heck-is-bimi
metadata:
max-request: 1
tags: dns,bimi tags: dns,bimi
dns: dns:
- name: "{{FQDN}}" - name: "{{FQDN}}"
type: TXT type: TXT
@ -22,4 +23,4 @@ dns:
- type: regex - type: regex
regex: regex:
- "v=BIMI1(.+)" - "v=BIMI1(.+)"
# digest: 4a0a004730450221008445fc238e87f9342ce983f65c136755a858f4b59106a74fe0a685b7cbc0d9d20220723212d91ee35908c09375b9eef99966b5c4e47ca3d5dab26b2013f76ff5891e:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450220605ed411689a170cf998da54d5e46492d87ddd699d4e863af5c74ab042d84f26022100d1dcec6514e480b66731a11ee26545bc301c8a6aa7c25d90e0ffce2da14dae54:922c64590222798bb761d5b6d8e72950

View File

@ -5,7 +5,7 @@ info:
author: Sy3Omda,geeknik,forgedhallpass,ayadi author: Sy3Omda,geeknik,forgedhallpass,ayadi
severity: unknown severity: unknown
description: Check for multiple keys/tokens/passwords hidden inside of files. description: Check for multiple keys/tokens/passwords hidden inside of files.
tags: exposure,token,file,disclosure tags: exposure,token,file,disclosure,keys
# Extract secrets regex like api keys, password, token, etc ... for different services. # Extract secrets regex like api keys, password, token, etc ... for different services.
# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue. # Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes. # Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.
@ -3465,4 +3465,4 @@ file:
- "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+" - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+"
# Enhanced by md on 2023/05/04 # Enhanced by md on 2023/05/04
# digest: 4a0a00473045022100b72b69d337c25863bb7f860b4a6811ae2eefe0dd86e750fec9e74e84acbe9f61022035683b418d60d3eadb52eafc6261e03e9eb0e08e2c6f0f3d51bf38f43da64e66:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450220045ec05e89307c40d97b871dedb06fc2e6c29e7f9472652f27a3af78cbb47c6a0221008aa1c6521a840b9f7dbf8e4c0f83863894011561e0d3d244858683684293f221:922c64590222798bb761d5b6d8e72950

View File

@ -27,7 +27,10 @@ info:
max-request: 1 max-request: 1
vendor: smartbear vendor: smartbear
product: swagger_ui product: swagger_ui
shodan-query: http.component:"Swagger" shodan-query:
- http.component:"Swagger"
- http.component:"swagger"
- http.favicon.hash:"-1180440057"
fofa-query: icon_hash="-1180440057" fofa-query: icon_hash="-1180440057"
tags: headless,cve,cve2018,swagger,xss,smartbear tags: headless,cve,cve2018,swagger,xss,smartbear
headless: headless:
@ -70,4 +73,4 @@ headless:
words: words:
- "swagger" - "swagger"
case-insensitive: true case-insensitive: true
# digest: 4b0a004830460221008c5bb8afdc142dbf782c9bb579a7ed08079c67387a1285aaa34a20bd5f67a8e9022100905594915fd641bd07174ef818dd215bc18bc32845731f1aeb85ca745c8612e2:922c64590222798bb761d5b6d8e72950 # digest: 4a0a0047304502206b620185825b2c7dd85b7d2fb9e5863acfd2c2b606b86934fc08cbc8fc997be3022100d10e8cd09cbe237f829b10d1e0a5226cf9e34a7a2c007f3e53029cae7f920b52:922c64590222798bb761d5b6d8e72950

View File

@ -13,8 +13,9 @@ info:
reference: reference:
- https://pulsesecurity.co.nz/articles/javascript-from-sourcemaps - https://pulsesecurity.co.nz/articles/javascript-from-sourcemaps
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Web_Page_Content_for_Information_Leakage - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Web_Page_Content_for_Information_Leakage
tags: javascript,webpack,sourcemaps metadata:
max-request: 9
tags: javascript,webpack,sourcemaps,headless
headless: headless:
- steps: - steps:
- args: - args:
@ -218,4 +219,4 @@ http:
- type: status - type: status
status: status:
- 200 - 200
# digest: 490a00463044022037d26b0bf4e1e46e77bcae5925a09f8dd5e8ea38894b06c3a450cac92ae803b5022016539aa792c7f25f571a45c194e983fa46aa24f8980c2829025ebf9e7c4e3b1c:922c64590222798bb761d5b6d8e72950 # digest: 4a0a004730450220010b004e9a80e7bcef4de9826e973992a8ea72217ce2d6813700f1aceded13db0221008b37c8a048d1a96621dae497d9241f2ee0b8920f952cfa6d9f92a69715504fff:922c64590222798bb761d5b6d8e72950

Some files were not shown because too many files have changed in this diff Show More