Merge pull request #6655 from Yuzhe-Zhang-0/main

Updated aws-bucket-takeover.yaml to reduce false positives
2023-02-02 23:35:44 +05:30 · 2023-02-02 23:35:44 +05:30 · 75cf805956
parent 0093ccdd05 2195077f88
commit 75cf805956
4 changed files with 8 additions and 3 deletions
--- a/cves/2018/CVE-2018-20470.yaml
+++ b/cves/2018/CVE-2018-20470.yaml
@ -11,7 +11,7 @@ info:
    - http://packetstormsecurity.com/files/153330/Sahi-Pro-7.x-8.x-Directory-Traversal.html
    - https://nvd.nist.gov/vuln/detail/CVE-2018-20470
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-20470
    cwe-id: CWE-22
--- a/cves/2019/CVE-2019-14322.yaml
+++ b/cves/2019/CVE-2019-14322.yaml
@ -11,7 +11,7 @@ info:
    - http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html
    - https://nvd.nist.gov/vuln/detail/CVE-2019-14322
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-14322
    cwe-id: CWE-22
--- a/cves/2019/CVE-2019-9922.yaml
+++ b/cves/2019/CVE-2019-9922.yaml
@ -11,7 +11,7 @@ info:
    - https://extensions.joomla.org/extension/je-messenger/
    - https://nvd.nist.gov/vuln/detail/CVE-2019-9922
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-9922
    cwe-id: CWE-22
--- a/takeovers/aws-bucket-takeover.yaml
+++ b/takeovers/aws-bucket-takeover.yaml
@ -27,3 +27,8 @@ requests:
        dsl:
          - contains(tolower(all_headers), 'x-guploader-uploadid')
        negative: true
+
+      - type: word
+        part: host
+        words:
+          - "amazonaws.com"