nuclei-templates/cloud/aws/acm/acm-cert-validation.yaml

56 lines
1.7 KiB
YAML

id: acm-cert-validation
info:
name: ACM Certificate Validation Check
author: princechaddha
severity: medium
description: |
Ensure ACM SSL/TLS certificates are properly validated during issue or renewal, indicating secure communication channels.
impact: |
Lack of validation may allow unauthorized certificates, leading to potential man-in-the-middle attacks or data breaches.
remediation: |
Use AWS ACM for certificate provisioning and ensure domain validation steps are correctly followed for each certificate issued or renewed.
reference:
- https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html
tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables:
region: "us-east-1"
flow: |
code(1)
for(let arns of iterate(template.certificatearns)){
set("certificatearn", arns)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws acm list-certificates --region $region --output json
extractors:
- type: json
name: certificatearns
internal: true
json:
- '.CertificateSummaryList[] | .CertificateArn'
- engine:
- sh
- bash
source: |
aws acm describe-certificate --region $region --certificate-arn $certificatearn --query 'Certificate.Status'
matchers:
- type: word
words:
- "PENDING_VALIDATION"
extractors:
- type: dsl
dsl:
- '"The issue/renewal request for " + certificatearn + " SSL/TLS certificate was not validated"'
# digest: 4a0a0047304502210089639de3f7c36e53216707ebb4296d7ca7744e1227c45977772e3a5a2fa492e2022032c5f3a8a70224d2aad87a042558ad554bc58170e274510715cca40dc0e67ec3:922c64590222798bb761d5b6d8e72950