daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/servicebus/azure-servicebus-tls-versio...

61 lines
2.0 KiB
YAML
Raw Blame History

id: azure-servicebus-tls-version-outdated
info:
name: Azure Service Bus Namespace TLS Version Not Latest
author: princechaddha
severity: medium
description: |
Ensure that your Azure Service Bus namespaces are using the latest supported version of the TLS protocol (i.e., TLS 1.2) in order to enhance security by providing stronger encryption, protecting data integrity, and reducing vulnerabilities to cyber attacks.
impact: |
Using an outdated TLS version can reduce data protection and make the service vulnerable to cyber attacks.
remediation: |
Update your Azure Service Bus namespaces to use the latest supported TLS version, TLS 1.2, to ensure improved security and data protection.
reference:
- https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-tls
tags: cloud,devops,azure,microsoft,servicebus,azure-cloud-config
flow: |
code(1);
for (let NamespaceData of iterate(template.namespaceList)) {
NamespaceData = JSON.parse(NamespaceData);
set("name", NamespaceData.Name);
set("resourceGroup", NamespaceData.ResourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az servicebus namespace list --output json --query '[*].{"Name":name,"ResourceGroup":resourceGroup}'
extractors:
- type: json
name: namespaceList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az servicebus namespace show --name "$name" --resource-group "$resourceGroup" --query 'minimumTlsVersion'
matchers-condition: and
matchers:
- type: word
words:
- '"1."'
- type: word
words:
- '"1.2"'
negative: true
extractors:
- type: dsl
dsl:
- 'name + " in " + resourceGroup + " is not using TLS 1.2"'
# digest: 4a0a0047304502210081ee7c37971c3316c71927dadecd8077b8fa77b0336b09a952007ae5d06ebbf5022015481edc35a41c924b4aa6ec412238a2d91bf2fdcfa46b4073d1a17df30c9c4a:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink