Alibaba Cloud Config Review - Nuclei Templates v10.1.1 🎉

🔥 Release Highlights 🔥

We’re excited to announce the expansion of the Nuclei Templates with new templates specifically for Alibaba Cloud Configurations. This release introduces a series of specialized security checks tailored for the comprehensive components of Alibaba Cloud services, including ECS instances, RDS databases, OSS buckets, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code analysis.

The introduction of these Alibaba Cloud-specific templates empowers security teams to conduct thorough security audits of their Alibaba Cloud environments, uncovering crucial misconfigurations and vulnerabilities. Moreover, this release offers customizable checks that can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these Alibaba Cloud security templates further. For more details, please visit our latest blog post.

Other Highlights

• [CVE-2024-55956] Cleo Harmony < 5.8.0.24 - File Upload Vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-52875] Kerio Control v9.2.5 - CRLF Injection (@ritikchaddha, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-50623] Cleo Harmony < 5.8.0.21 - Arbitary File Read (@dhiyaneshdk) [high] 🔥
• [CVE-2024-45309] OneDev.io < 11.0.9 - Arbitrary File Read (@isacaya) [high] 🔥
• [CVE-2024-41713] Mitel MiCollab - Authentication Bypass (@dhiyaneshdk, @watchtowr) [high] 🔥
• [CVE-2024-36404] GeoServer and GeoTools - Remote Code Execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-12209] WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion (@s4e-io) [critical] 🔥
• [CVE-2024-8856] WP Time Capsule Plugin - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2020-15906] TikiWiki GroupWare - Auth Bypass (@JeonSungHyun, @gy741, @oIfloraIo, @nechyo, @harksu) [critical] 🔥
• [CVE-2020-13935] Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service (@sttlr) [high] 🔥
• [CVE-2017-1000353] Jenkins CLI - Java Deserialization (@hnd3884) [critical] 🔥

What's Changed

New Templates Added: 154 | CVEs Added: 31 | First-time contributions: 4

• [CVE-2024-55956] Cleo Harmony < 5.8.0.24 - File Upload Vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-52875] Kerio Control v9.2.5 - CRLF Injection (@ritikchaddha, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-52433] My Geo Posts Free <= 1.2 - PHP Object Injection (@s4e-io) [critical]
• [CVE-2024-50623] Cleo Harmony < 5.8.0.21 - Arbitary File Read (@dhiyaneshdk) [high] 🔥
• [CVE-2024-48307] JeecgBoot v3.7.1 - SQL Injection (@lbb, @s4e-io) [critical]
• [CVE-2024-45309] OneDev.io < 11.0.9 - Arbitrary File Read (@isacaya) [high] 🔥
• [CVE-2024-45293] TablePress < 2.4.3 - XXE Injection (@iamnoooob, @ritikchaddha) [high]
• [CVE-2024-41713] Mitel MiCollab - Authentication Bypass (@dhiyaneshdk, @watchtowr) [high] 🔥
• [CVE-2024-39887] Apache Superset < 4.0.2 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [medium]
• [CVE-2024-36404] GeoServer and GeoTools - Remote Code Execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-24116] Ruijie RG-NBS2009G-P - Improper Authentication (@friea) [critical]
• [CVE-2024-12209] WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion (@s4e-io) [critical] 🔥
• [CVE-2024-11728] KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection (@samogod, @s4e-io) [high]
• [CVE-2024-11305] Altenergy Power Control Software - SQL Injection (@s4e-io) [medium]
• [CVE-2024-11303] Korenix JetPort 5601v3 - Path Traversal (@geeknik) [high]
• [CVE-2024-10516] Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion (@ritikchaddha) [high]
• [CVE-2024-10400] Tutor LMS <= 2.7.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2024-8859] Mlflow < 2.17.0 - Local File Inclusion (@gy741) [critical]
• [CVE-2024-8856] WP Time Capsule Plugin - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2023-50094] reNgine 2.2.0 - Command Injection (@Zierax) [high]
• [CVE-2023-46455] GL.iNet <= 4.3.7 - Arbitrary File Write (@Zierax) [high]
• [CVE-2023-37599] Issabel PBX 4.0.0-6 - Directory Listing (@ritikchaddha) [high]
• [CVE-2023-6697] WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting (@iamnoooob, @ritikchaddha) [medium]
• [CVE-2023-3990] Mingsoft MCMS < 5.3.1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-1119] WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2022-4375] Mingsoft MCMS - SQL Injection (@ritikchaddha) [critical]
• [CVE-2022-2552] Duplicator < 1.4.7.1 - Information Disclosure (@iamnoooob, @ritikchaddha) [medium]
• [CVE-2020-15906] Tiki Wiki CMS GroupWare - Authentication Bypass (@JeonSungHyun[nukunga], @gy741, @oIfloraIo, @nechyo, @harksu) [critical] 🔥
• [CVE-2020-13935] Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service (@sttlr) [high] 🔥
• [CVE-2019-9912] WP Google Maps < 7.10.43 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2017-1000353] Jenkins CLI - Java Deserialization (@hnd3884) [critical] 🔥
• [ack-cluster-api-public] Public Access to ACK Cluster's API Server - Enabled (@ritikchaddha) [high]
• [ack-cluster-auditing-disable] Cluster Auditing with Simple Log Service - Disabled (@ritikchaddha) [low]
• [ack-cluster-cloud-monitor-disable] Cloud Monitor for ACK Clusters - Disable (@ritikchaddha) [medium]
• [ack-cluster-health-disable] ACK Clusters Check - Disable (@ritikchaddha) [medium]
• [ack-cluster-network-policies-disable] Enforced Cluster Support for Network Policies - Disabled (@ritikchaddha) [medium]
• [ack-cluster-network-policies-missing] Cluster Support for Network Policies - Missing (@ritikchaddha) [medium]
• [kubernetes-dashboard-enabled] Kubernetes Dashboard for ACK Clusters - Enabled (@ritikchaddha) [medium]
• [multi-region-logging-disabled] Global Service (Multi-Region) Logging - Disabled (@dhiyaneshdk) [high]
• [public-actiontrail-bucket] ActionTrail Log Buckets - Publicly Exposed (@ritikchaddha) [high]
• [alibaba-cloud-code-env] Alibaba Cloud Environment Validation (@dhiyaneshdk) [info]
• [os-patches-outdated] OS Patches - Outdated (@dhiyaneshdk) [medium]
• [unattached-disk-encryption-disabled] Encryption for Unattached Disks - Disabled (@dhiyaneshdk) [high]
• [unattached-vminstance-encryption-disabled] Encryption for VM Instance Disks - Disabled (@dhiyaneshdk) [high]
• [unrestricted-rdp-access] Unrestricted - RDP Access (@dhiyaneshdk) [high]
• [unrestricted-ssh-access] Unrestricted - SSH Access (@dhiyaneshdk) [high]
• [access-logoss-disabled] Access Logging for OSS Buckets - Disabled (@dhiyaneshdk) [medium]
• [improper-bucket-sse] Improper Bucket Server-Side Encryption (@ritikchaddha) [medium]
• [limit-networkaccess-disabled] Limit Network Access to Selected Networks - Disabled (@dhiyaneshdk) [medium]
• [oos-bucket-public-access] OSS Bucket Public Accessible (@dhiyaneshdk) [high]
• [secure-transfeross-disabled] Secure Transfer for OSS Buckets - Disabled (@dhiyaneshdk) [medium]
• [sse-cmk-disabled] Server-Side Encryption with Customer Managed Key - Disabled (@ritikchaddha) [high]
• [sse-smk-disabled] Server-Side Encryption with Service Managed Key - Disabled (@ritikchaddha) [high]
• [custom-ram-policy-admin-priv] Custom RAM Policies With Full Administrative Privileges (@dhiyaneshdk) [high]
• [max-password-retry-disabled] Maximum Password Retry Constraint Policy - Disabled (@dhiyaneshdk) [medium]
• [mfa-console-password-disabled] MFA For RAM Users With Console Password - Disabled (@dhiyaneshdk) [medium]
• [password-policy-expiration-unconfigured] RAM Password Policy Expiration - Unconfigured (@dhiyaneshdk) [medium]
• [password-policy-length-unconfigured] RAM Password Policy requires Minimum Length 14 or Greater (@dhiyaneshdk) [medium]
• [password-policy-lowercase-unconfigured] RAM Password Policy requires atleast One Lowercase - Unconfigured (@dhiyaneshdk) [medium]
• [password-policy-num-unconfigured] RAM Password Policy requires atleast One Number - Unconfigured (@dhiyaneshdk) [medium]
• [password-policy-reuse-enabled] RAM Password Policy Reuse - Enabled (@dhiyaneshdk) [medium]
• [password-policy-symbol-unconfigured] RAM Password Policy requires atleast One Symbol - Unconfigured (@dhiyaneshdk) [medium]
• [password-policy-uppercase-unconfigured] RAM Password Policy requires atleast One Uppercase - Unconfigured (@dhiyaneshdk) [medium]
• [encryption-intransit-disabled] RDS Encryption in Transit - Disabled (@dhiyaneshdk) [high]
• [log-connections-disabled] PostgreSQL "log_connections" Parameter - Disabled (@dhiyaneshdk) [medium]
• [log-disconnections-disabled] PostgreSQL "log_disconnections" Parameter - Disabled (@dhiyaneshdk) [medium]
• [log-duration-disabled] PostgreSQL "log_duration" Parameter - Disabled (@dhiyaneshdk) [medium]
• [mssql-audit-disabled] Microsoft SQLServer Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
• [mysql-audit-disabled] MySQL Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
• [postgresql-audit-disabled] PostgreSQL Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
• [rds-audit-disabled] RDS Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
• [transparent-encryption-disabled] Transparent Data Encryption - Disabled (@dhiyaneshdk) [medium]
• [scheduled-vulnscan-disabled] Scheduled Vulnerability Scan - Disabled (@dhiyaneshdk) [medium]
• [security-notification-disabled] Security Center Notifications - Disabled (@dhiyaneshdk) [medium]
• [security-plan-disabled] Security Center Plan - Disabled (@dhiyaneshdk) [medium]
• [vpc-flow-disabled] VPC Flow Log - Disabled (@dhiyaneshdk) [medium]
• [elb-delete-protection-disabled] ELB Delete Protection - Disabled (@dhiyaneshdk) [medium]
• [sqs-deadletter-disabled] SQS Dead Letter Queue - Disabled (@dhiyaneshdk) [medium]
• [sqs-encryption-disabled] Queue Server Side Encryption - Disabled (@dhiyaneshdk) [high]
• [sqs-queue-exposed] SQS Queue Exposed (@dhiyaneshdk) [high]
• [blade-oob] Laravel Blade 11.27.2 - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [bottle-oob] Bottle - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [chameleon-oob] Chameleon - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [dotjs-oob] DotJS - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [ejs-underscore-oob] Ejs AND Underscore - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [erb-erubi-erubis-oob] Erb OR Erubi OR Erubis - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [freemarker-oob] Freemarker 2.3.33 - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [groovy-oob] Groovy - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [jinja2-oob] Jinja2 - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [latte-oob] Latte 3.0.20 - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [mako-oob] Mako - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [pugjs-oob] Pug.js - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [tornado-oob] Tornado - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [velocityjs-oob] VelocityJS 2.0.6 - Out of Band Template Injection (@0xAwali, @dhiyaneshdk) [unknown]
• [huginn-panel] Huginn Login Panel - Detect (@righettod) [info]
• [openobserve-panel] OpenObserve Login Panel - Detect (@righettod) [info]
• [ricoh-webimagemonitor-panel] Ricoh Web Image Monitor - Detect (@righettod) [info]
• [backup-directory-listing] Backup Directory Listing - Detect (@dhiyaneshdk) [low]
• [exposed-pki-cert] Exposed Internal PKI Infrastructure - Detect (@nullenc0de) [high]
• [rapidapi-access-token] RapidAPI Access Token (@dhiyaneshdk) [info]
• [readme-api-token] Readme API Token (@dhiyaneshdk) [info]
• [scalingo-api-token] Scalingo API Token (@dhiyaneshdk) [info]
• [sendbird-access-id] SendBird Access ID (@dhiyaneshdk) [info]
• [sendbird-access-token] SendBird Access Token (@dhiyaneshdk) [info]
• [sendinblue-api-token] Sendinblue API Token (@dhiyaneshdk) [info]
• [sentry-access-token] Sentry Access Token (@dhiyaneshdk) [info]
• [shippo-api-token] Shippo API Token (@dhiyaneshdk) [info]
• [shopify-private-app-access-token] Shopify Private App Access Token (@dhiyaneshdk) [info]
• [shopify-shared-secret] Shopify Shared Secret (@dhiyaneshdk) [info]
• [sidekiq-secret] Sidekiq Secret Token (@dhiyaneshdk) [info]
• [sidekiq-sensitive-url] Sidekiq Sensitive URL (@dhiyaneshdk) [info]
• [slack-app-token] Slack App Token (@dhiyaneshdk) [info]
• [slack-config-access-token] Slack Config Access Token (@dhiyaneshdk) [info]
• [slack-config-refresh-token] Slack Config Refresh Token (@dhiyaneshdk) [info]
• [slack-legacy-bot-token] Slack Legacy Bot Token (@dhiyaneshdk) [info]
• [slack-legacy-token] Slack Legacy Token (@dhiyaneshdk) [info]
• [slack-legacy-workspace-token] Slack Legacy Workspace Token (@dhiyaneshdk) [info]
• [squarespace-access-token] Squarespace Access Token (@dhiyaneshdk) [info]
• [stripe-access-token] Stripe Access Token (@dhiyaneshdk) [info]
• [sumologic-access-id] Sumologic Access ID (@dhiyaneshdk) [info]
• [sumologic-access-token] Sumologic Access Token (@dhiyaneshdk) [info]
• [snyk-api-token] Snyk API Token (@dhiyaneshdk) [info]
• [travisci-access-token] TravisCI Access Token (@dhiyaneshdk) [info]
• [twitch-api-token] Twitch API Secret Token (@dhiyaneshdk) [info]
• [twitter-api-key] Twitter API Key (@dhiyaneshdk) [info]
• [twitter-api-secret] Twitter API Secret Token (@dhiyaneshdk) [info]
• [twitter-bearer-token] Twitter Bearer Token (@dhiyaneshdk) [info]
• [typeform-api-token] Typeform API Token (@dhiyaneshdk) [info]
• [vault-batch-token] Vault Batch Token (@dhiyaneshdk) [info]
• [vault-service-token] Vault Service Token (@dhiyaneshdk) [info]
• [yandex-access-token] Yandex Access Token (@dhiyaneshdk) [info]
• [yandex-api-key] Yandex API Key (@dhiyaneshdk) [info]
• [yandex-aws-access-token] Yandex AWS Access Token (@dhiyaneshdk) [info]
• [cleo-detect] Cleo Technology - Detect (@rxerium) [info]
• [hue-wireless-lighting] Hue Personal Wireless Lighting - Detect (@ProjectDiscoveryAI) [info]
• [wordpress-hunk-companion] Hunk Companion Detection (@invisiblethreat) [info]
• [api-jotform] Jotform API Test (@0xPugal) [info]
• [dlink-nas-rce] D-Link NAS sc_mgr.cgi - Remote Code Execution (@adeljck) [critical]
• [feiyuxing-ent-router-infoleak] FeiYuXing Enterprise Router - Information Leakage (@adeljck) [high]
• [infinitt-pacs-file-upload] Infinitt PACS System - Arbitary File Upload (@adeljck) [critical]
• [infinitt-pacs-info-disclosure] Infinitt PACS System - Information Disclosure (@adeljck) [high]
• [mcms-list-sqli] Mingsoft MCMS 5.2.1 - SQL Injection (@ritikchaddha) [critical]
• [mitel-arbitary-file-read] Mitel MiCollab - Arbitary File Read (@dhiyaneshdk, @watchtowr) [critical]
• [aishu-anyshare-info-exposure] Aishu AnyShare - Information Disclosure (@s4e-io) [high]
• [easycvr-arbitrary-file-read] EasyCVR Video Management - Arbitrary File Read (@s4e-io) [high]
• [mcms-search-xss] Mingsoft MCMS < 5.3.1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [vrview-xss] VRview Plugin - Cross-Site Scripting (@ritikchaddha) [high]
• [wp-vr-view-xss] WP VR-View Plugin - Cross-Site Scripting (@ritikchaddha) [high]
• [fortianalyzer-certificate] Fortinet FortiAnalyzer Certificate - Detect (@johnk3r) [info]
• [fortiauthenticator-certificate] Fortinet FortiAuthenticator Certificate - Detect (@johnk3r) [info]
• [fortiddos-certificate] Fortinet FortiDDoS Certificate - Detect (@johnk3r) [info]
• [fortigate-certificate] Fortinet FortiGate Certificate - Detect (@johnk3r) [info]
• [fortimanager-certificate] Fortinet FortiManager Certificate - Detect (@johnk3r) [info]
• [fortiwifi-certificate] Fortinet FortiWifi Certificate - Detect (@johnk3r) [info]

New Contributors

• @Zierax made their first contribution in #11144
• @friea-p made their first contribution in #11267
• @nukunga made their first contribution in #10577
• @stealthcopter made their first contribution in #11397

Full Changelog: v10.1.0...v10.1.1