Comments (9)
is it possible to write this plugin in Python, because we need to use the pickle function to serialize the payload with Python?
from tsunami-security-scanner-plugins.
is it possible to write this plugin in Python, because we need to use the pickle function to serialize the payload with Python?
I'm currently working on creating a setup script to run python Tsunami plugins with the main Java program, I will update here once it's ready.
from tsunami-security-scanner-plugins.
@secureness you can now test out python plugins using https://github.com/google/tsunami-security-scanner/blob/master/quick_start_advanced.sh
The script is not thoroughly tested, let me know if you run into any issues.
from tsunami-security-scanner-plugins.
@maoning someone said in comments of the CVE report in huntr.dev
that only versions between 1.2.0 - 1.2.4 are vulnerable, I haven't tested other versions myself yet, do you accept this as a PRP?
from tsunami-security-scanner-plugins.
@secureness Could you also check for exposed BentoML API (report it as a medium severity finding) in addition to the RCE vuln (report it as a critical finding)? For exposed BentoML API, the worst thing could happen is that the inference service can queried by anyone right? Is there any interesting API endpoints that have additional security risks?
from tsunami-security-scanner-plugins.
@maoning we can check for a specific swagger UI with a Title containing the bentoML: https://docs.bentoml.com/en/latest/bentocloud/how-tos/call-deployment-endpoints.html#interact-with-the-deployment
we need to know at least one of the HTTP endpoints from Swagger UI to send a pickled payload to that endpoint to exploit the CVE.
So, the logic is this: first check for an exposed swagger UI and find an HTTP endpoint from the UI, and finally exploit the CVE, report the CVE and exposed UI otherwise only report the exposed UI.
from tsunami-security-scanner-plugins.
@secureness sounds good, you can proceed forward with this plugin. As exposed API doesn't leads to RCE, let's leave it out of the implementation (After discussing with the team, we think it is better for Tsunami to only focus on RCE vulns).
Please complete the following:
- submit the vulnerable configuration of the target application to google/security-testbeds.submit the vulnerable configuration of the target application to google/security-testbeds.
- submit our participation form and you can start working on the development.submit our participation form and you can start working on the development.
from tsunami-security-scanner-plugins.
@secureness I want to check on the status of this issue. Please let me know if you have any updates.
from tsunami-security-scanner-plugins.
Oh, I was waiting for this PR status which is not finalized yet:
#491
from tsunami-security-scanner-plugins.
Related Issues (20)
- PRP: Request Code Injection in Apache Zeppelin shell (CVE-2024-31861)
- PRP: Keycloak Admin Console Weak Credential Tester
- AI PRP: Arbitrary File Read in mlflow CVE-2024-2928 HOT 2
- AI PRP: RCE in anything-llm CVE-2024-3104 HOT 10
- AI PRP: Paddle Exposed RPC Remote Code Execution
- AI PRP: AutoGPT Exposed API Remote Code Execution
- AI PRP: GoCD Exposed UI HOT 3
- PRP: Exposed code-server instance HOT 2
- AI PRP: dagster exposed UI HOT 4
- PRP: Exposed Kafka UI
- AI PRP: Ollama Remote Code Execution Vulnerability HOT 16
- AI PRP: Weak credential tester for kubeflow HOT 2
- [Note]: Guys, looks like the project is INACTIVE HOT 1
- AI PRP: Authentication bypass and RCE in dtale CVE-2024-3408
- AI PRP: Arbirary File Write & SSRF in pytorch/serve CVE-2023-43654
- PRP: Unauthenticated Remote Code Execution in Apache CouchDB CVE-2022-24706
- PRP: GeoServer Unauthenticated Remote Code Execution HOT 1
- PRP: GeoServer weak credential tester
- AI PRP: Apache airflow default credential tester HOT 2
- PRP: Request CVE-2024-38856 RCE Vulnerability in Apache OFBiz HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tsunami-security-scanner-plugins.