foreman_cve_scanner 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +10 -5
  3. data/Rakefile +2 -3
  4. data/app/lib/actions/{cve_scanner_job.rb → foreman_cve_scanner/cve_scanner_job.rb} +10 -11
  5. data/app/services/foreman_cve_scanner/cve_report_scanner.rb +45 -48
  6. data/app/views/foreman_cve_scanner/job_templates/install_cve_scanners.erb +47 -9
  7. data/app/views/foreman_cve_scanner/job_templates/run_cve_scanner.erb +1 -1
  8. data/lib/foreman_cve_scanner/engine.rb +9 -8
  9. data/lib/foreman_cve_scanner/version.rb +1 -1
  10. data/lib/tasks/foreman_cve_scanner_tasks.rake +16 -0
  11. data/test/fixtures/grype.json +2970 -0
  12. data/test/fixtures/trivy.json +1765 -0
  13. data/test/services/foreman_cve_scanner/cve_report_scanner_test.rb +43 -0
  14. metadata +25 -44
  15. data/test/factories/foreman_cve_scanner_factories.rb +0 -5
  16. data/test/unit/foreman_cve_scanner_test.rb +0 -11
data/test/fixtures/trivy.json ADDED
@@ -0,0 +1,1765 @@
1
+ {
2
+ "SchemaVersion": 2,
3
+ "CreatedAt": "2023-12-29T14:32:02.721647769Z",
4
+ "ArtifactName": "van-holbach.sandbox.dev.atix",
5
+ "ArtifactType": "filesystem",
6
+ "Metadata": {
7
+ "OS": {
8
+ "Family": "alma",
9
+ "Name": "8.9"
10
+ },
11
+ "ImageConfig": {
12
+ "architecture": "",
13
+ "created": "0001-01-01T00:00:00Z",
14
+ "os": "",
15
+ "rootfs": {
16
+ "type": "",
17
+ "diff_ids": null
18
+ },
19
+ "config": {}
20
+ }
21
+ },
22
+ "Results": [
23
+ {
24
+ "Target": "van-holbach.sandbox.dev.atix (alma 8.9)",
25
+ "Class": "os-pkgs",
26
+ "Type": "alma",
27
+ "Vulnerabilities": [
28
+ {
29
+ "VulnerabilityID": "CVE-2020-12762",
30
+ "PkgID": "libfastjson@0.99.8-2.el8.x86_64",
31
+ "PkgName": "libfastjson",
32
+ "InstalledVersion": "0.99.8-2.el8",
33
+ "FixedVersion": "0.99.9-2.el8",
34
+ "Status": "fixed",
35
+ "Layer": {},
36
+ "SeveritySource": "alma",
37
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-12762",
38
+ "DataSource": {
39
+ "ID": "alma",
40
+ "Name": "AlmaLinux Product Errata",
41
+ "URL": "https://errata.almalinux.org/"
42
+ },
43
+ "Title": "json-c, libfastjson: integer overflow and out-of-bounds write via a large JSON file",
44
+ "Description": "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.",
45
+ "Severity": "MEDIUM",
46
+ "CweIDs": [
47
+ "CWE-190",
48
+ "CWE-787"
49
+ ],
50
+ "VendorSeverity": {
51
+ "alma": 2,
52
+ "amazon": 3,
53
+ "cbl-mariner": 3,
54
+ "nvd": 3,
55
+ "oracle-oval": 2,
56
+ "photon": 3,
57
+ "redhat": 2,
58
+ "ubuntu": 2
59
+ },
60
+ "CVSS": {
61
+ "nvd": {
62
+ "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
63
+ "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
64
+ "V2Score": 6.8,
65
+ "V3Score": 7.8
66
+ },
67
+ "redhat": {
68
+ "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
69
+ "V3Score": 7.8
70
+ }
71
+ },
72
+ "References": [
73
+ "https://access.redhat.com/errata/RHSA-2023:6431",
74
+ "https://access.redhat.com/security/cve/CVE-2020-12762",
75
+ "https://bugzilla.redhat.com/1835253",
76
+ "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
77
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12762",
78
+ "https://errata.almalinux.org/9/ALSA-2023-6431.html",
79
+ "https://github.com/json-c/json-c/pull/592",
80
+ "https://github.com/rsyslog/libfastjson/issues/161",
81
+ "https://linux.oracle.com/cve/CVE-2020-12762.html",
82
+ "https://linux.oracle.com/errata/ELSA-2023-6976.html",
83
+ "https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html",
84
+ "https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html",
85
+ "https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html",
86
+ "https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html",
87
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/",
88
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/",
89
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/",
90
+ "https://nvd.nist.gov/vuln/detail/CVE-2020-12762",
91
+ "https://security.gentoo.org/glsa/202006-13",
92
+ "https://security.netapp.com/advisory/ntap-20210521-0001/",
93
+ "https://ubuntu.com/security/notices/USN-4360-1",
94
+ "https://ubuntu.com/security/notices/USN-4360-4",
95
+ "https://usn.ubuntu.com/4360-1/",
96
+ "https://usn.ubuntu.com/4360-4/",
97
+ "https://www.cve.org/CVERecord?id=CVE-2020-12762",
98
+ "https://www.debian.org/security/2020/dsa-4741"
99
+ ],
100
+ "PublishedDate": "2020-05-09T18:15:11.283Z",
101
+ "LastModifiedDate": "2023-11-07T03:15:44.277Z"
102
+ },
103
+ {
104
+ "VulnerabilityID": "CVE-2022-31676",
105
+ "PkgID": "open-vm-tools@11.1.0-2.el8.x86_64",
106
+ "PkgName": "open-vm-tools",
107
+ "InstalledVersion": "11.1.0-2.el8",
108
+ "FixedVersion": "11.3.5-1.el8_6.1",
109
+ "Status": "fixed",
110
+ "Layer": {},
111
+ "SeveritySource": "alma",
112
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-31676",
113
+ "DataSource": {
114
+ "ID": "alma",
115
+ "Name": "AlmaLinux Product Errata",
116
+ "URL": "https://errata.almalinux.org/"
117
+ },
118
+ "Title": "local root privilege escalation in the virtual machine",
119
+ "Description": "VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.",
120
+ "Severity": "HIGH",
121
+ "CweIDs": [
122
+ "CWE-269"
123
+ ],
124
+ "VendorSeverity": {
125
+ "alma": 3,
126
+ "amazon": 3,
127
+ "nvd": 3,
128
+ "oracle-oval": 3,
129
+ "photon": 3,
130
+ "redhat": 3,
131
+ "ubuntu": 2
132
+ },
133
+ "CVSS": {
134
+ "nvd": {
135
+ "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
136
+ "V3Score": 7.8
137
+ },
138
+ "redhat": {
139
+ "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
140
+ "V3Score": 7
141
+ }
142
+ },
143
+ "References": [
144
+ "http://www.openwall.com/lists/oss-security/2022/08/23/3",
145
+ "https://access.redhat.com/errata/RHSA-2022:6358",
146
+ "https://access.redhat.com/security/cve/CVE-2022-31676",
147
+ "https://bugzilla.redhat.com/2118714",
148
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31676",
149
+ "https://errata.almalinux.org/9/ALSA-2022-6358.html",
150
+ "https://linux.oracle.com/cve/CVE-2022-31676.html",
151
+ "https://linux.oracle.com/errata/ELSA-2022-6381.html",
152
+ "https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html",
153
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/",
154
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/",
155
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/",
156
+ "https://nvd.nist.gov/vuln/detail/CVE-2022-31676",
157
+ "https://security.gentoo.org/glsa/202210-27",
158
+ "https://security.netapp.com/advisory/ntap-20221017-0003/",
159
+ "https://ubuntu.com/security/notices/USN-5578-1",
160
+ "https://ubuntu.com/security/notices/USN-5578-2",
161
+ "https://www.cve.org/CVERecord?id=CVE-2022-31676",
162
+ "https://www.debian.org/security/2022/dsa-5215",
163
+ "https://www.openwall.com/lists/oss-security/2022/08/23/3",
164
+ "https://www.vmware.com/security/advisories/VMSA-2022-0024.html"
165
+ ],
166
+ "PublishedDate": "2022-08-23T20:15:08.903Z",
167
+ "LastModifiedDate": "2023-11-07T03:47:40.553Z"
168
+ },
169
+ {
170
+ "VulnerabilityID": "CVE-2023-20900",
171
+ "PkgID": "open-vm-tools@11.1.0-2.el8.x86_64",
172
+ "PkgName": "open-vm-tools",
173
+ "InstalledVersion": "11.1.0-2.el8",
174
+ "FixedVersion": "12.1.5-2.el8_8.3.alma.1",
175
+ "Status": "fixed",
176
+ "Layer": {},
177
+ "SeveritySource": "alma",
178
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-20900",
179
+ "DataSource": {
180
+ "ID": "alma",
181
+ "Name": "AlmaLinux Product Errata",
182
+ "URL": "https://errata.almalinux.org/"
183
+ },
184
+ "Title": "open-vm-tools: SAML token signature bypass",
185
+ "Description": "A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .",
186
+ "Severity": "HIGH",
187
+ "CweIDs": [
188
+ "CWE-294"
189
+ ],
190
+ "VendorSeverity": {
191
+ "alma": 3,
192
+ "amazon": 3,
193
+ "nvd": 3,
194
+ "oracle-oval": 3,
195
+ "photon": 3,
196
+ "redhat": 3,
197
+ "rocky": 3,
198
+ "ubuntu": 2
199
+ },
200
+ "CVSS": {
201
+ "nvd": {
202
+ "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
203
+ "V3Score": 7.5
204
+ },
205
+ "redhat": {
206
+ "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
207
+ "V3Score": 7.1
208
+ }
209
+ },
210
+ "References": [
211
+ "http://www.openwall.com/lists/oss-security/2023/08/31/1",
212
+ "http://www.openwall.com/lists/oss-security/2023/10/27/1",
213
+ "https://access.redhat.com/errata/RHSA-2023:5313",
214
+ "https://access.redhat.com/security/cve/CVE-2023-20900",
215
+ "https://bugzilla.redhat.com/2236542",
216
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2236542",
217
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20900",
218
+ "https://errata.almalinux.org/9/ALSA-2023-5313.html",
219
+ "https://errata.rockylinux.org/RLSA-2023:5312",
220
+ "https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch",
221
+ "https://github.com/vmware/open-vm-tools/tree/CVE-2023-20900.patch",
222
+ "https://linux.oracle.com/cve/CVE-2023-20900.html",
223
+ "https://linux.oracle.com/errata/ELSA-2023-5313.html",
224
+ "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html",
225
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/",
226
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/",
227
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/",
228
+ "https://nvd.nist.gov/vuln/detail/CVE-2023-20900",
229
+ "https://security.netapp.com/advisory/ntap-20231013-0002/",
230
+ "https://ubuntu.com/security/notices/USN-6365-1",
231
+ "https://ubuntu.com/security/notices/USN-6365-2",
232
+ "https://www.cve.org/CVERecord?id=CVE-2023-20900",
233
+ "https://www.debian.org/security/2023/dsa-5493",
234
+ "https://www.vmware.com/security/advisories/VMSA-2023-0019",
235
+ "https://www.vmware.com/security/advisories/VMSA-2023-0019.html"
236
+ ],
237
+ "PublishedDate": "2023-08-31T10:15:08.247Z",
238
+ "LastModifiedDate": "2023-11-17T05:15:11.647Z"
239
+ },
240
+ {
241
+ "VulnerabilityID": "CVE-2023-34058",
242
+ "PkgID": "open-vm-tools@11.1.0-2.el8.x86_64",
243
+ "PkgName": "open-vm-tools",
244
+ "InstalledVersion": "11.1.0-2.el8",
245
+ "FixedVersion": "12.2.5-3.el8_9.1.alma.1",
246
+ "Status": "fixed",
247
+ "Layer": {},
248
+ "SeveritySource": "alma",
249
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-34058",
250
+ "DataSource": {
251
+ "ID": "alma",
252
+ "Name": "AlmaLinux Product Errata",
253
+ "URL": "https://errata.almalinux.org/"
254
+ },
255
+ "Title": "open-vm-tools: SAML token signature bypass",
256
+ "Description": "VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .",
257
+ "Severity": "HIGH",
258
+ "CweIDs": [
259
+ "CWE-347"
260
+ ],
261
+ "VendorSeverity": {
262
+ "alma": 3,
263
+ "amazon": 3,
264
+ "nvd": 3,
265
+ "oracle-oval": 3,
266
+ "photon": 3,
267
+ "redhat": 3,
268
+ "rocky": 3,
269
+ "ubuntu": 2
270
+ },
271
+ "CVSS": {
272
+ "nvd": {
273
+ "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
274
+ "V3Score": 7.5
275
+ },
276
+ "redhat": {
277
+ "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
278
+ "V3Score": 7.5
279
+ }
280
+ },
281
+ "References": [
282
+ "http://www.openwall.com/lists/oss-security/2023/10/27/1",
283
+ "https://access.redhat.com/errata/RHSA-2023:7277",
284
+ "https://access.redhat.com/security/cve/CVE-2023-34058",
285
+ "https://bugzilla.redhat.com/2246080",
286
+ "https://bugzilla.redhat.com/2246096",
287
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2246080",
288
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2246096",
289
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058",
290
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34059",
291
+ "https://errata.almalinux.org/9/ALSA-2023-7277.html",
292
+ "https://errata.rockylinux.org/RLSA-2023:7265",
293
+ "https://linux.oracle.com/cve/CVE-2023-34058.html",
294
+ "https://linux.oracle.com/errata/ELSA-2023-7279.html",
295
+ "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html",
296
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/",
297
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/",
298
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/",
299
+ "https://nvd.nist.gov/vuln/detail/CVE-2023-34058",
300
+ "https://ubuntu.com/security/notices/USN-6463-1",
301
+ "https://ubuntu.com/security/notices/USN-6463-2",
302
+ "https://www.cve.org/CVERecord?id=CVE-2023-34058",
303
+ "https://www.debian.org/security/2023/dsa-5543",
304
+ "https://www.vmware.com/security/advisories/VMSA-2023-0024",
305
+ "https://www.vmware.com/security/advisories/VMSA-2023-0024.html"
306
+ ],
307
+ "PublishedDate": "2023-10-27T05:15:38.957Z",
308
+ "LastModifiedDate": "2023-11-17T05:15:12.043Z"
309
+ },
310
+ {
311
+ "VulnerabilityID": "CVE-2023-34059",
312
+ "PkgID": "open-vm-tools@11.1.0-2.el8.x86_64",
313
+ "PkgName": "open-vm-tools",
314
+ "InstalledVersion": "11.1.0-2.el8",
315
+ "FixedVersion": "12.2.5-3.el8_9.1.alma.1",
316
+ "Status": "fixed",
317
+ "Layer": {},
318
+ "SeveritySource": "alma",
319
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-34059",
320
+ "DataSource": {
321
+ "ID": "alma",
322
+ "Name": "AlmaLinux Product Errata",
323
+ "URL": "https://errata.almalinux.org/"
324
+ },
325
+ "Title": "open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper",
326
+ "Description": "open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs.",
327
+ "Severity": "HIGH",
328
+ "VendorSeverity": {
329
+ "alma": 3,
330
+ "amazon": 3,
331
+ "nvd": 3,
332
+ "oracle-oval": 3,
333
+ "photon": 3,
334
+ "redhat": 3,
335
+ "rocky": 3,
336
+ "ubuntu": 2
337
+ },
338
+ "CVSS": {
339
+ "nvd": {
340
+ "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
341
+ "V3Score": 7
342
+ },
343
+ "redhat": {
344
+ "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
345
+ "V3Score": 7.4
346
+ }
347
+ },
348
+ "References": [
349
+ "http://www.openwall.com/lists/oss-security/2023/10/27/2",
350
+ "http://www.openwall.com/lists/oss-security/2023/10/27/3",
351
+ "http://www.openwall.com/lists/oss-security/2023/11/26/1",
352
+ "http://www.openwall.com/lists/oss-security/2023/11/27/1",
353
+ "https://access.redhat.com/errata/RHSA-2023:7277",
354
+ "https://access.redhat.com/security/cve/CVE-2023-34059",
355
+ "https://bugzilla.redhat.com/2246080",
356
+ "https://bugzilla.redhat.com/2246096",
357
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2246080",
358
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2246096",
359
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058",
360
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34059",
361
+ "https://errata.almalinux.org/9/ALSA-2023-7277.html",
362
+ "https://errata.rockylinux.org/RLSA-2023:7265",
363
+ "https://linux.oracle.com/cve/CVE-2023-34059.html",
364
+ "https://linux.oracle.com/errata/ELSA-2023-7279.html",
365
+ "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html",
366
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/",
367
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/",
368
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/",
369
+ "https://nvd.nist.gov/vuln/detail/CVE-2023-34059",
370
+ "https://ubuntu.com/security/notices/USN-6463-1",
371
+ "https://ubuntu.com/security/notices/USN-6463-2",
372
+ "https://www.cve.org/CVERecord?id=CVE-2023-34059",
373
+ "https://www.debian.org/security/2023/dsa-5543",
374
+ "https://www.vmware.com/security/advisories/VMSA-2023-0024.html"
375
+ ],
376
+ "PublishedDate": "2023-10-27T05:15:39.013Z",
377
+ "LastModifiedDate": "2023-11-27T12:15:07.59Z"
378
+ },
379
+ {
380
+ "VulnerabilityID": "CVE-2023-20867",
381
+ "PkgID": "open-vm-tools@11.1.0-2.el8.x86_64",
382
+ "PkgName": "open-vm-tools",
383
+ "InstalledVersion": "11.1.0-2.el8",
384
+ "FixedVersion": "12.1.5-2.el8_8.alma",
385
+ "Status": "fixed",
386
+ "Layer": {},
387
+ "SeveritySource": "alma",
388
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-20867",
389
+ "DataSource": {
390
+ "ID": "alma",
391
+ "Name": "AlmaLinux Product Errata",
392
+ "URL": "https://errata.almalinux.org/"
393
+ },
394
+ "Title": "open-vm-tools: authentication bypass vulnerability in the vgauth module",
395
+ "Description": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.",
396
+ "Severity": "LOW",
397
+ "CweIDs": [
398
+ "CWE-287"
399
+ ],
400
+ "VendorSeverity": {
401
+ "alma": 1,
402
+ "amazon": 1,
403
+ "nvd": 1,
404
+ "oracle-oval": 1,
405
+ "photon": 2,
406
+ "redhat": 1,
407
+ "rocky": 1,
408
+ "ubuntu": 1
409
+ },
410
+ "CVSS": {
411
+ "nvd": {
412
+ "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
413
+ "V3Score": 3.9
414
+ },
415
+ "redhat": {
416
+ "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
417
+ "V3Score": 3.9
418
+ }
419
+ },
420
+ "References": [
421
+ "http://www.openwall.com/lists/oss-security/2023/10/16/11",
422
+ "http://www.openwall.com/lists/oss-security/2023/10/16/2",
423
+ "https://access.redhat.com/errata/RHSA-2023:3948",
424
+ "https://access.redhat.com/security/cve/CVE-2023-20867",
425
+ "https://bugzilla.redhat.com/2213087",
426
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2213087",
427
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20867",
428
+ "https://errata.almalinux.org/9/ALSA-2023-3948.html",
429
+ "https://errata.rockylinux.org/RLSA-2023:3949",
430
+ "https://linux.oracle.com/cve/CVE-2023-20867.html",
431
+ "https://linux.oracle.com/errata/ELSA-2023-3949.html",
432
+ "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html",
433
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/",
434
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/",
435
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/",
436
+ "https://nvd.nist.gov/vuln/detail/CVE-2023-20867",
437
+ "https://security.netapp.com/advisory/ntap-20230725-0001/",
438
+ "https://ubuntu.com/security/notices/USN-6257-1",
439
+ "https://www.cve.org/CVERecord?id=CVE-2023-20867",
440
+ "https://www.debian.org/security/2023/dsa-5493",
441
+ "https://www.vmware.com/security/advisories/VMSA-2023-0013",
442
+ "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
443
+ ],
444
+ "PublishedDate": "2023-06-13T17:15:14.07Z",
445
+ "LastModifiedDate": "2023-10-16T18:15:15.577Z"
446
+ },
447
+ {
448
+ "VulnerabilityID": "CVE-2022-30698",
449
+ "PkgID": "python3-unbound@1.7.3-14.el8.x86_64",
450
+ "PkgName": "python3-unbound",
451
+ "InstalledVersion": "1.7.3-14.el8",
452
+ "FixedVersion": "1.16.2-2.el8",
453
+ "Status": "fixed",
454
+ "Layer": {},
455
+ "SeveritySource": "alma",
456
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30698",
457
+ "DataSource": {
458
+ "ID": "alma",
459
+ "Name": "AlmaLinux Product Errata",
460
+ "URL": "https://errata.almalinux.org/"
461
+ },
462
+ "Title": "unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names",
463
+ "Description": "NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.",
464
+ "Severity": "MEDIUM",
465
+ "CweIDs": [
466
+ "CWE-613"
467
+ ],
468
+ "VendorSeverity": {
469
+ "alma": 2,
470
+ "amazon": 2,
471
+ "cbl-mariner": 2,
472
+ "nvd": 2,
473
+ "oracle-oval": 2,
474
+ "photon": 2,
475
+ "redhat": 2,
476
+ "rocky": 2,
477
+ "ubuntu": 2
478
+ },
479
+ "CVSS": {
480
+ "nvd": {
481
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
482
+ "V3Score": 6.5
483
+ },
484
+ "redhat": {
485
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
486
+ "V3Score": 6.5
487
+ }
488
+ },
489
+ "References": [
490
+ "https://access.redhat.com/errata/RHSA-2022:8062",
491
+ "https://access.redhat.com/security/cve/CVE-2022-30698",
492
+ "https://bugzilla.redhat.com/2116725",
493
+ "https://bugzilla.redhat.com/2116729",
494
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1959468",
495
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2018806",
496
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2023549",
497
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2027735",
498
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2038251",
499
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2081958",
500
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2116725",
501
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2116729",
502
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30698",
503
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30699",
504
+ "https://errata.almalinux.org/9/ALSA-2022-8062.html",
505
+ "https://errata.rockylinux.org/RLSA-2022:7622",
506
+ "https://linux.oracle.com/cve/CVE-2022-30698.html",
507
+ "https://linux.oracle.com/errata/ELSA-2022-8062.html",
508
+ "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html",
509
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/",
510
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/",
511
+ "https://nvd.nist.gov/vuln/detail/CVE-2022-30698",
512
+ "https://security.gentoo.org/glsa/202212-02",
513
+ "https://ubuntu.com/security/notices/USN-5569-1",
514
+ "https://www.cve.org/CVERecord?id=CVE-2022-30698",
515
+ "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
516
+ ],
517
+ "PublishedDate": "2022-08-01T15:15:09.84Z",
518
+ "LastModifiedDate": "2023-11-07T03:47:23.907Z"
519
+ },
520
+ {
521
+ "VulnerabilityID": "CVE-2022-30699",
522
+ "PkgID": "python3-unbound@1.7.3-14.el8.x86_64",
523
+ "PkgName": "python3-unbound",
524
+ "InstalledVersion": "1.7.3-14.el8",
525
+ "FixedVersion": "1.16.2-2.el8",
526
+ "Status": "fixed",
527
+ "Layer": {},
528
+ "SeveritySource": "alma",
529
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30699",
530
+ "DataSource": {
531
+ "ID": "alma",
532
+ "Name": "AlmaLinux Product Errata",
533
+ "URL": "https://errata.almalinux.org/"
534
+ },
535
+ "Title": "unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names",
536
+ "Description": "NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.",
537
+ "Severity": "MEDIUM",
538
+ "CweIDs": [
539
+ "CWE-613"
540
+ ],
541
+ "VendorSeverity": {
542
+ "alma": 2,
543
+ "amazon": 2,
544
+ "cbl-mariner": 2,
545
+ "nvd": 2,
546
+ "oracle-oval": 2,
547
+ "photon": 2,
548
+ "redhat": 2,
549
+ "rocky": 2,
550
+ "ubuntu": 2
551
+ },
552
+ "CVSS": {
553
+ "nvd": {
554
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
555
+ "V3Score": 6.5
556
+ },
557
+ "redhat": {
558
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
559
+ "V3Score": 6.5
560
+ }
561
+ },
562
+ "References": [
563
+ "https://access.redhat.com/errata/RHSA-2022:8062",
564
+ "https://access.redhat.com/security/cve/CVE-2022-30699",
565
+ "https://bugzilla.redhat.com/2116725",
566
+ "https://bugzilla.redhat.com/2116729",
567
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1959468",
568
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2018806",
569
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2023549",
570
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2027735",
571
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2038251",
572
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2081958",
573
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2116725",
574
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2116729",
575
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30698",
576
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30699",
577
+ "https://errata.almalinux.org/9/ALSA-2022-8062.html",
578
+ "https://errata.rockylinux.org/RLSA-2022:7622",
579
+ "https://linux.oracle.com/cve/CVE-2022-30699.html",
580
+ "https://linux.oracle.com/errata/ELSA-2022-8062.html",
581
+ "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html",
582
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/",
583
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/",
584
+ "https://nvd.nist.gov/vuln/detail/CVE-2022-30699",
585
+ "https://security.gentoo.org/glsa/202212-02",
586
+ "https://ubuntu.com/security/notices/USN-5569-1",
587
+ "https://www.cve.org/CVERecord?id=CVE-2022-30699",
588
+ "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
589
+ ],
590
+ "PublishedDate": "2022-08-01T15:15:09.89Z",
591
+ "LastModifiedDate": "2023-11-07T03:47:23.97Z"
592
+ },
593
+ {
594
+ "VulnerabilityID": "CVE-2022-3204",
595
+ "PkgID": "python3-unbound@1.7.3-14.el8.x86_64",
596
+ "PkgName": "python3-unbound",
597
+ "InstalledVersion": "1.7.3-14.el8",
598
+ "FixedVersion": "1.16.2-5.el8",
599
+ "Status": "fixed",
600
+ "Layer": {},
601
+ "SeveritySource": "alma",
602
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3204",
603
+ "DataSource": {
604
+ "ID": "alma",
605
+ "Name": "AlmaLinux Product Errata",
606
+ "URL": "https://errata.almalinux.org/"
607
+ },
608
+ "Title": "unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)",
609
+ "Description": "A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.",
610
+ "Severity": "MEDIUM",
611
+ "CweIDs": [
612
+ "CWE-400"
613
+ ],
614
+ "VendorSeverity": {
615
+ "alma": 2,
616
+ "amazon": 2,
617
+ "cbl-mariner": 3,
618
+ "nvd": 3,
619
+ "oracle-oval": 2,
620
+ "photon": 3,
621
+ "redhat": 2,
622
+ "ubuntu": 2
623
+ },
624
+ "CVSS": {
625
+ "nvd": {
626
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
627
+ "V3Score": 7.5
628
+ },
629
+ "redhat": {
630
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
631
+ "V3Score": 7.5
632
+ }
633
+ },
634
+ "References": [
635
+ "https://access.redhat.com/errata/RHSA-2023:2370",
636
+ "https://access.redhat.com/security/cve/CVE-2022-3204",
637
+ "https://bugzilla.redhat.com/2128947",
638
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3204",
639
+ "https://errata.almalinux.org/9/ALSA-2023-2370.html",
640
+ "https://linux.oracle.com/cve/CVE-2022-3204.html",
641
+ "https://linux.oracle.com/errata/ELSA-2023-2771.html",
642
+ "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html",
643
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/",
644
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/",
645
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/",
646
+ "https://nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt",
647
+ "https://nvd.nist.gov/vuln/detail/CVE-2022-3204",
648
+ "https://security.gentoo.org/glsa/202212-02",
649
+ "https://ubuntu.com/security/notices/USN-5732-1",
650
+ "https://www.cve.org/CVERecord?id=CVE-2022-3204",
651
+ "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt"
652
+ ],
653
+ "PublishedDate": "2022-09-26T14:15:11.007Z",
654
+ "LastModifiedDate": "2023-11-07T03:50:58.52Z"
655
+ },
656
+ {
657
+ "VulnerabilityID": "CVE-2022-24903",
658
+ "PkgID": "rsyslog@8.1911.0-6.el8.x86_64",
659
+ "PkgName": "rsyslog",
660
+ "InstalledVersion": "8.1911.0-6.el8",
661
+ "FixedVersion": "8.2102.0-7.el8",
662
+ "Status": "fixed",
663
+ "Layer": {},
664
+ "SeveritySource": "alma",
665
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24903",
666
+ "DataSource": {
667
+ "ID": "alma",
668
+ "Name": "AlmaLinux Product Errata",
669
+ "URL": "https://errata.almalinux.org/"
670
+ },
671
+ "Title": "rsyslog: Heap-based overflow in TCP syslog server",
672
+ "Description": "Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.",
673
+ "Severity": "HIGH",
674
+ "CweIDs": [
675
+ "CWE-1284",
676
+ "CWE-120"
677
+ ],
678
+ "VendorSeverity": {
679
+ "alma": 3,
680
+ "amazon": 3,
681
+ "cbl-mariner": 3,
682
+ "nvd": 3,
683
+ "oracle-oval": 3,
684
+ "redhat": 3,
685
+ "ubuntu": 2
686
+ },
687
+ "CVSS": {
688
+ "nvd": {
689
+ "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
690
+ "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
691
+ "V2Score": 6.8,
692
+ "V3Score": 8.1
693
+ },
694
+ "redhat": {
695
+ "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
696
+ "V3Score": 8.1
697
+ }
698
+ },
699
+ "References": [
700
+ "https://access.redhat.com/security/cve/CVE-2022-24903",
701
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24903",
702
+ "https://errata.almalinux.org/8/ALSA-2022-4799.html",
703
+ "https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705",
704
+ "https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8",
705
+ "https://linux.oracle.com/cve/CVE-2022-24903.html",
706
+ "https://linux.oracle.com/errata/ELSA-2022-9783.html",
707
+ "https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html",
708
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/",
709
+ "https://nvd.nist.gov/vuln/detail/CVE-2022-24903",
710
+ "https://security.netapp.com/advisory/ntap-20221111-0002/",
711
+ "https://ubuntu.com/security/notices/USN-5404-1",
712
+ "https://ubuntu.com/security/notices/USN-5404-2",
713
+ "https://www.cve.org/CVERecord?id=CVE-2022-24903",
714
+ "https://www.debian.org/security/2022/dsa-5150"
715
+ ],
716
+ "PublishedDate": "2022-05-06T00:15:07.873Z",
717
+ "LastModifiedDate": "2023-11-07T03:44:40.95Z"
718
+ },
719
+ {
720
+ "VulnerabilityID": "CVE-2022-30698",
721
+ "PkgID": "unbound-libs@1.7.3-14.el8.x86_64",
722
+ "PkgName": "unbound-libs",
723
+ "InstalledVersion": "1.7.3-14.el8",
724
+ "FixedVersion": "1.16.2-2.el8",
725
+ "Status": "fixed",
726
+ "Layer": {},
727
+ "SeveritySource": "alma",
728
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30698",
729
+ "DataSource": {
730
+ "ID": "alma",
731
+ "Name": "AlmaLinux Product Errata",
732
+ "URL": "https://errata.almalinux.org/"
733
+ },
734
+ "Title": "unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names",
735
+ "Description": "NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.",
736
+ "Severity": "MEDIUM",
737
+ "CweIDs": [
738
+ "CWE-613"
739
+ ],
740
+ "VendorSeverity": {
741
+ "alma": 2,
742
+ "amazon": 2,
743
+ "cbl-mariner": 2,
744
+ "nvd": 2,
745
+ "oracle-oval": 2,
746
+ "photon": 2,
747
+ "redhat": 2,
748
+ "rocky": 2,
749
+ "ubuntu": 2
750
+ },
751
+ "CVSS": {
752
+ "nvd": {
753
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
754
+ "V3Score": 6.5
755
+ },
756
+ "redhat": {
757
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
758
+ "V3Score": 6.5
759
+ }
760
+ },
761
+ "References": [
762
+ "https://access.redhat.com/errata/RHSA-2022:8062",
763
+ "https://access.redhat.com/security/cve/CVE-2022-30698",
764
+ "https://bugzilla.redhat.com/2116725",
765
+ "https://bugzilla.redhat.com/2116729",
766
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1959468",
767
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2018806",
768
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2023549",
769
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2027735",
770
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2038251",
771
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2081958",
772
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2116725",
773
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2116729",
774
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30698",
775
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30699",
776
+ "https://errata.almalinux.org/9/ALSA-2022-8062.html",
777
+ "https://errata.rockylinux.org/RLSA-2022:7622",
778
+ "https://linux.oracle.com/cve/CVE-2022-30698.html",
779
+ "https://linux.oracle.com/errata/ELSA-2022-8062.html",
780
+ "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html",
781
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/",
782
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/",
783
+ "https://nvd.nist.gov/vuln/detail/CVE-2022-30698",
784
+ "https://security.gentoo.org/glsa/202212-02",
785
+ "https://ubuntu.com/security/notices/USN-5569-1",
786
+ "https://www.cve.org/CVERecord?id=CVE-2022-30698",
787
+ "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
788
+ ],
789
+ "PublishedDate": "2022-08-01T15:15:09.84Z",
790
+ "LastModifiedDate": "2023-11-07T03:47:23.907Z"
791
+ },
792
+ {
793
+ "VulnerabilityID": "CVE-2022-30699",
794
+ "PkgID": "unbound-libs@1.7.3-14.el8.x86_64",
795
+ "PkgName": "unbound-libs",
796
+ "InstalledVersion": "1.7.3-14.el8",
797
+ "FixedVersion": "1.16.2-2.el8",
798
+ "Status": "fixed",
799
+ "Layer": {},
800
+ "SeveritySource": "alma",
801
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30699",
802
+ "DataSource": {
803
+ "ID": "alma",
804
+ "Name": "AlmaLinux Product Errata",
805
+ "URL": "https://errata.almalinux.org/"
806
+ },
807
+ "Title": "unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names",
808
+ "Description": "NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.",
809
+ "Severity": "MEDIUM",
810
+ "CweIDs": [
811
+ "CWE-613"
812
+ ],
813
+ "VendorSeverity": {
814
+ "alma": 2,
815
+ "amazon": 2,
816
+ "cbl-mariner": 2,
817
+ "nvd": 2,
818
+ "oracle-oval": 2,
819
+ "photon": 2,
820
+ "redhat": 2,
821
+ "rocky": 2,
822
+ "ubuntu": 2
823
+ },
824
+ "CVSS": {
825
+ "nvd": {
826
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
827
+ "V3Score": 6.5
828
+ },
829
+ "redhat": {
830
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
831
+ "V3Score": 6.5
832
+ }
833
+ },
834
+ "References": [
835
+ "https://access.redhat.com/errata/RHSA-2022:8062",
836
+ "https://access.redhat.com/security/cve/CVE-2022-30699",
837
+ "https://bugzilla.redhat.com/2116725",
838
+ "https://bugzilla.redhat.com/2116729",
839
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1959468",
840
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2018806",
841
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2023549",
842
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2027735",
843
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2038251",
844
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2081958",
845
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2116725",
846
+ "https://bugzilla.redhat.com/show_bug.cgi?id=2116729",
847
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30698",
848
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30699",
849
+ "https://errata.almalinux.org/9/ALSA-2022-8062.html",
850
+ "https://errata.rockylinux.org/RLSA-2022:7622",
851
+ "https://linux.oracle.com/cve/CVE-2022-30699.html",
852
+ "https://linux.oracle.com/errata/ELSA-2022-8062.html",
853
+ "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html",
854
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/",
855
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/",
856
+ "https://nvd.nist.gov/vuln/detail/CVE-2022-30699",
857
+ "https://security.gentoo.org/glsa/202212-02",
858
+ "https://ubuntu.com/security/notices/USN-5569-1",
859
+ "https://www.cve.org/CVERecord?id=CVE-2022-30699",
860
+ "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
861
+ ],
862
+ "PublishedDate": "2022-08-01T15:15:09.89Z",
863
+ "LastModifiedDate": "2023-11-07T03:47:23.97Z"
864
+ },
865
+ {
866
+ "VulnerabilityID": "CVE-2022-3204",
867
+ "PkgID": "unbound-libs@1.7.3-14.el8.x86_64",
868
+ "PkgName": "unbound-libs",
869
+ "InstalledVersion": "1.7.3-14.el8",
870
+ "FixedVersion": "1.16.2-5.el8",
871
+ "Status": "fixed",
872
+ "Layer": {},
873
+ "SeveritySource": "alma",
874
+ "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3204",
875
+ "DataSource": {
876
+ "ID": "alma",
877
+ "Name": "AlmaLinux Product Errata",
878
+ "URL": "https://errata.almalinux.org/"
879
+ },
880
+ "Title": "unbound: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack)",
881
+ "Description": "A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.",
882
+ "Severity": "MEDIUM",
883
+ "CweIDs": [
884
+ "CWE-400"
885
+ ],
886
+ "VendorSeverity": {
887
+ "alma": 2,
888
+ "amazon": 2,
889
+ "cbl-mariner": 3,
890
+ "nvd": 3,
891
+ "oracle-oval": 2,
892
+ "photon": 3,
893
+ "redhat": 2,
894
+ "ubuntu": 2
895
+ },
896
+ "CVSS": {
897
+ "nvd": {
898
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
899
+ "V3Score": 7.5
900
+ },
901
+ "redhat": {
902
+ "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
903
+ "V3Score": 7.5
904
+ }
905
+ },
906
+ "References": [
907
+ "https://access.redhat.com/errata/RHSA-2023:2370",
908
+ "https://access.redhat.com/security/cve/CVE-2022-3204",
909
+ "https://bugzilla.redhat.com/2128947",
910
+ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3204",
911
+ "https://errata.almalinux.org/9/ALSA-2023-2370.html",
912
+ "https://linux.oracle.com/cve/CVE-2022-3204.html",
913
+ "https://linux.oracle.com/errata/ELSA-2023-2771.html",
914
+ "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html",
915
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/",
916
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/",
917
+ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/",
918
+ "https://nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt",
919
+ "https://nvd.nist.gov/vuln/detail/CVE-2022-3204",
920
+ "https://security.gentoo.org/glsa/202212-02",
921
+ "https://ubuntu.com/security/notices/USN-5732-1",
922
+ "https://www.cve.org/CVERecord?id=CVE-2022-3204",
923
+ "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt"
924
+ ],
925
+ "PublishedDate": "2022-09-26T14:15:11.007Z",
926
+ "LastModifiedDate": "2023-11-07T03:50:58.52Z"
927
+ }
928
+ ]
929
+ },
930
+ {
931
+ "Target": "etc/ssh/ssh_host_rsa_key",
932
+ "Class": "secret",
933
+ "Secrets": [
934
+ {
935
+ "RuleID": "private-key",
936
+ "Category": "AsymmetricPrivateKey",
937
+ "Severity": "HIGH",
938
+ "Title": "Asymmetric Private Key",
939
+ "StartLine": 1,
940
+ "EndLine": 1,
941
+ "Code": {
942
+ "Lines": [
943
+ {
944
+ "Number": 1,
945
+ "Content": "-----BEGIN OPENSSH PRIVATE KEY-----*************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRIVATE KEY-----",
946
+ "IsCause": true,
947
+ "Annotation": "",
948
+ "Truncated": false,
949
+ "Highlighted": "-----BEGIN OPENSSH PRIVATE KEY-----*************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRIVATE KEY-----",
950
+ "FirstCause": true,
951
+ "LastCause": true
952
+ },
953
+ {
954
+ "Number": 2,
955
+ "Content": "",
956
+ "IsCause": false,
957
+ "Annotation": "",
958
+ "Truncated": false,
959
+ "FirstCause": false,
960
+ "LastCause": false
961
+ }
962
+ ]
963
+ },
964
+ "Match": "BEGIN OPENSSH PRIVATE KEY-----*************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRI",
965
+ "Layer": {}
966
+ }
967
+ ]
968
+ },
969
+ {
970
+ "Target": "var/log/messages",
971
+ "Class": "secret",
972
+ "Secrets": [
973
+ {
974
+ "RuleID": "aws-secret-access-key",
975
+ "Category": "AWS",
976
+ "Severity": "CRITICAL",
977
+ "Title": "AWS Secret Access Key",
978
+ "StartLine": 962,
979
+ "EndLine": 962,
980
+ "Code": {
981
+ "Lines": [
982
+ {
983
+ "Number": 960,
984
+ "Content": "Dec 28 13:59:38 van-holbach kernel: registered taskstats version 1",
985
+ "IsCause": false,
986
+ "Annotation": "",
987
+ "Truncated": false,
988
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: registered taskstats version 1",
989
+ "FirstCause": false,
990
+ "LastCause": false
991
+ },
992
+ {
993
+ "Number": 961,
994
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loading compiled-in X.509 certificates",
995
+ "IsCause": false,
996
+ "Annotation": "",
997
+ "Truncated": false,
998
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loading compiled-in X.509 certificates",
999
+ "FirstCause": false,
1000
+ "LastCause": false
1001
+ },
1002
+ {
1003
+ "Number": 962,
1004
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1005
+ "IsCause": true,
1006
+ "Annotation": "",
1007
+ "Truncated": false,
1008
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1009
+ "FirstCause": true,
1010
+ "LastCause": true
1011
+ },
1012
+ {
1013
+ "Number": 963,
1014
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1015
+ "IsCause": false,
1016
+ "Annotation": "",
1017
+ "Truncated": false,
1018
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1019
+ "FirstCause": false,
1020
+ "LastCause": false
1021
+ }
1022
+ ]
1023
+ },
1024
+ "Match": "AlmaLinux kernel signing key: ****************************************'\nDec 28 13:59:38 va",
1025
+ "Layer": {}
1026
+ },
1027
+ {
1028
+ "RuleID": "aws-secret-access-key",
1029
+ "Category": "AWS",
1030
+ "Severity": "CRITICAL",
1031
+ "Title": "AWS Secret Access Key",
1032
+ "StartLine": 963,
1033
+ "EndLine": 963,
1034
+ "Code": {
1035
+ "Lines": [
1036
+ {
1037
+ "Number": 961,
1038
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loading compiled-in X.509 certificates",
1039
+ "IsCause": false,
1040
+ "Annotation": "",
1041
+ "Truncated": false,
1042
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loading compiled-in X.509 certificates",
1043
+ "FirstCause": false,
1044
+ "LastCause": false
1045
+ },
1046
+ {
1047
+ "Number": 962,
1048
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1049
+ "IsCause": false,
1050
+ "Annotation": "",
1051
+ "Truncated": false,
1052
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1053
+ "FirstCause": false,
1054
+ "LastCause": false
1055
+ },
1056
+ {
1057
+ "Number": 963,
1058
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1059
+ "IsCause": true,
1060
+ "Annotation": "",
1061
+ "Truncated": false,
1062
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1063
+ "FirstCause": true,
1064
+ "LastCause": true
1065
+ },
1066
+ {
1067
+ "Number": 964,
1068
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1069
+ "IsCause": false,
1070
+ "Annotation": "",
1071
+ "Truncated": false,
1072
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1073
+ "FirstCause": false,
1074
+ "LastCause": false
1075
+ }
1076
+ ]
1077
+ },
1078
+ "Match": "ux Driver update signing key: ****************************************'\nDec 28 13:59:38 va",
1079
+ "Layer": {}
1080
+ },
1081
+ {
1082
+ "RuleID": "aws-secret-access-key",
1083
+ "Category": "AWS",
1084
+ "Severity": "CRITICAL",
1085
+ "Title": "AWS Secret Access Key",
1086
+ "StartLine": 964,
1087
+ "EndLine": 964,
1088
+ "Code": {
1089
+ "Lines": [
1090
+ {
1091
+ "Number": 962,
1092
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1093
+ "IsCause": false,
1094
+ "Annotation": "",
1095
+ "Truncated": false,
1096
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1097
+ "FirstCause": false,
1098
+ "LastCause": false
1099
+ },
1100
+ {
1101
+ "Number": 963,
1102
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1103
+ "IsCause": false,
1104
+ "Annotation": "",
1105
+ "Truncated": false,
1106
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1107
+ "FirstCause": false,
1108
+ "LastCause": false
1109
+ },
1110
+ {
1111
+ "Number": 964,
1112
+ "Content": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1113
+ "IsCause": true,
1114
+ "Annotation": "",
1115
+ "Truncated": false,
1116
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1117
+ "FirstCause": true,
1118
+ "LastCause": true
1119
+ },
1120
+ {
1121
+ "Number": 965,
1122
+ "Content": "Dec 28 13:59:38 van-holbach kernel: zswap: loaded using pool lzo/zbud",
1123
+ "IsCause": false,
1124
+ "Annotation": "",
1125
+ "Truncated": false,
1126
+ "Highlighted": "Dec 28 13:59:38 van-holbach kernel: zswap: loaded using pool lzo/zbud",
1127
+ "FirstCause": false,
1128
+ "LastCause": false
1129
+ }
1130
+ ]
1131
+ },
1132
+ "Match": "AlmaLinux kpatch signing key: ****************************************'\nDec 28 13:59:38 va",
1133
+ "Layer": {}
1134
+ },
1135
+ {
1136
+ "RuleID": "aws-secret-access-key",
1137
+ "Category": "AWS",
1138
+ "Severity": "CRITICAL",
1139
+ "Title": "AWS Secret Access Key",
1140
+ "StartLine": 3249,
1141
+ "EndLine": 3249,
1142
+ "Code": {
1143
+ "Lines": [
1144
+ {
1145
+ "Number": 3247,
1146
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Asymmetric key parser 'x509' registered",
1147
+ "IsCause": false,
1148
+ "Annotation": "",
1149
+ "Truncated": false,
1150
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Asymmetric key parser 'x509' registered",
1151
+ "FirstCause": false,
1152
+ "LastCause": false
1153
+ },
1154
+ {
1155
+ "Number": 3248,
1156
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Running certificate verification selftests",
1157
+ "IsCause": false,
1158
+ "Annotation": "",
1159
+ "Truncated": false,
1160
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Running certificate verification selftests",
1161
+ "FirstCause": false,
1162
+ "LastCause": false
1163
+ },
1164
+ {
1165
+ "Number": 3249,
1166
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'Certificate verification self-testing key: ****************************************'",
1167
+ "IsCause": true,
1168
+ "Annotation": "",
1169
+ "Truncated": false,
1170
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'Certificate verification self-testing key: ****************************************'",
1171
+ "FirstCause": true,
1172
+ "LastCause": true
1173
+ },
1174
+ {
1175
+ "Number": 3250,
1176
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Block layer SCSI generic (bsg) driver version 0.4 loaded (major 247)",
1177
+ "IsCause": false,
1178
+ "Annotation": "",
1179
+ "Truncated": false,
1180
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Block layer SCSI generic (bsg) driver version 0.4 loaded (major 247)",
1181
+ "FirstCause": false,
1182
+ "LastCause": false
1183
+ }
1184
+ ]
1185
+ },
1186
+ "Match": "erification self-testing key: ****************************************'\nDec 29 14:15:56 va",
1187
+ "Layer": {}
1188
+ },
1189
+ {
1190
+ "RuleID": "aws-secret-access-key",
1191
+ "Category": "AWS",
1192
+ "Severity": "CRITICAL",
1193
+ "Title": "AWS Secret Access Key",
1194
+ "StartLine": 3356,
1195
+ "EndLine": 3356,
1196
+ "Code": {
1197
+ "Lines": [
1198
+ {
1199
+ "Number": 3354,
1200
+ "Content": "Dec 29 14:15:56 van-holbach kernel: registered taskstats version 1",
1201
+ "IsCause": false,
1202
+ "Annotation": "",
1203
+ "Truncated": false,
1204
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: registered taskstats version 1",
1205
+ "FirstCause": false,
1206
+ "LastCause": false
1207
+ },
1208
+ {
1209
+ "Number": 3355,
1210
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loading compiled-in X.509 certificates",
1211
+ "IsCause": false,
1212
+ "Annotation": "",
1213
+ "Truncated": false,
1214
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loading compiled-in X.509 certificates",
1215
+ "FirstCause": false,
1216
+ "LastCause": false
1217
+ },
1218
+ {
1219
+ "Number": 3356,
1220
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1221
+ "IsCause": true,
1222
+ "Annotation": "",
1223
+ "Truncated": false,
1224
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1225
+ "FirstCause": true,
1226
+ "LastCause": true
1227
+ },
1228
+ {
1229
+ "Number": 3357,
1230
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1231
+ "IsCause": false,
1232
+ "Annotation": "",
1233
+ "Truncated": false,
1234
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1235
+ "FirstCause": false,
1236
+ "LastCause": false
1237
+ }
1238
+ ]
1239
+ },
1240
+ "Match": "AlmaLinux kernel signing key: ****************************************'\nDec 29 14:15:56 va",
1241
+ "Layer": {}
1242
+ },
1243
+ {
1244
+ "RuleID": "aws-secret-access-key",
1245
+ "Category": "AWS",
1246
+ "Severity": "CRITICAL",
1247
+ "Title": "AWS Secret Access Key",
1248
+ "StartLine": 3357,
1249
+ "EndLine": 3357,
1250
+ "Code": {
1251
+ "Lines": [
1252
+ {
1253
+ "Number": 3355,
1254
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loading compiled-in X.509 certificates",
1255
+ "IsCause": false,
1256
+ "Annotation": "",
1257
+ "Truncated": false,
1258
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loading compiled-in X.509 certificates",
1259
+ "FirstCause": false,
1260
+ "LastCause": false
1261
+ },
1262
+ {
1263
+ "Number": 3356,
1264
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1265
+ "IsCause": false,
1266
+ "Annotation": "",
1267
+ "Truncated": false,
1268
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1269
+ "FirstCause": false,
1270
+ "LastCause": false
1271
+ },
1272
+ {
1273
+ "Number": 3357,
1274
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1275
+ "IsCause": true,
1276
+ "Annotation": "",
1277
+ "Truncated": false,
1278
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1279
+ "FirstCause": true,
1280
+ "LastCause": true
1281
+ },
1282
+ {
1283
+ "Number": 3358,
1284
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1285
+ "IsCause": false,
1286
+ "Annotation": "",
1287
+ "Truncated": false,
1288
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1289
+ "FirstCause": false,
1290
+ "LastCause": false
1291
+ }
1292
+ ]
1293
+ },
1294
+ "Match": "ux Driver update signing key: ****************************************'\nDec 29 14:15:56 va",
1295
+ "Layer": {}
1296
+ },
1297
+ {
1298
+ "RuleID": "aws-secret-access-key",
1299
+ "Category": "AWS",
1300
+ "Severity": "CRITICAL",
1301
+ "Title": "AWS Secret Access Key",
1302
+ "StartLine": 3358,
1303
+ "EndLine": 3358,
1304
+ "Code": {
1305
+ "Lines": [
1306
+ {
1307
+ "Number": 3356,
1308
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1309
+ "IsCause": false,
1310
+ "Annotation": "",
1311
+ "Truncated": false,
1312
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1313
+ "FirstCause": false,
1314
+ "LastCause": false
1315
+ },
1316
+ {
1317
+ "Number": 3357,
1318
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1319
+ "IsCause": false,
1320
+ "Annotation": "",
1321
+ "Truncated": false,
1322
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1323
+ "FirstCause": false,
1324
+ "LastCause": false
1325
+ },
1326
+ {
1327
+ "Number": 3358,
1328
+ "Content": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1329
+ "IsCause": true,
1330
+ "Annotation": "",
1331
+ "Truncated": false,
1332
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1333
+ "FirstCause": true,
1334
+ "LastCause": true
1335
+ },
1336
+ {
1337
+ "Number": 3359,
1338
+ "Content": "Dec 29 14:15:56 van-holbach kernel: zswap: loaded using pool lzo/zbud",
1339
+ "IsCause": false,
1340
+ "Annotation": "",
1341
+ "Truncated": false,
1342
+ "Highlighted": "Dec 29 14:15:56 van-holbach kernel: zswap: loaded using pool lzo/zbud",
1343
+ "FirstCause": false,
1344
+ "LastCause": false
1345
+ }
1346
+ ]
1347
+ },
1348
+ "Match": "AlmaLinux kpatch signing key: ****************************************'\nDec 29 14:15:56 va",
1349
+ "Layer": {}
1350
+ },
1351
+ {
1352
+ "RuleID": "aws-secret-access-key",
1353
+ "Category": "AWS",
1354
+ "Severity": "CRITICAL",
1355
+ "Title": "AWS Secret Access Key",
1356
+ "StartLine": 4816,
1357
+ "EndLine": 4816,
1358
+ "Code": {
1359
+ "Lines": [
1360
+ {
1361
+ "Number": 4814,
1362
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Asymmetric key parser 'x509' registered",
1363
+ "IsCause": false,
1364
+ "Annotation": "",
1365
+ "Truncated": false,
1366
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Asymmetric key parser 'x509' registered",
1367
+ "FirstCause": false,
1368
+ "LastCause": false
1369
+ },
1370
+ {
1371
+ "Number": 4815,
1372
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Running certificate verification selftests",
1373
+ "IsCause": false,
1374
+ "Annotation": "",
1375
+ "Truncated": false,
1376
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Running certificate verification selftests",
1377
+ "FirstCause": false,
1378
+ "LastCause": false
1379
+ },
1380
+ {
1381
+ "Number": 4816,
1382
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'Certificate verification self-testing key: ****************************************'",
1383
+ "IsCause": true,
1384
+ "Annotation": "",
1385
+ "Truncated": false,
1386
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'Certificate verification self-testing key: ****************************************'",
1387
+ "FirstCause": true,
1388
+ "LastCause": true
1389
+ },
1390
+ {
1391
+ "Number": 4817,
1392
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Block layer SCSI generic (bsg) driver version 0.4 loaded (major 247)",
1393
+ "IsCause": false,
1394
+ "Annotation": "",
1395
+ "Truncated": false,
1396
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Block layer SCSI generic (bsg) driver version 0.4 loaded (major 247)",
1397
+ "FirstCause": false,
1398
+ "LastCause": false
1399
+ }
1400
+ ]
1401
+ },
1402
+ "Match": "erification self-testing key: ****************************************'\nDec 29 14:21:20 va",
1403
+ "Layer": {}
1404
+ },
1405
+ {
1406
+ "RuleID": "aws-secret-access-key",
1407
+ "Category": "AWS",
1408
+ "Severity": "CRITICAL",
1409
+ "Title": "AWS Secret Access Key",
1410
+ "StartLine": 4923,
1411
+ "EndLine": 4923,
1412
+ "Code": {
1413
+ "Lines": [
1414
+ {
1415
+ "Number": 4921,
1416
+ "Content": "Dec 29 14:21:20 van-holbach kernel: registered taskstats version 1",
1417
+ "IsCause": false,
1418
+ "Annotation": "",
1419
+ "Truncated": false,
1420
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: registered taskstats version 1",
1421
+ "FirstCause": false,
1422
+ "LastCause": false
1423
+ },
1424
+ {
1425
+ "Number": 4922,
1426
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loading compiled-in X.509 certificates",
1427
+ "IsCause": false,
1428
+ "Annotation": "",
1429
+ "Truncated": false,
1430
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loading compiled-in X.509 certificates",
1431
+ "FirstCause": false,
1432
+ "LastCause": false
1433
+ },
1434
+ {
1435
+ "Number": 4923,
1436
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1437
+ "IsCause": true,
1438
+ "Annotation": "",
1439
+ "Truncated": false,
1440
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1441
+ "FirstCause": true,
1442
+ "LastCause": true
1443
+ },
1444
+ {
1445
+ "Number": 4924,
1446
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1447
+ "IsCause": false,
1448
+ "Annotation": "",
1449
+ "Truncated": false,
1450
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1451
+ "FirstCause": false,
1452
+ "LastCause": false
1453
+ }
1454
+ ]
1455
+ },
1456
+ "Match": "AlmaLinux kernel signing key: ****************************************'\nDec 29 14:21:20 va",
1457
+ "Layer": {}
1458
+ },
1459
+ {
1460
+ "RuleID": "aws-secret-access-key",
1461
+ "Category": "AWS",
1462
+ "Severity": "CRITICAL",
1463
+ "Title": "AWS Secret Access Key",
1464
+ "StartLine": 4924,
1465
+ "EndLine": 4924,
1466
+ "Code": {
1467
+ "Lines": [
1468
+ {
1469
+ "Number": 4922,
1470
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loading compiled-in X.509 certificates",
1471
+ "IsCause": false,
1472
+ "Annotation": "",
1473
+ "Truncated": false,
1474
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loading compiled-in X.509 certificates",
1475
+ "FirstCause": false,
1476
+ "LastCause": false
1477
+ },
1478
+ {
1479
+ "Number": 4923,
1480
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1481
+ "IsCause": false,
1482
+ "Annotation": "",
1483
+ "Truncated": false,
1484
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1485
+ "FirstCause": false,
1486
+ "LastCause": false
1487
+ },
1488
+ {
1489
+ "Number": 4924,
1490
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1491
+ "IsCause": true,
1492
+ "Annotation": "",
1493
+ "Truncated": false,
1494
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1495
+ "FirstCause": true,
1496
+ "LastCause": true
1497
+ },
1498
+ {
1499
+ "Number": 4925,
1500
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1501
+ "IsCause": false,
1502
+ "Annotation": "",
1503
+ "Truncated": false,
1504
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1505
+ "FirstCause": false,
1506
+ "LastCause": false
1507
+ }
1508
+ ]
1509
+ },
1510
+ "Match": "ux Driver update signing key: ****************************************'\nDec 29 14:21:20 va",
1511
+ "Layer": {}
1512
+ },
1513
+ {
1514
+ "RuleID": "aws-secret-access-key",
1515
+ "Category": "AWS",
1516
+ "Severity": "CRITICAL",
1517
+ "Title": "AWS Secret Access Key",
1518
+ "StartLine": 4925,
1519
+ "EndLine": 4925,
1520
+ "Code": {
1521
+ "Lines": [
1522
+ {
1523
+ "Number": 4923,
1524
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1525
+ "IsCause": false,
1526
+ "Annotation": "",
1527
+ "Truncated": false,
1528
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kernel signing key: ****************************************'",
1529
+ "FirstCause": false,
1530
+ "LastCause": false
1531
+ },
1532
+ {
1533
+ "Number": 4924,
1534
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1535
+ "IsCause": false,
1536
+ "Annotation": "",
1537
+ "Truncated": false,
1538
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux Driver update signing key: ****************************************'",
1539
+ "FirstCause": false,
1540
+ "LastCause": false
1541
+ },
1542
+ {
1543
+ "Number": 4925,
1544
+ "Content": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1545
+ "IsCause": true,
1546
+ "Annotation": "",
1547
+ "Truncated": false,
1548
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: Loaded X.509 cert 'AlmaLinux kpatch signing key: ****************************************'",
1549
+ "FirstCause": true,
1550
+ "LastCause": true
1551
+ },
1552
+ {
1553
+ "Number": 4926,
1554
+ "Content": "Dec 29 14:21:20 van-holbach kernel: zswap: loaded using pool lzo/zbud",
1555
+ "IsCause": false,
1556
+ "Annotation": "",
1557
+ "Truncated": false,
1558
+ "Highlighted": "Dec 29 14:21:20 van-holbach kernel: zswap: loaded using pool lzo/zbud",
1559
+ "FirstCause": false,
1560
+ "LastCause": false
1561
+ }
1562
+ ]
1563
+ },
1564
+ "Match": "AlmaLinux kpatch signing key: ****************************************'\nDec 29 14:21:20 va",
1565
+ "Layer": {}
1566
+ }
1567
+ ]
1568
+ },
1569
+ {
1570
+ "Target": "etc/pki/consumer/key.pem",
1571
+ "Class": "secret",
1572
+ "Secrets": [
1573
+ {
1574
+ "RuleID": "private-key",
1575
+ "Category": "AsymmetricPrivateKey",
1576
+ "Severity": "HIGH",
1577
+ "Title": "Asymmetric Private Key",
1578
+ "StartLine": 1,
1579
+ "EndLine": 1,
1580
+ "Code": {
1581
+ "Lines": [
1582
+ {
1583
+ "Number": 1,
1584
+ "Content": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
1585
+ "IsCause": true,
1586
+ "Annotation": "",
1587
+ "Truncated": false,
1588
+ "Highlighted": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
1589
+ "FirstCause": true,
1590
+ "LastCause": true
1591
+ },
1592
+ {
1593
+ "Number": 2,
1594
+ "Content": "",
1595
+ "IsCause": false,
1596
+ "Annotation": "",
1597
+ "Truncated": false,
1598
+ "FirstCause": false,
1599
+ "LastCause": false
1600
+ }
1601
+ ]
1602
+ },
1603
+ "Match": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
1604
+ "Layer": {}
1605
+ }
1606
+ ]
1607
+ },
1608
+ {
1609
+ "Target": "etc/pki/entitlement/7267035714220274546-key.pem",
1610
+ "Class": "secret",
1611
+ "Secrets": [
1612
+ {
1613
+ "RuleID": "private-key",
1614
+ "Category": "AsymmetricPrivateKey",
1615
+ "Severity": "HIGH",
1616
+ "Title": "Asymmetric Private Key",
1617
+ "StartLine": 1,
1618
+ "EndLine": 1,
1619
+ "Code": {
1620
+ "Lines": [
1621
+ {
1622
+ "Number": 1,
1623
+ "Content": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
1624
+ "IsCause": true,
1625
+ "Annotation": "",
1626
+ "Truncated": false,
1627
+ "Highlighted": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
1628
+ "FirstCause": true,
1629
+ "LastCause": true
1630
+ },
1631
+ {
1632
+ "Number": 2,
1633
+ "Content": "",
1634
+ "IsCause": false,
1635
+ "Annotation": "",
1636
+ "Truncated": false,
1637
+ "FirstCause": false,
1638
+ "LastCause": false
1639
+ }
1640
+ ]
1641
+ },
1642
+ "Match": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
1643
+ "Layer": {}
1644
+ }
1645
+ ]
1646
+ },
1647
+ {
1648
+ "Target": "etc/pki/entitlement/7984572981855230469-key.pem",
1649
+ "Class": "secret",
1650
+ "Secrets": [
1651
+ {
1652
+ "RuleID": "private-key",
1653
+ "Category": "AsymmetricPrivateKey",
1654
+ "Severity": "HIGH",
1655
+ "Title": "Asymmetric Private Key",
1656
+ "StartLine": 1,
1657
+ "EndLine": 1,
1658
+ "Code": {
1659
+ "Lines": [
1660
+ {
1661
+ "Number": 1,
1662
+ "Content": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
1663
+ "IsCause": true,
1664
+ "Annotation": "",
1665
+ "Truncated": false,
1666
+ "Highlighted": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY-----",
1667
+ "FirstCause": true,
1668
+ "LastCause": true
1669
+ },
1670
+ {
1671
+ "Number": 2,
1672
+ "Content": "",
1673
+ "IsCause": false,
1674
+ "Annotation": "",
1675
+ "Truncated": false,
1676
+ "FirstCause": false,
1677
+ "LastCause": false
1678
+ }
1679
+ ]
1680
+ },
1681
+ "Match": "-----BEGIN PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
1682
+ "Layer": {}
1683
+ }
1684
+ ]
1685
+ },
1686
+ {
1687
+ "Target": "etc/ssh/ssh_host_ecdsa_key",
1688
+ "Class": "secret",
1689
+ "Secrets": [
1690
+ {
1691
+ "RuleID": "private-key",
1692
+ "Category": "AsymmetricPrivateKey",
1693
+ "Severity": "HIGH",
1694
+ "Title": "Asymmetric Private Key",
1695
+ "StartLine": 1,
1696
+ "EndLine": 1,
1697
+ "Code": {
1698
+ "Lines": [
1699
+ {
1700
+ "Number": 1,
1701
+ "Content": "-----BEGIN OPENSSH PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRIVATE KEY-----",
1702
+ "IsCause": true,
1703
+ "Annotation": "",
1704
+ "Truncated": false,
1705
+ "Highlighted": "-----BEGIN OPENSSH PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRIVATE KEY-----",
1706
+ "FirstCause": true,
1707
+ "LastCause": true
1708
+ },
1709
+ {
1710
+ "Number": 2,
1711
+ "Content": "",
1712
+ "IsCause": false,
1713
+ "Annotation": "",
1714
+ "Truncated": false,
1715
+ "FirstCause": false,
1716
+ "LastCause": false
1717
+ }
1718
+ ]
1719
+ },
1720
+ "Match": "BEGIN OPENSSH PRIVATE KEY-----***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRI",
1721
+ "Layer": {}
1722
+ }
1723
+ ]
1724
+ },
1725
+ {
1726
+ "Target": "etc/ssh/ssh_host_ed25519_key",
1727
+ "Class": "secret",
1728
+ "Secrets": [
1729
+ {
1730
+ "RuleID": "private-key",
1731
+ "Category": "AsymmetricPrivateKey",
1732
+ "Severity": "HIGH",
1733
+ "Title": "Asymmetric Private Key",
1734
+ "StartLine": 1,
1735
+ "EndLine": 1,
1736
+ "Code": {
1737
+ "Lines": [
1738
+ {
1739
+ "Number": 1,
1740
+ "Content": "-----BEGIN OPENSSH PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRIVATE KEY-----",
1741
+ "IsCause": true,
1742
+ "Annotation": "",
1743
+ "Truncated": false,
1744
+ "Highlighted": "-----BEGIN OPENSSH PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRIVATE KEY-----",
1745
+ "FirstCause": true,
1746
+ "LastCause": true
1747
+ },
1748
+ {
1749
+ "Number": 2,
1750
+ "Content": "",
1751
+ "IsCause": false,
1752
+ "Annotation": "",
1753
+ "Truncated": false,
1754
+ "FirstCause": false,
1755
+ "LastCause": false
1756
+ }
1757
+ ]
1758
+ },
1759
+ "Match": "BEGIN OPENSSH PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************-----END OPENSSH PRI",
1760
+ "Layer": {}
1761
+ }
1762
+ ]
1763
+ }
1764
+ ]
1765
+ }