regscale-cli 6.19.0.1__py3-none-any.whl → 6.19.2.0__py3-none-any.whl

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,187 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.04.25",
-    "dateReleased": "2025-04-25T18:02:32.6749Z",
-    "count": 1323,
+    "catalogVersion": "2025.05.08",
+    "dateReleased": "2025-05-08T15:49:01.7238Z",
+    "count": 1335,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2024-11120",
+            "vendorProject": "GeoVision",
+            "product": "Multiple Devices",
+            "vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
+            "dateAdded": "2025-05-07",
+            "shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/dlcdn.geovision.com.tw\/TechNotice\/CyberSecurity\/Security_Advisory_IP_Device_2024-11.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11120",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-6047",
+            "vendorProject": "GeoVision",
+            "product": "Multiple Devices",
+            "vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
+            "dateAdded": "2025-05-07",
+            "shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/dlcdn.geovision.com.tw\/TechNotice\/CyberSecurity\/Security_Advisory_IP_Device_2024-11.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-6047",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-27363",
+            "vendorProject": "FreeType",
+            "product": "FreeType",
+            "vulnerabilityName": "FreeType Out-of-Bounds Write Vulnerability",
+            "dateAdded": "2025-05-06",
+            "shortDescription": "FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-27",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/source.android.com\/docs\/security\/bulletin\/2025-05-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27363",
+            "cwes": [
+                "CWE-787"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-3248",
+            "vendorProject": "Langflow",
+            "product": "Langflow",
+            "vulnerabilityName": "Langflow Missing Authentication Vulnerability",
+            "dateAdded": "2025-05-05",
+            "shortDescription": "Langflow contains a missing authentication vulnerability in the \/api\/v1\/validate\/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-26",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/advisories\/GHSA-c995-4fw3-j39m ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3248",
+            "cwes": [
+                "CWE-306"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-34028",
+            "vendorProject": "Commvault",
+            "product": "Command Center",
+            "vulnerabilityName": "Commvault Command Center Path Traversal Vulnerability",
+            "dateAdded": "2025-05-02",
+            "shortDescription": "Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/documentation.commvault.com\/securityadvisories\/CV_2025_04_1.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34028",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-58136",
+            "vendorProject": "Yiiframework",
+            "product": "Yii",
+            "vulnerabilityName": "Yiiframework Yii Improper Protection of Alternate Path Vulnerability",
+            "dateAdded": "2025-05-02",
+            "shortDescription": "Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including\u2014but not limited to\u2014Craft CMS, as represented by CVE-2025-32432.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/www.yiiframework.com\/news\/709\/please-upgrade-to-yii-2-0-52 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-58136",
+            "cwes": [
+                "CWE-424"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-38475",
+            "vendorProject": "Apache",
+            "product": "HTTP Server",
+            "vulnerabilityName": "Apache HTTP Server Improper Escaping of Output Vulnerability",
+            "dateAdded": "2025-05-01",
+            "shortDescription": "Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally\/directly reachable by any URL, resulting in code execution or source code disclosure.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-22",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-38475",
+            "cwes": [
+                "CWE-116"
+            ]
+        },
+        {
+            "cveID": "CVE-2023-44221",
+            "vendorProject": "SonicWall",
+            "product": "SMA100 Appliances",
+            "vulnerabilityName": "SonicWall SMA100 Appliances OS Command Injection Vulnerability",
+            "dateAdded": "2025-05-01",
+            "shortDescription": "SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-22",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2023-0018 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44221",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-31324",
+            "vendorProject": "SAP",
+            "product": "NetWeaver",
+            "vulnerabilityName": "SAP NetWeaver Unrestricted File Upload Vulnerability",
+            "dateAdded": "2025-04-29",
+            "shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/me.sap.com\/notes\/3594142 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31324",
+            "cwes": [
+                "CWE-434"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-1976",
+            "vendorProject": "Broadcom",
+            "product": "Brocade Fabric OS",
+            "vulnerabilityName": "Broadcom Brocade Fabric OS Code Injection Vulnerability",
+            "dateAdded": "2025-04-28",
+            "shortDescription": "Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-19",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/25602 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-1976",
+            "cwes": [
+                "CWE-94"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-42599",
+            "vendorProject": "Qualitia",
+            "product": "Active! Mail",
+            "vulnerabilityName": "Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability",
+            "dateAdded": "2025-04-28",
+            "shortDescription": "Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-19",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.qualitia.com\/jp\/news\/2025\/04\/18_1030.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-42599",
+            "cwes": [
+                "CWE-121"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-3928",
+            "vendorProject": "Commvault",
+            "product": "Web Server",
+            "vulnerabilityName": "Commvault Web Server Unspecified Vulnerability",
+            "dateAdded": "2025-04-28",
+            "shortDescription": "Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-05-19",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/documentation.commvault.com\/securityadvisories\/CV_2025_03_1.html;   https:\/\/www.commvault.com\/blogs\/notice-security-advisory-update;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3928      ",
+            "cwes": []
+        },
         {
             "cveID": "CVE-2025-24054",
             "vendorProject": "Microsoft",
@@ -138,14 +316,14 @@
         {
             "cveID": "CVE-2025-22457",
             "vendorProject": "Ivanti",
-            "product": "Connect Secure, Policy Secure and ZTA Gateways",
-            "vulnerabilityName": "Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
+            "product": "Connect Secure, Policy Secure, and ZTA Gateways",
+            "vulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
             "dateAdded": "2025-04-04",
-            "shortDescription": "Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
+            "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
             "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
             "dueDate": "2025-04-11",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457) ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
             "cwes": [
                 "CWE-121"
             ]
@@ -160,7 +338,7 @@
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-04-22",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813",
             "cwes": [
                 "CWE-44",
                 "CWE-502"
@@ -1043,7 +1221,7 @@
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-02-25",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
             "cwes": [
                 "CWE-425"
             ]
@@ -2205,7 +2383,7 @@
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-10-09",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see:  https:\/\/lists.apache.org\/thread\/nx6g6htyhpgtzsocybm242781o8w5kq9  ;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27348",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see:  https:\/\/lists.apache.org\/thread\/nx6g6htyhpgtzsocybm242781o8w5kq9 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27348",
             "cwes": [
                 "CWE-284"
             ]

regscale/models/integration_models/flat_file_importer/__init__.py

@@ -10,16 +10,17 @@ from abc import ABC, abstractmethod
 from collections import namedtuple
 from datetime import datetime, timedelta
 from os import PathLike
-from typing import Any, Callable, Generator, Iterator, List, Optional, Sequence, TextIO, Tuple, Union, TYPE_CHECKING
+from typing import TYPE_CHECKING, Any, Callable, Generator, Iterator, List, Optional, Sequence, TextIO, Tuple, Union
 
 if TYPE_CHECKING:
     from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
 
+from pathlib import Path
+
 import click
 import requests
 import xmltodict
 from openpyxl.reader.excel import load_workbook
-from pathlib import Path
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
@@ -237,12 +238,13 @@ class FlatFileImporter(ABC):
             asset_id = vuln.dns or vuln.ipAddress
             if not asset_id:
                 return None
-
             severity = self.finding_severity_map.get(vuln.severity.capitalize(), regscale_models.IssueSeverity.Low)
             status = self.map_status_to_issue_status(vuln.status)
             cve: Optional[str] = getattr(vuln, "cve", "")
             extract_vuln: Any = self.extract_ghsa_strings(getattr(vuln, "plugInName", ""))
             plugin_name = getattr(vuln, "plugInName", getattr(vuln, "title", ""))
+            plugin_id = str(vuln.plugInId) if vuln.plugInId else ""
+            non_cve_identifier = self.determine_non_cve_identifier(cve)
             if not self.assert_valid_cve(cve):
                 if isinstance(extract_vuln, list):
                     cve = ", ".join(extract_vuln)
@@ -251,7 +253,8 @@ class FlatFileImporter(ABC):
                     # with CVE or not.
                     cve = extract_vuln
             if not self.assert_valid_cve(cve):
-                plugin_name = cve
+                if not non_cve_identifier:
+                    plugin_name = cve
                 cve = ""
             remediation_description = ""
             if remediation := vuln.extra_data.get("solution"):
@@ -269,18 +272,19 @@ class FlatFileImporter(ABC):
                 severity=severity,
                 status=status,
                 asset_identifier=asset_id,
-                external_id=str(vuln.plugInId),
-                rule_id=str(vuln.plugInId),
+                external_id=non_cve_identifier or plugin_id,
+                rule_id=plugin_id,
                 first_seen=vuln.firstSeen,
                 last_seen=vuln.lastSeen,
                 remediation=remediation_description,
                 cvss_score=vuln.vprScore,
                 cve=cve,
                 cvss_v3_base_score=vuln.cvsSv3BaseScore,
-                source_rule_id=str(vuln.plugInId),
+                source_rule_id=plugin_id,
                 vulnerability_type="Vulnerability Scan",
                 baseline=f"{self.name} Host",
                 results=vuln.title,
+                plugin_id=plugin_id or non_cve_identifier or plugin_name,
                 plugin_name=plugin_name,
                 date_created=vuln.firstSeen,
                 date_last_updated=vuln.lastSeen,
@@ -838,10 +842,10 @@ class FlatFileImporter(ABC):
         :param str aws_profile: The AWS profile to use for S3 access
         :param Optional[bool] upload_file: Whether to upload the file to RegScale after processing, defaults to True
         """
-        from regscale.core.app.utils.file_utils import download_from_s3
-        from regscale.validation.record import validate_regscale_object
         from regscale.core.app.application import Application
+        from regscale.core.app.utils.file_utils import download_from_s3
         from regscale.exceptions import ValidationException
+        from regscale.validation.record import validate_regscale_object
 
         if s3_bucket:
             download_from_s3(s3_bucket, s3_prefix, folder_path, aws_profile)
@@ -890,6 +894,7 @@ class FlatFileImporter(ABC):
         :rtype: Callable[[Callable], click.option]
         """
         import os
+
         from regscale.models.app_models.click import NotRequiredIf
 
         mapping_dir = os.path.join("./", "mappings", import_name)
@@ -1101,3 +1106,15 @@ class FlatFileImporter(ABC):
         """
         pattern = r"^CVE-\d{4}-\d{4,}$"
         return bool(re.match(pattern, cve))
+
+    @staticmethod
+    def determine_non_cve_identifier(vuln_id: str) -> str:
+        """
+        Determine the non-CVE identifier based on the CVE string
+
+        :param str vuln_id: The Vulnerability Identifier string
+        :return: The non-CVE identifier
+        :rtype: str
+        """
+        match_regex = "^(?:(?:ALSA|ALSA2|ALAS|ALAS2|ELSA)-(?:19|20)\\d{2}-\\d{4,5}|GHSA-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4})$"
+        return vuln_id if re.match(match_regex, vuln_id) else ""