regscale-cli 6.19.1.0__py3-none-any.whl → 6.19.2.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of regscale-cli might be problematic. Click here for more details.
- regscale/__init__.py +1 -1
- regscale/integrations/commercial/amazon/common.py +5 -4
- regscale/integrations/commercial/aws/scanner.py +3 -2
- regscale/integrations/commercial/synqly/assets.py +10 -0
- regscale/integrations/commercial/synqly/ticketing.py +25 -0
- regscale/integrations/commercial/wizv2/click.py +3 -3
- regscale/integrations/scanner_integration.py +1 -1
- regscale/models/app_models/import_validater.py +2 -0
- regscale/models/integration_models/cisa_kev_data.json +188 -10
- regscale/models/integration_models/flat_file_importer/__init__.py +26 -9
- regscale/models/integration_models/synqly_models/capabilities.json +1 -1
- regscale/models/regscale_models/regscale_model.py +16 -15
- regscale/utils/graphql_client.py +2 -1
- {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.19.2.0.dist-info}/METADATA +41 -41
- {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.19.2.0.dist-info}/RECORD +19 -19
- {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.19.2.0.dist-info}/LICENSE +0 -0
- {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.19.2.0.dist-info}/WHEEL +0 -0
- {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.19.2.0.dist-info}/entry_points.txt +0 -0
- {regscale_cli-6.19.1.0.dist-info → regscale_cli-6.19.2.0.dist-info}/top_level.txt +0 -0
regscale/__init__.py
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
__version__ = "6.19.
|
|
1
|
+
__version__ = "6.19.2.0"
|
|
@@ -56,17 +56,18 @@ def determine_status_and_results(finding: Any) -> Tuple[str, Optional[str]]:
|
|
|
56
56
|
results = None
|
|
57
57
|
if "Compliance" in finding.keys():
|
|
58
58
|
status = "Fail" if finding["Compliance"]["Status"] == "FAILED" else "Pass"
|
|
59
|
-
results = ", ".join(finding
|
|
59
|
+
results = ", ".join(finding.get("Compliance", {}).get("RelatedRequirements", [])) or "N/A"
|
|
60
60
|
if "FindingProviderFields" in finding.keys():
|
|
61
61
|
status = (
|
|
62
62
|
"Fail"
|
|
63
|
-
if finding
|
|
63
|
+
if finding.get("FindingProviderFields", {}).get("Severity", {}).get("Label", "")
|
|
64
|
+
in ["CRITICAL", "HIGH", "MEDIUM", "LOW"]
|
|
64
65
|
else "Pass"
|
|
65
66
|
)
|
|
66
67
|
if "PatchSummary" in finding.keys() and not results:
|
|
67
68
|
results = (
|
|
68
|
-
f"{finding
|
|
69
|
-
"{finding
|
|
69
|
+
f"{finding.get('PatchSummary', {}).get('MissingCount', 0)} Missing Patch(s) of "
|
|
70
|
+
"{finding.get('PatchSummary', {}).get('InstalledCount', 0)}"
|
|
70
71
|
)
|
|
71
72
|
return status, results
|
|
72
73
|
|
|
@@ -711,12 +711,13 @@ Description: {description if isinstance(description, str) else ''}"""
|
|
|
711
711
|
)
|
|
712
712
|
if not region:
|
|
713
713
|
logger.warning("AWS region not provided. Defaulting to 'us-east-1'.")
|
|
714
|
-
|
|
715
|
-
"securityhub",
|
|
714
|
+
session = boto3.Session(
|
|
716
715
|
region_name=kwargs.get(region, "us-east-1"),
|
|
717
716
|
aws_access_key_id=aws_secret_key_id,
|
|
718
717
|
aws_secret_access_key=aws_secret_access_key,
|
|
718
|
+
aws_session_token=kwargs.get("aws_session_token"),
|
|
719
719
|
)
|
|
720
|
+
client = session.client("securityhub")
|
|
720
721
|
aws_findings = fetch_aws_findings(aws_client=client)
|
|
721
722
|
self.num_findings_to_process = len(aws_findings)
|
|
722
723
|
for finding in aws_findings:
|
|
@@ -33,6 +33,16 @@ def sync_nozomi_vantage(regscale_ssp_id: int) -> None:
|
|
|
33
33
|
assets_nozomi_vantage.run_sync(regscale_ssp_id=regscale_ssp_id)
|
|
34
34
|
|
|
35
35
|
|
|
36
|
+
@assets.command(name="sync_qualys_cloud")
|
|
37
|
+
@regscale_ssp_id()
|
|
38
|
+
def sync_qualys_cloud(regscale_ssp_id: int) -> None:
|
|
39
|
+
"""Sync Assets from Qualys Cloud to RegScale."""
|
|
40
|
+
from regscale.models.integration_models.synqly_models.connectors import Assets
|
|
41
|
+
|
|
42
|
+
assets_qualys_cloud = Assets("qualys_cloud")
|
|
43
|
+
assets_qualys_cloud.run_sync(regscale_ssp_id=regscale_ssp_id)
|
|
44
|
+
|
|
45
|
+
|
|
36
46
|
@assets.command(name="sync_servicenow")
|
|
37
47
|
@regscale_ssp_id()
|
|
38
48
|
def sync_servicenow(regscale_ssp_id: int) -> None:
|
|
@@ -158,4 +158,29 @@ def sync_torq(regscale_id: int, regscale_module: str, name: str) -> None:
|
|
|
158
158
|
ticketing_torq.run_sync(regscale_id=regscale_id, regscale_module=regscale_module, name=name)
|
|
159
159
|
|
|
160
160
|
|
|
161
|
+
@ticketing.command(name="sync_zendesk")
|
|
162
|
+
@regscale_id()
|
|
163
|
+
@regscale_module()
|
|
164
|
+
@click.option(
|
|
165
|
+
"--name",
|
|
166
|
+
type=click.STRING,
|
|
167
|
+
help="zendesk name",
|
|
168
|
+
required=True,
|
|
169
|
+
prompt="zendesk name",
|
|
170
|
+
)
|
|
171
|
+
@click.option(
|
|
172
|
+
"--subject",
|
|
173
|
+
type=click.STRING,
|
|
174
|
+
help="zendesk subject",
|
|
175
|
+
required=True,
|
|
176
|
+
prompt="zendesk subject",
|
|
177
|
+
)
|
|
178
|
+
def sync_zendesk(regscale_id: int, regscale_module: str, name: str, subject: str) -> None:
|
|
179
|
+
"""Sync Ticketing data between Zendesk and RegScale."""
|
|
180
|
+
from regscale.models.integration_models.synqly_models.connectors import Ticketing
|
|
181
|
+
|
|
182
|
+
ticketing_zendesk = Ticketing("zendesk")
|
|
183
|
+
ticketing_zendesk.run_sync(regscale_id=regscale_id, regscale_module=regscale_module, name=name, subject=subject)
|
|
184
|
+
|
|
185
|
+
|
|
161
186
|
# pylint: enable=line-too-long
|
|
@@ -128,7 +128,7 @@ def inventory(
|
|
|
128
128
|
)
|
|
129
129
|
def issues(
|
|
130
130
|
wiz_project_id: str,
|
|
131
|
-
|
|
131
|
+
regscale_ssp_id: int,
|
|
132
132
|
client_id: str,
|
|
133
133
|
client_secret: str,
|
|
134
134
|
filter_by_override: Optional[str] = None,
|
|
@@ -152,9 +152,9 @@ def issues(
|
|
|
152
152
|
|
|
153
153
|
filter_by["project"] = wiz_project_id
|
|
154
154
|
|
|
155
|
-
scanner = WizIssue(plan_id=
|
|
155
|
+
scanner = WizIssue(plan_id=regscale_ssp_id)
|
|
156
156
|
scanner.sync_findings(
|
|
157
|
-
plan_id=
|
|
157
|
+
plan_id=regscale_ssp_id,
|
|
158
158
|
filter_by_override=filter_by_override, # type: ignore
|
|
159
159
|
client_id=client_id, # type: ignore
|
|
160
160
|
client_secret=client_secret, # type: ignore
|
|
@@ -2259,7 +2259,7 @@ class ScannerIntegration(ABC):
|
|
|
2259
2259
|
self.handle_passing_checklist(finding=finding, plan_id=self.plan_id)
|
|
2260
2260
|
|
|
2261
2261
|
# Process vulnerability if applicable
|
|
2262
|
-
if finding.status != regscale_models.IssueStatus.Closed:
|
|
2262
|
+
if finding.status != regscale_models.IssueStatus.Closed or ScannerVariables.ingestClosedIssues:
|
|
2263
2263
|
if asset := self.get_asset_by_identifier(finding.asset_identifier):
|
|
2264
2264
|
if vulnerability_id := self.handle_vulnerability(finding, asset, scan_history):
|
|
2265
2265
|
current_vulnerabilities[asset.id].add(vulnerability_id)
|
|
@@ -183,6 +183,8 @@ class ImportValidater:
|
|
|
183
183
|
df = pandas.read_csv(file_path, skiprows=self.skip_rows - 1, on_bad_lines="warn")
|
|
184
184
|
else:
|
|
185
185
|
df = pandas.read_csv(file_path, on_bad_lines="warn")
|
|
186
|
+
if self.ignore_unnamed:
|
|
187
|
+
df = df.loc[:, ~df.columns.str.contains("^Unnamed")]
|
|
186
188
|
except pandas.errors.ParserError:
|
|
187
189
|
raise ValidationException(f"Unable to parse the {CSV} file: {file_path}")
|
|
188
190
|
self.validate_headers(df.columns)
|
|
@@ -1,9 +1,187 @@
|
|
|
1
1
|
{
|
|
2
2
|
"title": "CISA Catalog of Known Exploited Vulnerabilities",
|
|
3
|
-
"catalogVersion": "2025.
|
|
4
|
-
"dateReleased": "2025-
|
|
5
|
-
"count":
|
|
3
|
+
"catalogVersion": "2025.05.08",
|
|
4
|
+
"dateReleased": "2025-05-08T15:49:01.7238Z",
|
|
5
|
+
"count": 1335,
|
|
6
6
|
"vulnerabilities": [
|
|
7
|
+
{
|
|
8
|
+
"cveID": "CVE-2024-11120",
|
|
9
|
+
"vendorProject": "GeoVision",
|
|
10
|
+
"product": "Multiple Devices",
|
|
11
|
+
"vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
|
|
12
|
+
"dateAdded": "2025-05-07",
|
|
13
|
+
"shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
|
|
14
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
15
|
+
"dueDate": "2025-05-28",
|
|
16
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
17
|
+
"notes": "https:\/\/dlcdn.geovision.com.tw\/TechNotice\/CyberSecurity\/Security_Advisory_IP_Device_2024-11.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11120",
|
|
18
|
+
"cwes": [
|
|
19
|
+
"CWE-78"
|
|
20
|
+
]
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"cveID": "CVE-2024-6047",
|
|
24
|
+
"vendorProject": "GeoVision",
|
|
25
|
+
"product": "Multiple Devices",
|
|
26
|
+
"vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
|
|
27
|
+
"dateAdded": "2025-05-07",
|
|
28
|
+
"shortDescription": "Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
|
|
29
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
30
|
+
"dueDate": "2025-05-28",
|
|
31
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
32
|
+
"notes": "https:\/\/dlcdn.geovision.com.tw\/TechNotice\/CyberSecurity\/Security_Advisory_IP_Device_2024-11.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-6047",
|
|
33
|
+
"cwes": [
|
|
34
|
+
"CWE-78"
|
|
35
|
+
]
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"cveID": "CVE-2025-27363",
|
|
39
|
+
"vendorProject": "FreeType",
|
|
40
|
+
"product": "FreeType",
|
|
41
|
+
"vulnerabilityName": "FreeType Out-of-Bounds Write Vulnerability",
|
|
42
|
+
"dateAdded": "2025-05-06",
|
|
43
|
+
"shortDescription": "FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.",
|
|
44
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
45
|
+
"dueDate": "2025-05-27",
|
|
46
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
47
|
+
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/source.android.com\/docs\/security\/bulletin\/2025-05-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27363",
|
|
48
|
+
"cwes": [
|
|
49
|
+
"CWE-787"
|
|
50
|
+
]
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
"cveID": "CVE-2025-3248",
|
|
54
|
+
"vendorProject": "Langflow",
|
|
55
|
+
"product": "Langflow",
|
|
56
|
+
"vulnerabilityName": "Langflow Missing Authentication Vulnerability",
|
|
57
|
+
"dateAdded": "2025-05-05",
|
|
58
|
+
"shortDescription": "Langflow contains a missing authentication vulnerability in the \/api\/v1\/validate\/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.",
|
|
59
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
60
|
+
"dueDate": "2025-05-26",
|
|
61
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
62
|
+
"notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/advisories\/GHSA-c995-4fw3-j39m ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3248",
|
|
63
|
+
"cwes": [
|
|
64
|
+
"CWE-306"
|
|
65
|
+
]
|
|
66
|
+
},
|
|
67
|
+
{
|
|
68
|
+
"cveID": "CVE-2025-34028",
|
|
69
|
+
"vendorProject": "Commvault",
|
|
70
|
+
"product": "Command Center",
|
|
71
|
+
"vulnerabilityName": "Commvault Command Center Path Traversal Vulnerability",
|
|
72
|
+
"dateAdded": "2025-05-02",
|
|
73
|
+
"shortDescription": "Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.",
|
|
74
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
75
|
+
"dueDate": "2025-05-23",
|
|
76
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
77
|
+
"notes": "https:\/\/documentation.commvault.com\/securityadvisories\/CV_2025_04_1.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-34028",
|
|
78
|
+
"cwes": [
|
|
79
|
+
"CWE-22"
|
|
80
|
+
]
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"cveID": "CVE-2024-58136",
|
|
84
|
+
"vendorProject": "Yiiframework",
|
|
85
|
+
"product": "Yii",
|
|
86
|
+
"vulnerabilityName": "Yiiframework Yii Improper Protection of Alternate Path Vulnerability",
|
|
87
|
+
"dateAdded": "2025-05-02",
|
|
88
|
+
"shortDescription": "Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including\u2014but not limited to\u2014Craft CMS, as represented by CVE-2025-32432.",
|
|
89
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
90
|
+
"dueDate": "2025-05-23",
|
|
91
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
92
|
+
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/www.yiiframework.com\/news\/709\/please-upgrade-to-yii-2-0-52 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-58136",
|
|
93
|
+
"cwes": [
|
|
94
|
+
"CWE-424"
|
|
95
|
+
]
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"cveID": "CVE-2024-38475",
|
|
99
|
+
"vendorProject": "Apache",
|
|
100
|
+
"product": "HTTP Server",
|
|
101
|
+
"vulnerabilityName": "Apache HTTP Server Improper Escaping of Output Vulnerability",
|
|
102
|
+
"dateAdded": "2025-05-01",
|
|
103
|
+
"shortDescription": "Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally\/directly reachable by any URL, resulting in code execution or source code disclosure.",
|
|
104
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
105
|
+
"dueDate": "2025-05-22",
|
|
106
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
107
|
+
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-38475",
|
|
108
|
+
"cwes": [
|
|
109
|
+
"CWE-116"
|
|
110
|
+
]
|
|
111
|
+
},
|
|
112
|
+
{
|
|
113
|
+
"cveID": "CVE-2023-44221",
|
|
114
|
+
"vendorProject": "SonicWall",
|
|
115
|
+
"product": "SMA100 Appliances",
|
|
116
|
+
"vulnerabilityName": "SonicWall SMA100 Appliances OS Command Injection Vulnerability",
|
|
117
|
+
"dateAdded": "2025-05-01",
|
|
118
|
+
"shortDescription": "SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.",
|
|
119
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
120
|
+
"dueDate": "2025-05-22",
|
|
121
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
122
|
+
"notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2023-0018 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44221",
|
|
123
|
+
"cwes": [
|
|
124
|
+
"CWE-78"
|
|
125
|
+
]
|
|
126
|
+
},
|
|
127
|
+
{
|
|
128
|
+
"cveID": "CVE-2025-31324",
|
|
129
|
+
"vendorProject": "SAP",
|
|
130
|
+
"product": "NetWeaver",
|
|
131
|
+
"vulnerabilityName": "SAP NetWeaver Unrestricted File Upload Vulnerability",
|
|
132
|
+
"dateAdded": "2025-04-29",
|
|
133
|
+
"shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.",
|
|
134
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
135
|
+
"dueDate": "2025-05-20",
|
|
136
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
137
|
+
"notes": "https:\/\/me.sap.com\/notes\/3594142 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31324",
|
|
138
|
+
"cwes": [
|
|
139
|
+
"CWE-434"
|
|
140
|
+
]
|
|
141
|
+
},
|
|
142
|
+
{
|
|
143
|
+
"cveID": "CVE-2025-1976",
|
|
144
|
+
"vendorProject": "Broadcom",
|
|
145
|
+
"product": "Brocade Fabric OS",
|
|
146
|
+
"vulnerabilityName": "Broadcom Brocade Fabric OS Code Injection Vulnerability",
|
|
147
|
+
"dateAdded": "2025-04-28",
|
|
148
|
+
"shortDescription": "Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges.",
|
|
149
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
150
|
+
"dueDate": "2025-05-19",
|
|
151
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
152
|
+
"notes": "https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/25602 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-1976",
|
|
153
|
+
"cwes": [
|
|
154
|
+
"CWE-94"
|
|
155
|
+
]
|
|
156
|
+
},
|
|
157
|
+
{
|
|
158
|
+
"cveID": "CVE-2025-42599",
|
|
159
|
+
"vendorProject": "Qualitia",
|
|
160
|
+
"product": "Active! Mail",
|
|
161
|
+
"vulnerabilityName": "Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability",
|
|
162
|
+
"dateAdded": "2025-04-28",
|
|
163
|
+
"shortDescription": "Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request.",
|
|
164
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
165
|
+
"dueDate": "2025-05-19",
|
|
166
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
167
|
+
"notes": "https:\/\/www.qualitia.com\/jp\/news\/2025\/04\/18_1030.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-42599",
|
|
168
|
+
"cwes": [
|
|
169
|
+
"CWE-121"
|
|
170
|
+
]
|
|
171
|
+
},
|
|
172
|
+
{
|
|
173
|
+
"cveID": "CVE-2025-3928",
|
|
174
|
+
"vendorProject": "Commvault",
|
|
175
|
+
"product": "Web Server",
|
|
176
|
+
"vulnerabilityName": "Commvault Web Server Unspecified Vulnerability",
|
|
177
|
+
"dateAdded": "2025-04-28",
|
|
178
|
+
"shortDescription": "Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.",
|
|
179
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
180
|
+
"dueDate": "2025-05-19",
|
|
181
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
182
|
+
"notes": "https:\/\/documentation.commvault.com\/securityadvisories\/CV_2025_03_1.html; https:\/\/www.commvault.com\/blogs\/notice-security-advisory-update; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3928 ",
|
|
183
|
+
"cwes": []
|
|
184
|
+
},
|
|
7
185
|
{
|
|
8
186
|
"cveID": "CVE-2025-24054",
|
|
9
187
|
"vendorProject": "Microsoft",
|
|
@@ -138,14 +316,14 @@
|
|
|
138
316
|
{
|
|
139
317
|
"cveID": "CVE-2025-22457",
|
|
140
318
|
"vendorProject": "Ivanti",
|
|
141
|
-
"product": "Connect Secure, Policy Secure and ZTA Gateways",
|
|
142
|
-
"vulnerabilityName": "Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
|
|
319
|
+
"product": "Connect Secure, Policy Secure, and ZTA Gateways",
|
|
320
|
+
"vulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
|
|
143
321
|
"dateAdded": "2025-04-04",
|
|
144
|
-
"shortDescription": "Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
|
|
322
|
+
"shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
|
|
145
323
|
"requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
|
|
146
324
|
"dueDate": "2025-04-11",
|
|
147
325
|
"knownRansomwareCampaignUse": "Unknown",
|
|
148
|
-
"notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457
|
|
326
|
+
"notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
|
|
149
327
|
"cwes": [
|
|
150
328
|
"CWE-121"
|
|
151
329
|
]
|
|
@@ -160,7 +338,7 @@
|
|
|
160
338
|
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
161
339
|
"dueDate": "2025-04-22",
|
|
162
340
|
"knownRansomwareCampaignUse": "Unknown",
|
|
163
|
-
"notes": "https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813",
|
|
341
|
+
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813",
|
|
164
342
|
"cwes": [
|
|
165
343
|
"CWE-44",
|
|
166
344
|
"CWE-502"
|
|
@@ -1043,7 +1221,7 @@
|
|
|
1043
1221
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
1044
1222
|
"dueDate": "2025-02-25",
|
|
1045
1223
|
"knownRansomwareCampaignUse": "Unknown",
|
|
1046
|
-
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
|
|
1224
|
+
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
|
|
1047
1225
|
"cwes": [
|
|
1048
1226
|
"CWE-425"
|
|
1049
1227
|
]
|
|
@@ -2205,7 +2383,7 @@
|
|
|
2205
2383
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
2206
2384
|
"dueDate": "2024-10-09",
|
|
2207
2385
|
"knownRansomwareCampaignUse": "Unknown",
|
|
2208
|
-
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/lists.apache.org\/thread\/nx6g6htyhpgtzsocybm242781o8w5kq9
|
|
2386
|
+
"notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https:\/\/lists.apache.org\/thread\/nx6g6htyhpgtzsocybm242781o8w5kq9 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27348",
|
|
2209
2387
|
"cwes": [
|
|
2210
2388
|
"CWE-284"
|
|
2211
2389
|
]
|
|
@@ -10,16 +10,17 @@ from abc import ABC, abstractmethod
|
|
|
10
10
|
from collections import namedtuple
|
|
11
11
|
from datetime import datetime, timedelta
|
|
12
12
|
from os import PathLike
|
|
13
|
-
from typing import Any, Callable, Generator, Iterator, List, Optional, Sequence, TextIO, Tuple, Union
|
|
13
|
+
from typing import TYPE_CHECKING, Any, Callable, Generator, Iterator, List, Optional, Sequence, TextIO, Tuple, Union
|
|
14
14
|
|
|
15
15
|
if TYPE_CHECKING:
|
|
16
16
|
from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
|
|
17
17
|
|
|
18
|
+
from pathlib import Path
|
|
19
|
+
|
|
18
20
|
import click
|
|
19
21
|
import requests
|
|
20
22
|
import xmltodict
|
|
21
23
|
from openpyxl.reader.excel import load_workbook
|
|
22
|
-
from pathlib import Path
|
|
23
24
|
|
|
24
25
|
from regscale.core.app.api import Api
|
|
25
26
|
from regscale.core.app.application import Application
|
|
@@ -237,12 +238,13 @@ class FlatFileImporter(ABC):
|
|
|
237
238
|
asset_id = vuln.dns or vuln.ipAddress
|
|
238
239
|
if not asset_id:
|
|
239
240
|
return None
|
|
240
|
-
|
|
241
241
|
severity = self.finding_severity_map.get(vuln.severity.capitalize(), regscale_models.IssueSeverity.Low)
|
|
242
242
|
status = self.map_status_to_issue_status(vuln.status)
|
|
243
243
|
cve: Optional[str] = getattr(vuln, "cve", "")
|
|
244
244
|
extract_vuln: Any = self.extract_ghsa_strings(getattr(vuln, "plugInName", ""))
|
|
245
245
|
plugin_name = getattr(vuln, "plugInName", getattr(vuln, "title", ""))
|
|
246
|
+
plugin_id = str(vuln.plugInId) if vuln.plugInId else ""
|
|
247
|
+
non_cve_identifier = self.determine_non_cve_identifier(cve)
|
|
246
248
|
if not self.assert_valid_cve(cve):
|
|
247
249
|
if isinstance(extract_vuln, list):
|
|
248
250
|
cve = ", ".join(extract_vuln)
|
|
@@ -251,7 +253,8 @@ class FlatFileImporter(ABC):
|
|
|
251
253
|
# with CVE or not.
|
|
252
254
|
cve = extract_vuln
|
|
253
255
|
if not self.assert_valid_cve(cve):
|
|
254
|
-
|
|
256
|
+
if not non_cve_identifier:
|
|
257
|
+
plugin_name = cve
|
|
255
258
|
cve = ""
|
|
256
259
|
remediation_description = ""
|
|
257
260
|
if remediation := vuln.extra_data.get("solution"):
|
|
@@ -269,18 +272,19 @@ class FlatFileImporter(ABC):
|
|
|
269
272
|
severity=severity,
|
|
270
273
|
status=status,
|
|
271
274
|
asset_identifier=asset_id,
|
|
272
|
-
external_id=
|
|
273
|
-
rule_id=
|
|
275
|
+
external_id=non_cve_identifier or plugin_id,
|
|
276
|
+
rule_id=plugin_id,
|
|
274
277
|
first_seen=vuln.firstSeen,
|
|
275
278
|
last_seen=vuln.lastSeen,
|
|
276
279
|
remediation=remediation_description,
|
|
277
280
|
cvss_score=vuln.vprScore,
|
|
278
281
|
cve=cve,
|
|
279
282
|
cvss_v3_base_score=vuln.cvsSv3BaseScore,
|
|
280
|
-
source_rule_id=
|
|
283
|
+
source_rule_id=plugin_id,
|
|
281
284
|
vulnerability_type="Vulnerability Scan",
|
|
282
285
|
baseline=f"{self.name} Host",
|
|
283
286
|
results=vuln.title,
|
|
287
|
+
plugin_id=plugin_id or non_cve_identifier or plugin_name,
|
|
284
288
|
plugin_name=plugin_name,
|
|
285
289
|
date_created=vuln.firstSeen,
|
|
286
290
|
date_last_updated=vuln.lastSeen,
|
|
@@ -838,10 +842,10 @@ class FlatFileImporter(ABC):
|
|
|
838
842
|
:param str aws_profile: The AWS profile to use for S3 access
|
|
839
843
|
:param Optional[bool] upload_file: Whether to upload the file to RegScale after processing, defaults to True
|
|
840
844
|
"""
|
|
841
|
-
from regscale.core.app.utils.file_utils import download_from_s3
|
|
842
|
-
from regscale.validation.record import validate_regscale_object
|
|
843
845
|
from regscale.core.app.application import Application
|
|
846
|
+
from regscale.core.app.utils.file_utils import download_from_s3
|
|
844
847
|
from regscale.exceptions import ValidationException
|
|
848
|
+
from regscale.validation.record import validate_regscale_object
|
|
845
849
|
|
|
846
850
|
if s3_bucket:
|
|
847
851
|
download_from_s3(s3_bucket, s3_prefix, folder_path, aws_profile)
|
|
@@ -890,6 +894,7 @@ class FlatFileImporter(ABC):
|
|
|
890
894
|
:rtype: Callable[[Callable], click.option]
|
|
891
895
|
"""
|
|
892
896
|
import os
|
|
897
|
+
|
|
893
898
|
from regscale.models.app_models.click import NotRequiredIf
|
|
894
899
|
|
|
895
900
|
mapping_dir = os.path.join("./", "mappings", import_name)
|
|
@@ -1101,3 +1106,15 @@ class FlatFileImporter(ABC):
|
|
|
1101
1106
|
"""
|
|
1102
1107
|
pattern = r"^CVE-\d{4}-\d{4,}$"
|
|
1103
1108
|
return bool(re.match(pattern, cve))
|
|
1109
|
+
|
|
1110
|
+
@staticmethod
|
|
1111
|
+
def determine_non_cve_identifier(vuln_id: str) -> str:
|
|
1112
|
+
"""
|
|
1113
|
+
Determine the non-CVE identifier based on the CVE string
|
|
1114
|
+
|
|
1115
|
+
:param str vuln_id: The Vulnerability Identifier string
|
|
1116
|
+
:return: The non-CVE identifier
|
|
1117
|
+
:rtype: str
|
|
1118
|
+
"""
|
|
1119
|
+
match_regex = "^(?:(?:ALSA|ALSA2|ALAS|ALAS2|ELSA)-(?:19|20)\\d{2}-\\d{4,5}|GHSA-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4})$"
|
|
1120
|
+
return vuln_id if re.match(match_regex, vuln_id) else ""
|