regscale-cli 6.20.0.0__py3-none-any.whl → 6.20.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of regscale-cli might be problematic. Click here for more details.
- regscale/__init__.py +1 -1
- regscale/integrations/commercial/synqly/assets.py +16 -0
- regscale/integrations/public/fedramp/fedramp_cis_crm.py +5 -3
- regscale/models/integration_models/cisa_kev_data.json +109 -4
- regscale/models/integration_models/synqly_models/capabilities.json +1 -1
- regscale/models/regscale_models/__init__.py +2 -0
- regscale/models/regscale_models/evidence.py +72 -4
- regscale/models/regscale_models/evidence_mapping.py +1 -1
- regscale/models/regscale_models/task.py +14 -1
- {regscale_cli-6.20.0.0.dist-info → regscale_cli-6.20.1.0.dist-info}/METADATA +1 -1
- {regscale_cli-6.20.0.0.dist-info → regscale_cli-6.20.1.0.dist-info}/RECORD +15 -15
- {regscale_cli-6.20.0.0.dist-info → regscale_cli-6.20.1.0.dist-info}/LICENSE +0 -0
- {regscale_cli-6.20.0.0.dist-info → regscale_cli-6.20.1.0.dist-info}/WHEEL +0 -0
- {regscale_cli-6.20.0.0.dist-info → regscale_cli-6.20.1.0.dist-info}/entry_points.txt +0 -0
- {regscale_cli-6.20.0.0.dist-info → regscale_cli-6.20.1.0.dist-info}/top_level.txt +0 -0
regscale/__init__.py
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
__version__ = "6.20.
|
|
1
|
+
__version__ = "6.20.1.0"
|
|
@@ -23,6 +23,22 @@ def sync_armis_centrix(regscale_ssp_id: int) -> None:
|
|
|
23
23
|
assets_armis_centrix.run_sync(regscale_ssp_id=regscale_ssp_id)
|
|
24
24
|
|
|
25
25
|
|
|
26
|
+
@assets.command(name="sync_crowdstrike")
|
|
27
|
+
@regscale_ssp_id()
|
|
28
|
+
@click.option(
|
|
29
|
+
"--url",
|
|
30
|
+
type=click.STRING,
|
|
31
|
+
help="The root domain where your CrowdStrike Falcon tenant is located.",
|
|
32
|
+
required=False,
|
|
33
|
+
)
|
|
34
|
+
def sync_crowdstrike(regscale_ssp_id: int, url: str) -> None:
|
|
35
|
+
"""Sync Assets from Crowdstrike to RegScale."""
|
|
36
|
+
from regscale.models.integration_models.synqly_models.connectors import Assets
|
|
37
|
+
|
|
38
|
+
assets_crowdstrike = Assets("crowdstrike")
|
|
39
|
+
assets_crowdstrike.run_sync(regscale_ssp_id=regscale_ssp_id, url=url)
|
|
40
|
+
|
|
41
|
+
|
|
26
42
|
@assets.command(name="sync_nozomi_vantage")
|
|
27
43
|
@regscale_ssp_id()
|
|
28
44
|
def sync_nozomi_vantage(regscale_ssp_id: int) -> None:
|
|
@@ -360,13 +360,15 @@ def update_imp_objective(
|
|
|
360
360
|
)
|
|
361
361
|
existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
|
|
362
362
|
responsibility = responsibility_map.get(responsibility, responsibility)
|
|
363
|
+
logger.debug(f"CRM Record: {crm_record}")
|
|
364
|
+
can_be_inherited_from_csp: str = crm_record.get("can_be_inherited_from_csp") or ""
|
|
363
365
|
for objective in objectives:
|
|
364
366
|
current_pair = (objective.id, imp.id)
|
|
365
367
|
if current_pair not in existing_pairs:
|
|
366
368
|
imp_obj = ImplementationObjective(
|
|
367
369
|
id=0,
|
|
368
370
|
uuid="",
|
|
369
|
-
inherited=
|
|
371
|
+
inherited=can_be_inherited_from_csp in ["Yes", "Partial"],
|
|
370
372
|
implementationId=imp.id,
|
|
371
373
|
status=status_map.get(cis_record.get("implementation_status", NOT_IMPLEMENTED), NOT_IMPLEMENTED),
|
|
372
374
|
objectiveId=objective.id,
|
|
@@ -374,8 +376,8 @@ def update_imp_objective(
|
|
|
374
376
|
securityControlId=objective.securityControlId,
|
|
375
377
|
securityPlanId=REGSCALE_SSP_ID,
|
|
376
378
|
responsibility=responsibility,
|
|
377
|
-
cloudResponsibility=customer_responsibility,
|
|
378
|
-
customerResponsibility=customer_responsibility,
|
|
379
|
+
cloudResponsibility=customer_responsibility if can_be_inherited_from_csp.lower() == "yes" else "",
|
|
380
|
+
customerResponsibility=(customer_responsibility if can_be_inherited_from_csp.lower() != "yes" else ""),
|
|
379
381
|
authorizationId=leverage_auth_id,
|
|
380
382
|
parentObjectiveId=objective.parentObjectiveId,
|
|
381
383
|
)
|
|
@@ -1,9 +1,114 @@
|
|
|
1
1
|
{
|
|
2
2
|
"title": "CISA Catalog of Known Exploited Vulnerabilities",
|
|
3
|
-
"catalogVersion": "2025.05.
|
|
4
|
-
"dateReleased": "2025-05-
|
|
5
|
-
"count":
|
|
3
|
+
"catalogVersion": "2025.05.27",
|
|
4
|
+
"dateReleased": "2025-05-27T16:31:36.689Z",
|
|
5
|
+
"count": 1352,
|
|
6
6
|
"vulnerabilities": [
|
|
7
|
+
{
|
|
8
|
+
"cveID": "CVE-2025-4632",
|
|
9
|
+
"vendorProject": "Samsung",
|
|
10
|
+
"product": "MagicINFO 9 Server",
|
|
11
|
+
"vulnerabilityName": "Samsung MagicINFO 9 Server Path Traversal Vulnerability",
|
|
12
|
+
"dateAdded": "2025-05-22",
|
|
13
|
+
"shortDescription": "Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.",
|
|
14
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
15
|
+
"dueDate": "2025-06-12",
|
|
16
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
17
|
+
"notes": "https:\/\/security.samsungtv.com\/securityUpdates#SVP-MAY-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4632",
|
|
18
|
+
"cwes": [
|
|
19
|
+
"CWE-22"
|
|
20
|
+
]
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"cveID": "CVE-2023-38950",
|
|
24
|
+
"vendorProject": "ZKTeco",
|
|
25
|
+
"product": "BioTime",
|
|
26
|
+
"vulnerabilityName": "ZKTeco BioTime Path Traversal Vulnerability",
|
|
27
|
+
"dateAdded": "2025-05-19",
|
|
28
|
+
"shortDescription": "ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.",
|
|
29
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
30
|
+
"dueDate": "2025-06-09",
|
|
31
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
32
|
+
"notes": "https:\/\/www.zkteco.com\/en\/Security_Bulletinsibs ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-38950",
|
|
33
|
+
"cwes": [
|
|
34
|
+
"CWE-22"
|
|
35
|
+
]
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"cveID": "CVE-2024-27443",
|
|
39
|
+
"vendorProject": "Synacor",
|
|
40
|
+
"product": "Zimbra Collaboration Suite (ZCS)",
|
|
41
|
+
"vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability",
|
|
42
|
+
"dateAdded": "2025-05-19",
|
|
43
|
+
"shortDescription": "Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.",
|
|
44
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
45
|
+
"dueDate": "2025-06-09",
|
|
46
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
47
|
+
"notes": "https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/8.8.15\/P46#Security_Fixes ; https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/9.0.0\/P39#Security_Fixes ; https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/10.0.7#Security_Fixes ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27443",
|
|
48
|
+
"cwes": [
|
|
49
|
+
"CWE-79"
|
|
50
|
+
]
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
"cveID": "CVE-2025-27920",
|
|
54
|
+
"vendorProject": "Srimax",
|
|
55
|
+
"product": "Output Messenger",
|
|
56
|
+
"vulnerabilityName": "Srimax Output Messenger Directory Traversal Vulnerability",
|
|
57
|
+
"dateAdded": "2025-05-19",
|
|
58
|
+
"shortDescription": "Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.",
|
|
59
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
60
|
+
"dueDate": "2025-06-09",
|
|
61
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
62
|
+
"notes": "https:\/\/www.outputmessenger.com\/cve-2025-27920\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27920",
|
|
63
|
+
"cwes": [
|
|
64
|
+
"CWE-22"
|
|
65
|
+
]
|
|
66
|
+
},
|
|
67
|
+
{
|
|
68
|
+
"cveID": "CVE-2024-11182",
|
|
69
|
+
"vendorProject": "MDaemon",
|
|
70
|
+
"product": "Email Server",
|
|
71
|
+
"vulnerabilityName": "MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability",
|
|
72
|
+
"dateAdded": "2025-05-19",
|
|
73
|
+
"shortDescription": "MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.",
|
|
74
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
75
|
+
"dueDate": "2025-06-09",
|
|
76
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
77
|
+
"notes": "https:\/\/files.mdaemon.com\/mdaemon\/beta\/RelNotes_en.html ; https:\/\/mdaemon.com\/pages\/downloads-critical-updates ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11182",
|
|
78
|
+
"cwes": [
|
|
79
|
+
"CWE-79"
|
|
80
|
+
]
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"cveID": "CVE-2025-4428",
|
|
84
|
+
"vendorProject": "Ivanti",
|
|
85
|
+
"product": "Endpoint Manager Mobile (EPMM)",
|
|
86
|
+
"vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability",
|
|
87
|
+
"dateAdded": "2025-05-19",
|
|
88
|
+
"shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library.",
|
|
89
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
90
|
+
"dueDate": "2025-06-09",
|
|
91
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
92
|
+
"notes": "https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4428",
|
|
93
|
+
"cwes": [
|
|
94
|
+
"CWE-94"
|
|
95
|
+
]
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"cveID": "CVE-2025-4427",
|
|
99
|
+
"vendorProject": "Ivanti",
|
|
100
|
+
"product": "Endpoint Manager Mobile (EPMM)",
|
|
101
|
+
"vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability",
|
|
102
|
+
"dateAdded": "2025-05-19",
|
|
103
|
+
"shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.",
|
|
104
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
105
|
+
"dueDate": "2025-06-09",
|
|
106
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
107
|
+
"notes": "https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4427",
|
|
108
|
+
"cwes": [
|
|
109
|
+
"CWE-288"
|
|
110
|
+
]
|
|
111
|
+
},
|
|
7
112
|
{
|
|
8
113
|
"cveID": "CVE-2025-42999",
|
|
9
114
|
"vendorProject": "SAP",
|
|
@@ -1117,7 +1222,7 @@
|
|
|
1117
1222
|
"shortDescription": "SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.",
|
|
1118
1223
|
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
1119
1224
|
"dueDate": "2025-03-06",
|
|
1120
|
-
"knownRansomwareCampaignUse": "
|
|
1225
|
+
"knownRansomwareCampaignUse": "Known",
|
|
1121
1226
|
"notes": "https:\/\/simple-help.com\/kb---security-vulnerabilities-01-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-57727",
|
|
1122
1227
|
"cwes": [
|
|
1123
1228
|
"CWE-22"
|