regscale-cli 6.20.0.0__py3-none-any.whl → 6.20.1.0__py3-none-any.whl

regscale/__init__.py

@@ -1 +1 @@
-__version__ = "6.20.0.0"
+__version__ = "6.20.1.0"

regscale/integrations/commercial/synqly/assets.py

@@ -23,6 +23,22 @@ def sync_armis_centrix(regscale_ssp_id: int) -> None:
     assets_armis_centrix.run_sync(regscale_ssp_id=regscale_ssp_id)
 
 
+@assets.command(name="sync_crowdstrike")
+@regscale_ssp_id()
+@click.option(
+    "--url",
+    type=click.STRING,
+    help="The root domain where your CrowdStrike Falcon tenant is located.",
+    required=False,
+)
+def sync_crowdstrike(regscale_ssp_id: int, url: str) -> None:
+    """Sync Assets from Crowdstrike to RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Assets
+
+    assets_crowdstrike = Assets("crowdstrike")
+    assets_crowdstrike.run_sync(regscale_ssp_id=regscale_ssp_id, url=url)
+
+
 @assets.command(name="sync_nozomi_vantage")
 @regscale_ssp_id()
 def sync_nozomi_vantage(regscale_ssp_id: int) -> None:

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -360,13 +360,15 @@ def update_imp_objective(
     )
     existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
     responsibility = responsibility_map.get(responsibility, responsibility)
+    logger.debug(f"CRM Record: {crm_record}")
+    can_be_inherited_from_csp: str = crm_record.get("can_be_inherited_from_csp") or ""
     for objective in objectives:
         current_pair = (objective.id, imp.id)
         if current_pair not in existing_pairs:
             imp_obj = ImplementationObjective(
                 id=0,
                 uuid="",
-                inherited=crm_record.get("can_be_inherited_from_csp") in ["Yes", "Partial"],
+                inherited=can_be_inherited_from_csp in ["Yes", "Partial"],
                 implementationId=imp.id,
                 status=status_map.get(cis_record.get("implementation_status", NOT_IMPLEMENTED), NOT_IMPLEMENTED),
                 objectiveId=objective.id,
@@ -374,8 +376,8 @@ def update_imp_objective(
                 securityControlId=objective.securityControlId,
                 securityPlanId=REGSCALE_SSP_ID,
                 responsibility=responsibility,
-                cloudResponsibility=customer_responsibility,
-                customerResponsibility=customer_responsibility,
+                cloudResponsibility=customer_responsibility if can_be_inherited_from_csp.lower() == "yes" else "",
+                customerResponsibility=(customer_responsibility if can_be_inherited_from_csp.lower() != "yes" else ""),
                 authorizationId=leverage_auth_id,
                 parentObjectiveId=objective.parentObjectiveId,
             )

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,114 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.05.15",
-    "dateReleased": "2025-05-15T17:04:05.6633Z",
-    "count": 1345,
+    "catalogVersion": "2025.05.27",
+    "dateReleased": "2025-05-27T16:31:36.689Z",
+    "count": 1352,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-4632",
+            "vendorProject": "Samsung",
+            "product": "MagicINFO 9 Server",
+            "vulnerabilityName": "Samsung MagicINFO 9 Server Path Traversal Vulnerability",
+            "dateAdded": "2025-05-22",
+            "shortDescription": "Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-12",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/security.samsungtv.com\/securityUpdates#SVP-MAY-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4632",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2023-38950",
+            "vendorProject": "ZKTeco",
+            "product": "BioTime",
+            "vulnerabilityName": "ZKTeco BioTime Path Traversal Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.zkteco.com\/en\/Security_Bulletinsibs ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-38950",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-27443",
+            "vendorProject": "Synacor",
+            "product": "Zimbra Collaboration Suite (ZCS)",
+            "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/8.8.15\/P46#Security_Fixes ; https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/9.0.0\/P39#Security_Fixes ; https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/10.0.7#Security_Fixes ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27443",
+            "cwes": [
+                "CWE-79"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-27920",
+            "vendorProject": "Srimax",
+            "product": "Output Messenger",
+            "vulnerabilityName": "Srimax Output Messenger Directory Traversal Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.outputmessenger.com\/cve-2025-27920\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27920",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-11182",
+            "vendorProject": "MDaemon",
+            "product": "Email Server",
+            "vulnerabilityName": "MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/files.mdaemon.com\/mdaemon\/beta\/RelNotes_en.html ; https:\/\/mdaemon.com\/pages\/downloads-critical-updates ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11182",
+            "cwes": [
+                "CWE-79"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-4428",
+            "vendorProject": "Ivanti",
+            "product": "Endpoint Manager Mobile (EPMM)",
+            "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4428",
+            "cwes": [
+                "CWE-94"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-4427",
+            "vendorProject": "Ivanti",
+            "product": "Endpoint Manager Mobile (EPMM)",
+            "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability",
+            "dateAdded": "2025-05-19",
+            "shortDescription": "Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4427",
+            "cwes": [
+                "CWE-288"
+            ]
+        },
         {
             "cveID": "CVE-2025-42999",
             "vendorProject": "SAP",
@@ -1117,7 +1222,7 @@
             "shortDescription": "SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-03-06",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/simple-help.com\/kb---security-vulnerabilities-01-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-57727",
             "cwes": [
                 "CWE-22"