Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cti): add Cyber Threat Intelligence info #1442

Merged
merged 6 commits into from
Jun 15, 2022
Merged

feat(cti): add Cyber Threat Intelligence info #1442

merged 6 commits into from
Jun 15, 2022

Conversation

MaineK00n
Copy link
Collaborator

@MaineK00n MaineK00n commented Apr 14, 2022
edited
Loading

What did you implement:

Threat information affecting the detected CVE-ID is displayed using MITRE ATT&CK, CAPEC.

Type of change

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

How Has This Been Tested?

report

$ vuls report -format-full-text
// ...
+----------------+---------------------------------------------------------------------------------------------------------+
| CVE-2020-27955 | UNFIXED                                                                                                 |
+----------------+---------------------------------------------------------------------------------------------------------+
| Max Score      | 9.8 CRITICAL (nvd)                                                                                      |
| nvd            | 9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CRITICAL                                               |
| jvn            | 9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CRITICAL                                               |
| ubuntu         | 4.0-6.9 MEDIUM                                                                                          |
| nvd            | 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C HIGH                                                                    |
| jvn            | 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C HIGH                                                                    |
| Summary        | Git LFS is a command line extension for managing large files with Git. On                               |
|                | Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe                        |
|                | file in the current directory, that program would be executed, permitting the                           |
|                | attacker to execute arbitrary code. This does not affect Unix systems. This is                          |
|                | the result of an incomplete fix for CVE-2020-27955. This issue occurs because                           |
|                | on Windows, Go includes (and prefers) the current directory when the name                               |
|                | of a command run does not contain a directory separator. Other than avoiding                            |
|                | untrusted repositories or using a different operating system, there is no                               |
|                | workaround. This is fixed in v2.13.2.                                                                   |
| Primary Src    | https://nvd.nist.gov/vuln/detail/CVE-2020-27955                                                         |
| Primary Src    | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27955                                            |
| Affected Pkg   | git-lfs-2.9.2-1 -> Not fixed yet                                                                        |
| Confidence     | 100 / OvalMatch                                                                                         |
| CWE            | CWE-427: Uncontrolled Search Path Element (nvd)                                                         |
| CWE            | https://cwe.mitre.org/data/definitions/CWE-427.html                                                     |
| InTheWild      | http://packetstormsecurity.com/files/159923/git-lfs-Remote-Code-Execution.html                          |
| InTheWild      | http://packetstormsecurity.com/files/164180/Git-git-lfs-Remote-Code-Execution.html                      |
| InTheWild      | http://seclists.org/fulldisclosure/2020/Nov/1                                                           |
| InTheWild      | https://exploitbox.io/                                                                                   |
| InTheWild      | https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955                                        |
| InTheWild      | https://github.com/ExploitBox/git-lfs-RCE-exploit-CVE-2020-27955-Go                                     |
| InTheWild      | https://github.com/r00t4dm/CVE-2020-27955                                                               |
| InTheWild      | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/git_lfs_rce.rb |
| InTheWild      | https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html                             |
| MITER ATT&CK   | TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion =>                           |
|                | T1574.001: DLL Search Order Hijacking                                                                   |
| MITER ATT&CK   | TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion =>                           |
|                | T1574.004: Dylib Hijacking                                                                              |
| MITER ATT&CK   | TA0003: Persistence, TA0004: Privilege Escalation, TA0005: Defense Evasion =>                           |
|                | T1574.007: Path Interception by PATH Environment Variable                                               |
+----------------+---------------------------------------------------------------------------------------------------------+
// ...

tui

Screenshot from 2022-04-15 01-32-54

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this Apr 14, 2022
This was referenced Apr 15, 2022
Merged
Merged
@MaineK00n MaineK00n force-pushed the MaineK00n/go-cti branch 2 times, most recently from 0ae276e to fb01457 Compare April 15, 2022 17:53
@MaineK00n MaineK00n marked this pull request as ready for review April 15, 2022 17:54
@MaineK00n MaineK00n force-pushed the MaineK00n/go-cti branch from 2fbe98a to 93434b3 Compare May 9, 2022 01:42
@kotakanbe kotakanbe self-requested a review May 9, 2022 01:51
@MaineK00n MaineK00n force-pushed the MaineK00n/go-cti branch 2 times, most recently from 4868835 to 2d4060d Compare June 9, 2022 02:03
@MaineK00n MaineK00n merged commit 5234306 into master Jun 15, 2022
@MaineK00n MaineK00n deleted the MaineK00n/go-cti branch June 15, 2022 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kotakanbe kotakanbe Awaiting requested review from kotakanbe

Assignees

@MaineK00n MaineK00n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MaineK00n