diff --git a/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md b/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md index 238404a79a5bc..1d00c73e95b54 100644 --- a/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md +++ b/docs/metasploit-framework.wiki/Module-Reference-Identifiers.md @@ -18,6 +18,7 @@ US-CERT-VU | kb.cert.org | ```['US-CERT-VU', '800113']``` ZDI | zerodayinitiative.com | ```['ZDI', '10-123']``` WPVDB | wpvulndb.com | ```['WPVDB', '7615']``` PACKETSTORM | packetstormsecurity.com | ```['PACKETSTORM', '132721']``` +GHSA | github.com/advisories or github.com/owner/repo/security/advisories | ```['GHSA', 'xxxx-xxxx-xxxx']``` or ```['GHSA', 'xxxx-xxxx-xxxx', 'owner/repo']``` URL | anything | ```['URL', 'http://example.com/blog.php?id=123']``` AKA (_deprecated_*) | anything | ~~`['AKA', 'shellshock']`~~ diff --git a/lib/msf/core/module/module_info.rb b/lib/msf/core/module/module_info.rb index 5000dfa39e397..5f5be17dd75e0 100644 --- a/lib/msf/core/module/module_info.rb +++ b/lib/msf/core/module/module_info.rb @@ -4,7 +4,10 @@ module Msf::Module::ModuleInfo # # The list of options that don't support merging in an information hash. - UpdateableOptions = [ "Name", "Description", "Alias", "PayloadCompat" , "Stance"] + UpdateableOptions = ['Name', 'Description', 'Alias', 'PayloadCompat', 'Stance'].freeze + + # Reference types that can have 2 or 3 elements (e.g., GHSA with optional repo) + ReferencesWithOptionalThirdElement = ['GHSA'].freeze # # Instance Methods @@ -64,17 +67,20 @@ def notes # Register options with a specific owning class. # def info_fixups - # Each reference should be an array consisting of two elements + # Each reference should be an array consisting of two or three elements refs = module_info['References'] - if(refs and not refs.empty?) - refs.each_index do |i| - if !(refs[i].respond_to?('[]') and refs[i].length == 2) - refs[i] = nil - end - end + return unless refs&.any? + + refs.reject! do |ref| + next true unless ref.respond_to?('[]') && !ref.empty? - # Purge invalid references - refs.delete(nil) + # Some reference types can have 2 or 3 elements (e.g., GHSA with optional repo) + # Other references should have 2 elements + ref_type = ref[0] + can_have_third_element = ReferencesWithOptionalThirdElement.include?(ref_type) + valid_length = can_have_third_element ? (ref.length == 2 || ref.length == 3) : (ref.length == 2) + + !valid_length end end @@ -82,42 +88,24 @@ def info_fixups # Checks and merges the supplied key/value pair in the supplied hash. # def merge_check_key(info, name, val) - if (self.respond_to?("merge_info_#{name.downcase}", true)) - self.send("merge_info_#{name.downcase}", info, val) - else - # If the info hash already has an entry for this name - if (info[name]) - # If it's not an array, convert it to an array and merge the - # two - if (info[name].kind_of?(Hash)) - raise TypeError, 'can only merge a hash into a hash' unless val.kind_of?(Hash) - val.each_pair do |val_key, val_val| - merge_check_key(info[name], val_key, val_val) - end - - return - elsif (info[name].kind_of?(Array) == false) - curr = info[name] - info[name] = [ curr ] - end + merge_method = "merge_info_#{name.downcase}" + return __send__(merge_method, info, val) if respond_to?(merge_method, true) - # If the value being merged is an array, add each one - if (val.kind_of?(Array) == true) - val.each { |v| - if (info[name].include?(v) == false) - info[name] << v - end - } - # Otherwise just add the value - elsif (info[name].include?(val) == false) - info[name] << val - end - # Otherwise, just set the value equal if no current value - # exists - else - info[name] = val - end + return info[name] = val unless info[name] + + # Handle hash merging recursively + if info[name].is_a?(Hash) + raise TypeError, 'can only merge a hash into a hash' unless val.is_a?(Hash) + val.each_pair { |val_key, val_val| merge_check_key(info[name], val_key, val_val) } + return end + + # Convert to array if needed + info[name] = Array(info[name]) unless info[name].is_a?(Array) + + # Merge values, avoiding duplicates + values_to_add = val.is_a?(Array) ? val : [val] + values_to_add.each { |v| info[name] << v unless info[name].include?(v) } end # diff --git a/lib/msf/core/module/reference.rb b/lib/msf/core/module/reference.rb index ff894bc95d29e..bc914b98a4617 100644 --- a/lib/msf/core/module/reference.rb +++ b/lib/msf/core/module/reference.rb @@ -77,11 +77,14 @@ def self.from_s(str) # # Initializes a site reference from an array. ary[0] is the site and # ary[1] is the site context identifier, such as CVE. + # ary[2] is optional and can be used for additional context (e.g., repo for GHSA) # def self.from_a(ary) return nil if (ary.length < 2) + # Reject if first element is an array (nested array structure) + return nil if ary[0].kind_of?(Array) - self.new(ary[0], ary[1]) + self.new(ary[0], ary[1], ary[2]) end # @@ -90,9 +93,14 @@ def self.from_a(ary) # * tools/module_reference.rb # * https://docs.metasploit.com/docs/development/developing-modules/module-metadata/module-reference-identifiers.html # - def initialize(in_ctx_id = 'Unknown', in_ctx_val = '') + def initialize(in_ctx_id = 'Unknown', in_ctx_val = '', in_ctx_repo = nil) + # Ensure ctx_id and ctx_val are strings (handle constants like ATT&CK techniques) + in_ctx_id = in_ctx_id.to_s if in_ctx_id.respond_to?(:to_s) && !in_ctx_id.is_a?(String) + in_ctx_val = in_ctx_val.to_s if in_ctx_val.respond_to?(:to_s) && !in_ctx_val.is_a?(String) + self.ctx_id = in_ctx_id self.ctx_val = in_ctx_val + self.ctx_repo = in_ctx_repo if in_ctx_id == 'CVE' self.site = "https://nvd.nist.gov/vuln/detail/CVE-#{in_ctx_val}" @@ -114,6 +122,17 @@ def initialize(in_ctx_id = 'Unknown', in_ctx_val = '') self.site = "https://wpscan.com/vulnerability/#{in_ctx_val}" elsif in_ctx_id == 'PACKETSTORM' self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}" + elsif in_ctx_id == 'GHSA' + # Handle both formats: with or without GHSA- prefix + ghsa_id = in_ctx_val.start_with?('GHSA-') ? in_ctx_val : "GHSA-#{in_ctx_val}" + # Use repo-specific URL if repo is provided, otherwise use global format + if in_ctx_repo && !in_ctx_repo.empty? + self.site = "https://github.com/#{in_ctx_repo}/security/advisories/#{ghsa_id}" + else + self.site = "https://github.com/advisories/#{ghsa_id}" + end + elsif in_ctx_id == 'OSV' + self.site = "https://osv.dev/vulnerability/#{in_ctx_val}" elsif in_ctx_id == 'URL' self.site = in_ctx_val.to_s elsif in_ctx_id == 'LOGO' @@ -165,9 +184,13 @@ def from_s(str) # The context value of the reference, such as MS02-039 # attr_reader :ctx_val + # + # The context repository for GHSA references (optional) + # + attr_reader :ctx_repo protected - attr_writer :site, :ctx_id, :ctx_val + attr_writer :site, :ctx_id, :ctx_val, :ctx_repo end diff --git a/modules/auxiliary/admin/http/pihole_domains_api_exec.rb b/modules/auxiliary/admin/http/pihole_domains_api_exec.rb index ba310788685e4..7bcdbd10c4913 100644 --- a/modules/auxiliary/admin/http/pihole_domains_api_exec.rb +++ b/modules/auxiliary/admin/http/pihole_domains_api_exec.rb @@ -26,7 +26,7 @@ def initialize(info = {}) 'SchneiderSec' # original PoC, discovery ], 'References' => [ - ['URL', 'https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-5cm9-6p3m-v259'], + ['GHSA', '5cm9-6p3m-v259', 'pi-hole/AdminLTE'], ['CVE', '2021-32706'] ], 'Targets' => [ diff --git a/modules/auxiliary/gather/jetty_web_inf_disclosure.rb b/modules/auxiliary/gather/jetty_web_inf_disclosure.rb index 41e1a5c1d2645..61636cc37a54a 100644 --- a/modules/auxiliary/gather/jetty_web_inf_disclosure.rb +++ b/modules/auxiliary/gather/jetty_web_inf_disclosure.rb @@ -31,8 +31,8 @@ def initialize(info = {}) [ 'EDB', '50438' ], [ 'EDB', '50478' ], [ 'URL', 'https://github.com/ColdFusionX/CVE-2021-34429' ], - [ 'URL', 'https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm' ], # CVE-2021-34429 - [ 'URL', 'https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5' ], # CVE-2021-28164 + [ 'GHSA', 'vjv5-gp2w-65vm', 'jetty/jetty.project' ], # CVE-2021-34429 + [ 'GHSA', 'v7ff-8wcx-gmc5', 'jetty/jetty.project' ], # CVE-2021-28164 [ 'CVE', '2021-34429' ], [ 'CVE', '2021-28164' ] ], diff --git a/modules/auxiliary/gather/listmonk_env_disclosure.rb b/modules/auxiliary/gather/listmonk_env_disclosure.rb index 12042c5ad73a6..379999aa0a582 100644 --- a/modules/auxiliary/gather/listmonk_env_disclosure.rb +++ b/modules/auxiliary/gather/listmonk_env_disclosure.rb @@ -21,7 +21,7 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2025-49136'], - ['URL', 'https://github.com/knadh/listmonk/security/advisories/GHSA-jc7g-x28f-3v3h'] + ['GHSA', 'jc7g-x28f-3v3h', 'knadh/listmonk'] ], 'DisclosureDate' => '2025-06-08', 'Notes' => { diff --git a/modules/auxiliary/gather/minio_bootstrap_verify_info_disc.rb b/modules/auxiliary/gather/minio_bootstrap_verify_info_disc.rb index b091612efbfd7..baddb2a36e3d6 100644 --- a/modules/auxiliary/gather/minio_bootstrap_verify_info_disc.rb +++ b/modules/auxiliary/gather/minio_bootstrap_verify_info_disc.rb @@ -24,7 +24,7 @@ def initialize(info = {}) 'RicterZ' # original PoC, analysis ], 'References' => [ - [ 'URL', 'https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q'], + ['GHSA', '6xvq-wj2x-3h3q', 'minio/minio'], [ 'CVE', '2023-28432'] ], 'Targets' => [ diff --git a/modules/auxiliary/gather/mongodb_ops_manager_diagnostic_archive_info.rb b/modules/auxiliary/gather/mongodb_ops_manager_diagnostic_archive_info.rb index a3ec7a5a339bf..3121488f3d8d9 100644 --- a/modules/auxiliary/gather/mongodb_ops_manager_diagnostic_archive_info.rb +++ b/modules/auxiliary/gather/mongodb_ops_manager_diagnostic_archive_info.rb @@ -33,7 +33,7 @@ def initialize(info = {}) 'h00die', # msf module ], 'References' => [ - [ 'URL', 'https://github.com/advisories/GHSA-xqvf-v5jg-pxc2'], + [ 'GHSA', 'xqvf-v5jg-pxc2' ], [ 'URL', 'https://www.mongodb.com/docs/ops-manager/current/reference/configuration/#mongodb-setting-mms.https.PEMKeyFilePassword'], [ 'CVE', '2023-0342'] ], diff --git a/modules/auxiliary/gather/onedev_arbitrary_file_read.rb b/modules/auxiliary/gather/onedev_arbitrary_file_read.rb index 221efe4f7d3a6..dfb632fd94111 100644 --- a/modules/auxiliary/gather/onedev_arbitrary_file_read.rb +++ b/modules/auxiliary/gather/onedev_arbitrary_file_read.rb @@ -27,7 +27,7 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2024-45309'], - ['URL', 'https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489'] + ['GHSA', '7wg5-6864-v489', 'theonedev/onedev'] ], 'DisclosureDate' => '2024-10-19', 'Notes' => { diff --git a/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb b/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb index 79f11dfb4e799..e8585223c02e1 100644 --- a/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb +++ b/modules/auxiliary/gather/rancher_authenticated_api_cred_exposure.rb @@ -27,7 +27,7 @@ def initialize(info = {}) 'Marco Stuurman' # discovery ], 'References' => [ - [ 'URL', 'https://github.com/advisories/GHSA-g7j7-h4q8-8w2f'], + [ 'GHSA', 'g7j7-h4q8-8w2f' ], [ 'URL', 'https://github.com/fe-ax/tf-cve-2021-36782'], [ 'URL', 'https://fe.ax/cve-2021-36782/'], [ 'CVE', '2021-36782'] diff --git a/modules/auxiliary/scanner/http/grafana_plugin_traversal.rb b/modules/auxiliary/scanner/http/grafana_plugin_traversal.rb index b3a444fd9d9aa..fc08d6ab937d2 100644 --- a/modules/auxiliary/scanner/http/grafana_plugin_traversal.rb +++ b/modules/auxiliary/scanner/http/grafana_plugin_traversal.rb @@ -29,7 +29,7 @@ def initialize(info = {}) 'DisclosureDate' => '2021-12-02', 'References' => [ ['CVE', '2021-43798'], - ['URL', 'https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p'], + ['GHSA', '8pjx-jj86-j47p', 'grafana/grafana'], ['URL', 'https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/'], ['EDB', '50581'], ['URL', 'https://github.com/jas502n/Grafana-CVE-2021-43798'], diff --git a/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb b/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb index ae5e0a32b5405..f84161ac6bff1 100644 --- a/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/icinga_static_library_file_directory_traversal.rb @@ -38,7 +38,7 @@ def initialize(info = {}) 'References' => [ ['EDB', '51329'], ['URL', 'https://www.sonarsource.com/blog/path-traversal-vulnerabilities-in-icinga-web/'], - ['URL', 'https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw'], + ['GHSA', '5p3f-rh28-8frw', 'Icinga/icingaweb2'], ['URL', 'https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d'], ['CVE', '2022-24716'], ], diff --git a/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb b/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb index f3c65c1643701..7c7272ee1e32c 100644 --- a/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb +++ b/modules/auxiliary/scanner/misc/cups_browsed_info_disclosure.rb @@ -21,7 +21,7 @@ def initialize 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2024-47176'], - ['URL', 'https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8' ], + ['GHSA', 'rj88-6mr5-rcw8', 'OpenPrinting/cups-browsed'], ['URL', 'https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/' ], ], 'DefaultOptions' => { 'RPORT' => 631 }, diff --git a/modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb b/modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb index ff6d518b7189c..76d648a093ced 100644 --- a/modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb +++ b/modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb @@ -25,7 +25,7 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2025-27520'], - ['URL', 'https://github.com/advisories/GHSA-33xw-247w-6hmc'], + ['GHSA', '33xw-247w-6hmc', 'bentoml/BentoML'] ], 'Targets' => [ [ diff --git a/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb b/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb index da5604e4577a1..d04a9b68373d2 100644 --- a/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb +++ b/modules/exploits/linux/http/bentoml_runner_server_rce_cve_2025_32375.rb @@ -26,7 +26,7 @@ def initialize(info = {}) 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2025-32375'], - ['URL', 'https://github.com/advisories/GHSA-7v4r-c989-xh26'], + ['GHSA', '7v4r-c989-xh26', 'bentoml/BentoML'] ], 'Targets' => [ [ diff --git a/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb b/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb index e64388e199d22..5d8f2b31527da 100644 --- a/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb +++ b/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb @@ -52,7 +52,7 @@ def initialize(info = {}) ], 'References' => [ ['CVE', '2022-46169'], - ['URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf'], # disclosure and technical details + ['GHSA', '6p93-p743-35gf', 'Cacti/cacti'], # disclosure and technical details ['URL', 'https://github.com/vulhub/vulhub/tree/master/cacti/CVE-2022-46169'], # vulhub vulnerable docker image and PoC ['URL', 'https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution'] # analysis by Stefan Schiller ], diff --git a/modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb b/modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb index f2e47c6d15ef2..b47081c82f396 100644 --- a/modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb +++ b/modules/exploits/linux/http/craftcms_unauth_rce_cve_2023_41892.rb @@ -43,7 +43,7 @@ def initialize(info = {}) [ 'CVE', '2023-41892' ], [ 'URL', 'https://blog.calif.io/p/craftcms-rce' ], [ 'URL', 'https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/' ], - [ 'URL', 'https://github.com/advisories/GHSA-4w8r-3xrw-v25g' ], + [ 'GHSA', '4w8r-3xrw-v25g' ], [ 'URL', 'https://attackerkb.com/topics/2u7OaYlv1M/cve-2023-41892' ], ], 'License' => MSF_LICENSE, diff --git a/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb b/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb index 76e8288a5e287..92d28cd265499 100644 --- a/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb +++ b/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb @@ -28,7 +28,7 @@ def initialize(info = {}) 'Takahiro Yokoyama' # Metasploit module ], 'References' => [ - [ 'URL', 'https://github.com/advisories/GHSA-x645-6pf9-xwxw'], + [ 'GHSA', 'x645-6pf9-xwxw' ], [ 'CVE', '2024-51092'] ], 'Platform' => %w[linux], diff --git a/modules/exploits/linux/http/lucee_admin_imgprocess_file_write.rb b/modules/exploits/linux/http/lucee_admin_imgprocess_file_write.rb index 7e395fb48730f..79eb3be3834b2 100644 --- a/modules/exploits/linux/http/lucee_admin_imgprocess_file_write.rb +++ b/modules/exploits/linux/http/lucee_admin_imgprocess_file_write.rb @@ -29,7 +29,7 @@ def initialize(info = {}) 'References' => [ ['CVE', '2021-21307'], ['URL', 'https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020-cve-2021-21307/7643'], - ['URL', 'https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r'], + ['GHSA', '2xvv-723c-8p7r', 'lucee/lucee'], ['URL', 'https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md'] ], 'DisclosureDate' => '2021-01-15', # rootxharsh and iamnoooob's writeup diff --git a/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb b/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb index 58b82fa884d05..648535fff30d4 100644 --- a/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb +++ b/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb @@ -40,7 +40,7 @@ def initialize(info = {}) 'Erik Wynter' # @wyntererik - Metasploit ], 'References' => [ - ['URL', 'https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw'], # security advisory + ['GHSA', '76f7-9v52-v2fw', 'OpenTSDB/opentsdb'], # security advisory ['CVE', '2023-36812'], # CVE linked in the official security advisory ['CVE', '2023-25826'] # CVE that seems to be a dupe of CVE-2023-36812 since it describes the same issue and references the PR that introduces the commits that are referenced in CVE-2023-36812 ], diff --git a/modules/exploits/linux/http/pandora_itsm_auth_rce_cve_2025_4653.rb b/modules/exploits/linux/http/pandora_itsm_auth_rce_cve_2025_4653.rb index 68506d482e091..ef8a7751931b5 100644 --- a/modules/exploits/linux/http/pandora_itsm_auth_rce_cve_2025_4653.rb +++ b/modules/exploits/linux/http/pandora_itsm_auth_rce_cve_2025_4653.rb @@ -42,7 +42,7 @@ def initialize(info = {}) 'References' => [ ['CVE', '2025-4653'], ['URL', 'https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/'], - ['URL', 'https://github.com/h00die-gr3y/h00die-gr3y/security/advisories/GHSA-m4f8-9c8x-8f3f'], + ['GHSA', 'm4f8-9c8x-8f3f', 'h00die-gr3y/h00die-gr3y'], ['URL', 'https://attackerkb.com/topics/wgCb1QQm1t/cve-2025-4653'] ], 'License' => MSF_LICENSE, diff --git a/modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb b/modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb index fbc26239bb5e7..f009f36410114 100644 --- a/modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb +++ b/modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb @@ -40,7 +40,7 @@ def initialize(info = {}) [ 'CVE', '2024-39205' ], [ 'CVE', '2024-28397' ], [ 'URL', 'https://github.com/Marven11/CVE-2024-39205-Pyload-RCE' ], - [ 'URL', 'https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g' ], + [ 'GHSA', 'w7hq-f2pj-c53g', 'pyload/pyload' ], [ 'URL', 'https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape' ], ], 'DisclosureDate' => '2024-10-28', diff --git a/modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb b/modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb index 7c97ea98db4f0..797f1a440a727 100644 --- a/modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb +++ b/modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb @@ -37,7 +37,7 @@ def initialize(info = {}) 'References' => [ ['CVE', '2024-24578'], ['URL', 'https://attackerkb.com/topics/ywHhBnSObR/cve-2024-24578'], - ['URL', 'https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h'] + ['GHSA', 'q967-q4j8-637h', 'jens-maus/RaspberryMatic'] ], 'DisclosureDate' => '2024-03-16', 'Platform' => ['unix', 'linux'], diff --git a/modules/exploits/linux/http/roxy_wi_exec.rb b/modules/exploits/linux/http/roxy_wi_exec.rb index 481d639cac4ec..020471edfaa45 100644 --- a/modules/exploits/linux/http/roxy_wi_exec.rb +++ b/modules/exploits/linux/http/roxy_wi_exec.rb @@ -28,7 +28,7 @@ def initialize(info = {}) ], 'References' => [ ['URL', 'https://pentest.blog/advisory-roxywi-unauthenticated-remote-code-execution-cve-2022-3113/'], # Advisory - ['URL', 'https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-53r2-mq99-f532'], # Additional Information + ['GHSA', '53r2-mq99-f532', 'roxy-wi/roxy-wi'], # Additional Information ['URL', 'https://github.com/hap-wi/roxy-wi/commit/82666df1e60c45dd6aa533b01a392f015d32f755'], # Patch ['CVE', '2022-31137'] ], diff --git a/modules/exploits/linux/http/traccar_rce_upload.rb b/modules/exploits/linux/http/traccar_rce_upload.rb index d4c4da4e6d4fe..3ecdb76f14724 100644 --- a/modules/exploits/linux/http/traccar_rce_upload.rb +++ b/modules/exploits/linux/http/traccar_rce_upload.rb @@ -22,8 +22,8 @@ def initialize(info = {}) 'Naveen Sunkavally' # Discovery CVE-2024-31214 and PoC ], 'References' => [ - [ 'URL', 'https://github.com/traccar/traccar/security/advisories/GHSA-vhrw-72f6-gwp5'], - [ 'URL', 'https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9'], + ['GHSA', 'vhrw-72f6-gwp5', 'traccar/traccar'], + ['GHSA', '3gxq-f2qj-c8v9', 'traccar/traccar'], [ 'URL', 'https://www.horizon3.ai/attack-research/disclosures/traccar-5-remote-code-execution-vulnerabilities/'], [ 'CVE', '2024-31214'], [ 'CVE', '2024-24809'] diff --git a/modules/exploits/linux/http/wazuh_auth_rce_cve_2025_24016.rb b/modules/exploits/linux/http/wazuh_auth_rce_cve_2025_24016.rb index 61854e380a030..443635646ea5a 100644 --- a/modules/exploits/linux/http/wazuh_auth_rce_cve_2025_24016.rb +++ b/modules/exploits/linux/http/wazuh_auth_rce_cve_2025_24016.rb @@ -30,7 +30,7 @@ def initialize(info = {}) ], 'References' => [ ['CVE', '2025-24016'], - ['URL', 'https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh'], + ['GHSA', 'hcrc-79hj-m3qh', 'wazuh/wazuh'], ['URL', 'https://attackerkb.com/topics/piW0q4r5Uy/cve-2025-24016'], ['ATT&CK', Mitre::Attack::Technique::T1021_REMOTE_SERVICES] ], diff --git a/modules/exploits/linux/local/ndsudo_cve_2024_32019.rb b/modules/exploits/linux/local/ndsudo_cve_2024_32019.rb index e84c3847e2fb7..4df035547ab3b 100644 --- a/modules/exploits/linux/local/ndsudo_cve_2024_32019.rb +++ b/modules/exploits/linux/local/ndsudo_cve_2024_32019.rb @@ -32,7 +32,7 @@ def initialize(info = {}) 'Targets' => [[ 'Auto', {} ]], 'Privileged' => true, 'References' => [ - [ 'URL', 'https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93'], + [ 'GHSA', 'pmhq-4cxq-wj93', 'netdata/netdata' ], [ 'CVE', '2024-32019'] ], 'DisclosureDate' => '2024-04-12', diff --git a/modules/exploits/linux/local/pihole_remove_commands_lpe.rb b/modules/exploits/linux/local/pihole_remove_commands_lpe.rb index 5b7713227371f..d64f3b1676f9a 100644 --- a/modules/exploits/linux/local/pihole_remove_commands_lpe.rb +++ b/modules/exploits/linux/local/pihole_remove_commands_lpe.rb @@ -42,7 +42,7 @@ def initialize(info = {}) }, 'Privileged' => true, 'References' => [ - [ 'URL', 'https://github.com/pi-hole/pi-hole/security/advisories/GHSA-3597-244c-wrpj' ], + ['GHSA', '3597-244c-wrpj', 'pi-hole/pi-hole'], [ 'URL', 'https://www.compass-security.com/fileadmin/Research/Advisories/2021-02_CSNC-2021-008_Pi-hole_Privilege_Escalation.txt' ], [ 'CVE', '2021-29449' ] ], diff --git a/modules/exploits/linux/local/runc_cwd_priv_esc.rb b/modules/exploits/linux/local/runc_cwd_priv_esc.rb index 2077fc7c2bd40..06e39ce940762 100644 --- a/modules/exploits/linux/local/runc_cwd_priv_esc.rb +++ b/modules/exploits/linux/local/runc_cwd_priv_esc.rb @@ -42,7 +42,7 @@ def initialize(info = {}) 'Privileged' => true, 'References' => [ [ 'URL', 'https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/'], - [ 'URL', 'https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv'], + [ 'GHSA', 'xr7r-f8xq-vfvv', 'opencontainers/runc' ], [ 'URL', 'https://security-tracker.debian.org/tracker/CVE-2024-21626'], [ 'URL', 'http://web.archive.org/web/20241006225740/https://ubuntu.com/security/CVE-2024-21626'], [ 'CVE', '2024-21626'] diff --git a/modules/exploits/linux/misc/asterisk_ami_originate_auth_rce.rb b/modules/exploits/linux/misc/asterisk_ami_originate_auth_rce.rb index 29f4a13ef37c5..9c94cf269ab10 100644 --- a/modules/exploits/linux/misc/asterisk_ami_originate_auth_rce.rb +++ b/modules/exploits/linux/misc/asterisk_ami_originate_auth_rce.rb @@ -29,7 +29,7 @@ def initialize(info = {}) 'NielsGaljaard' # discovery ], 'References' => [ - ['URL', 'https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44'], + ['GHSA', 'c4cg-9275-6w44', 'asterisk/asterisk'], ['CVE', '2024-42365'] ], 'Platform' => 'unix', diff --git a/modules/exploits/multi/http/cacti_package_import_rce.rb b/modules/exploits/multi/http/cacti_package_import_rce.rb index 7cd025b7c885e..7d4525a3e3a17 100644 --- a/modules/exploits/multi/http/cacti_package_import_rce.rb +++ b/modules/exploits/multi/http/cacti_package_import_rce.rb @@ -36,7 +36,7 @@ def initialize(info = {}) ], 'References' => [ [ 'URL', 'https://karmainsecurity.com/KIS-2024-04'], - [ 'URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88'], + ['GHSA', '7cmj-g5qc-pj88', 'Cacti/cacti'], [ 'CVE', '2024-25641'] ], 'Platform' => ['unix linux win'], diff --git a/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb b/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb index fae3c0001558e..2ccdedd13f1e0 100644 --- a/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb +++ b/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb @@ -38,8 +38,8 @@ def initialize(info = {}) 'Christophe De La Fuente' # Metasploit module ], 'References' => [ - [ 'URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855'], # SQLi - [ 'URL', 'https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp'], # LFI (RCE) + ['GHSA', 'vr3c-38wh-g855', 'Cacti/cacti'], # SQLi + ['GHSA', 'pfh9-gwm6-86vp', 'Cacti/cacti'], # LFI (RCE) [ 'CVE', '2023-49085'], # SQLi [ 'CVE', '2023-49084'] # LFI (RCE) ], diff --git a/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb b/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb index dfc2f0561e2b8..7478977e6c0cb 100644 --- a/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb +++ b/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb @@ -35,7 +35,7 @@ def initialize(info = {}) ], 'References' => [ ['CVE', '2024-36401'], - ['URL', 'https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv'], + ['GHSA', '6jj6-gm7p-fcvv', 'geotools/geotools'], ['URL', 'https://github.com/vulhub/vulhub/tree/master/geoserver/CVE-2024-36401'], ['URL', 'https://attackerkb.com/topics/W6IDY2mmp9/cve-2024-36401'], ['URL', 'https://github.com/Chocapikk/CVE-2024-36401'] diff --git a/modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb b/modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb index a5b721c3c34b4..5bdc6c505f29b 100644 --- a/modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb +++ b/modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb @@ -38,7 +38,7 @@ def initialize(info = {}) 'Christophe De La Fuente' # MSF module ], 'References' => [ - [ 'URL', 'https://github.com/mybb/mybb/security/advisories/GHSA-876v-gwgh-w57f'], + ['GHSA', '876v-gwgh-w57f', 'mybb/mybb'], [ 'URL', 'https://www.zerodayinitiative.com/advisories/ZDI-22-503/'], [ 'URL', 'https://github.com/Altelus1/CVE-2022-24734'], [ 'CVE', '2022-24734'] diff --git a/modules/exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.rb b/modules/exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.rb index 131d479c8477f..ff4436f58a825 100644 --- a/modules/exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.rb +++ b/modules/exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.rb @@ -35,7 +35,7 @@ def initialize(info = {}) ['CVE', '2023-32315'], ['URL', 'https://attackerkb.com/topics/7Tf5YGY3oT/cve-2023-32315'], ['URL', 'https://github.com/miko550/CVE-2023-32315'], - ['URL', 'https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm'] + ['GHSA', 'gw42-f939-fhvm', 'igniterealtime/Openfire'] ], 'License' => MSF_LICENSE, 'Platform' => [ 'java' ], diff --git a/modules/exploits/multi/http/subrion_cms_file_upload_rce.rb b/modules/exploits/multi/http/subrion_cms_file_upload_rce.rb index d8468427fd750..19a4df4f43bc4 100644 --- a/modules/exploits/multi/http/subrion_cms_file_upload_rce.rb +++ b/modules/exploits/multi/http/subrion_cms_file_upload_rce.rb @@ -37,7 +37,7 @@ def initialize(info = {}) [ 'CVE', '2018-19422' ], [ 'URL', 'https://github.com/intelliants/subrion/issues/801' ], [ 'URL', 'https://github.com/intelliants/subrion/issues/840' ], - [ 'URL', 'https://github.com/advisories/GHSA-73xj-v6gc-g5p5' ] + [ 'GHSA', '73xj-v6gc-g5p5' ] ], 'Platform' => 'php', 'Arch' => ARCH_PHP, diff --git a/modules/exploits/multi/http/torchserver_cve_2023_43654.rb b/modules/exploits/multi/http/torchserver_cve_2023_43654.rb index 1024ae5d64f44..9be3b197e92b4 100644 --- a/modules/exploits/multi/http/torchserver_cve_2023_43654.rb +++ b/modules/exploits/multi/http/torchserver_cve_2023_43654.rb @@ -34,9 +34,9 @@ def initialize(_info = {}) 'References' => [ [ 'URL', 'https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654' ], [ 'CVE', '2023-43654' ], # model registration SSRF - [ 'URL', 'https://github.com/pytorch/serve/security/advisories/GHSA-8fxr-qfr9-p34w' ], + [ 'GHSA', '8fxr-qfr9-p34w' ], [ 'CVE', '2022-1471' ], # snakeyaml deserialization RCE - [ 'URL', 'https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2' ], + [ 'GHSA', 'mjmj-j48q-9wg2' ], [ 'URL', 'https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in' ], [ 'URL', 'https://swapneildash.medium.com/snakeyaml-deserilization-exploited-b4a2c5ac0858' ] ], diff --git a/modules/exploits/multi/http/xwiki_unauth_rce_cve_2025_24893.rb b/modules/exploits/multi/http/xwiki_unauth_rce_cve_2025_24893.rb index a38cf14201860..a1cd9f939ebbd 100644 --- a/modules/exploits/multi/http/xwiki_unauth_rce_cve_2025_24893.rb +++ b/modules/exploits/multi/http/xwiki_unauth_rce_cve_2025_24893.rb @@ -32,7 +32,7 @@ def initialize(info = {}) ], 'References' => [ ['CVE', '2025-24893'], - ['URL', 'https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j'] + ['GHSA', 'rr6p-3pfg-562j', 'xwiki/xwiki-platform'] ], 'Platform' => ['unix', 'linux', 'win'], 'Arch' => [ARCH_CMD], diff --git a/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb b/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb index 90013c72fa9bf..16fdd91f2be40 100644 --- a/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb +++ b/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb @@ -134,13 +134,13 @@ def initialize(info = {}) # The public exploit this module was inspired by ['URL', 'https://github.com/RickdeJager/cupshax'], # The cups-browsed GitHub security advisory - ['URL', 'https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8'], + ['GHSA', 'rj88-6mr5-rcw8', 'OpenPrinting/cups-browsed'], # The libcupsfilters GitHub security advisory - ['URL', 'https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5'], + ['GHSA', 'w63j-6g73-wmg5', 'OpenPrinting/libcupsfilters'], # The libppd GitHub security advisory - ['URL', 'https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6'], + ['GHSA', '7xfx-47qg-grp6', 'OpenPrinting/libppd'], # The cups-filters GitHub security advisory - ['URL', 'https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47'], + ['GHSA', 'p9rh-jxmq-gq47', 'OpenPrinting/cups-filters'], # The IPP server implementation this module is based on ['URL', 'https://github.com/h2g2bob/ipp-server/'] ], diff --git a/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb b/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb index 1430e31373210..096129393932f 100644 --- a/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb +++ b/modules/exploits/multi/misc/vscode_ipynb_remote_dev_exec.rb @@ -31,7 +31,7 @@ def initialize(info = {}) 'Zemnmez' ], 'References' => [ - ['URL', 'https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m'], + ['GHSA', 'pw56-c55x-cm9m', 'google/security-research'], ['CVE', '2022-41034'], ['URL', 'https://github.com/andyhsu024/CVE-2022-41034'] ], diff --git a/modules/exploits/multi/persistence/periodic_script.rb b/modules/exploits/multi/persistence/periodic_script.rb index 176806d987157..d370a9c2b0469 100644 --- a/modules/exploits/multi/persistence/periodic_script.rb +++ b/modules/exploits/multi/persistence/periodic_script.rb @@ -29,11 +29,9 @@ def initialize(info = {}) 'msutovsky-r7' ], 'References' => [ - [ - ['URL', 'https://taomm.org/vol1/pdfs/CH%202%20Persistence.pdf'], - ['URL', 'https://superuser.com/questions/391204/what-is-the-difference-between-periodic-and-cron-on-os-x/'], - ['ATT&CK', Mitre::Attack::Technique::T1053_SCHEDULED_TASK_JOB] - ] + ['URL', 'https://taomm.org/vol1/pdfs/CH%202%20Persistence.pdf'], + ['URL', 'https://superuser.com/questions/391204/what-is-the-difference-between-periodic-and-cron-on-os-x/'], + ['ATT&CK', Mitre::Attack::Technique::T1053_SCHEDULED_TASK_JOB] ], 'DisclosureDate' => '2012-04-01', 'Privileged' => true, diff --git a/modules/exploits/unix/http/raspap_rce.rb b/modules/exploits/unix/http/raspap_rce.rb index b7154f9cce3c4..4e7f9f28b6c98 100644 --- a/modules/exploits/unix/http/raspap_rce.rb +++ b/modules/exploits/unix/http/raspap_rce.rb @@ -32,7 +32,7 @@ def initialize(info = {}) 'References' => [ ['CVE', '2022-39986'], ['URL', 'https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2'], - ['URL', 'https://github.com/advisories/GHSA-7c28-wg7r-pg6f'] + ['GHSA', '7c28-wg7r-pg6f', 'raspap/raspap'] ], 'Platform' => ['unix', 'linux'], 'Privileged' => false, diff --git a/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb b/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb index ac96580ed0aa1..eedf461449925 100644 --- a/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb +++ b/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb @@ -30,7 +30,7 @@ def initialize(info = {}) 'whotwagner' # Metasploit Module ], 'References' => [ - ['URL', 'https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj'], + ['GHSA', 'h3c9-cmh8-7qpj', 'nextcloud/security-advisories'], ['CVE', '2023-26482'] ], 'Platform' => %w[linux unix], diff --git a/modules/exploits/unix/webapp/zoneminder_snapshots.rb b/modules/exploits/unix/webapp/zoneminder_snapshots.rb index e88250e695fab..e1c0b3b859023 100644 --- a/modules/exploits/unix/webapp/zoneminder_snapshots.rb +++ b/modules/exploits/unix/webapp/zoneminder_snapshots.rb @@ -29,7 +29,7 @@ def initialize(info = {}) ], 'References' => [ [ 'CVE', '2023-26035' ], - [ 'URL', 'https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr'] + ['GHSA', '72rg-h4vf-29gr', 'ZoneMinder/zoneminder'] ], 'Privileged' => false, 'Platform' => ['linux', 'unix'], diff --git a/modules/post/linux/gather/rancher_audit_log_leak.rb b/modules/post/linux/gather/rancher_audit_log_leak.rb index 98151b5c99afb..06b9972f24f62 100644 --- a/modules/post/linux/gather/rancher_audit_log_leak.rb +++ b/modules/post/linux/gather/rancher_audit_log_leak.rb @@ -27,7 +27,7 @@ def initialize(info = {}) 'Platform' => ['linux', 'unix'], 'SessionTypes' => ['shell', 'meterpreter'], 'References' => [ - [ 'URL', 'https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr'], + [ 'GHSA', 'xfj7-qf8w-2gcr' ], [ 'URL', 'https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#api-audit-log-options'], [ 'CVE', '2023-22649'] ], diff --git a/spec/module_validation_spec.rb b/spec/module_validation_spec.rb index 75d350d704a54..04f505615f48f 100644 --- a/spec/module_validation_spec.rb +++ b/spec/module_validation_spec.rb @@ -125,11 +125,11 @@ it 'has errors' do expect(subject.errors.full_messages).to eq [ - "References url is not valid, must be in [\"ATT&CK\", \"CVE\", \"CWE\", \"BID\", \"MSB\", \"EDB\", \"US-CERT-VU\", \"ZDI\", \"URL\", \"WPVDB\", \"PACKETSTORM\", \"LOGO\", \"SOUNDTRACK\", \"OSVDB\", \"VTS\", \"OVE\"]", - "References FOO is not valid, must be in [\"ATT&CK\", \"CVE\", \"CWE\", \"BID\", \"MSB\", \"EDB\", \"US-CERT-VU\", \"ZDI\", \"URL\", \"WPVDB\", \"PACKETSTORM\", \"LOGO\", \"SOUNDTRACK\", \"OSVDB\", \"VTS\", \"OVE\"]", + "References url is not valid, must be in [\"ATT&CK\", \"CVE\", \"CWE\", \"BID\", \"MSB\", \"EDB\", \"GHSA\", \"OSV\", \"US-CERT-VU\", \"ZDI\", \"URL\", \"WPVDB\", \"PACKETSTORM\", \"LOGO\", \"SOUNDTRACK\", \"OSVDB\", \"VTS\", \"OVE\"]", + "References FOO is not valid, must be in [\"ATT&CK\", \"CVE\", \"CWE\", \"BID\", \"MSB\", \"EDB\", \"GHSA\", \"OSV\", \"US-CERT-VU\", \"ZDI\", \"URL\", \"WPVDB\", \"PACKETSTORM\", \"LOGO\", \"SOUNDTRACK\", \"OSVDB\", \"VTS\", \"OVE\"]", "References NOCVE please include NOCVE values in the 'notes' section, rather than in 'references'", "References AKA please include AKA values in the 'notes' section, rather than in 'references'", - "References ATTACK is not valid, must be in [\"ATT&CK\", \"CVE\", \"CWE\", \"BID\", \"MSB\", \"EDB\", \"US-CERT-VU\", \"ZDI\", \"URL\", \"WPVDB\", \"PACKETSTORM\", \"LOGO\", \"SOUNDTRACK\", \"OSVDB\", \"VTS\", \"OVE\"]" + "References ATTACK is not valid, must be in [\"ATT&CK\", \"CVE\", \"CWE\", \"BID\", \"MSB\", \"EDB\", \"GHSA\", \"OSV\", \"US-CERT-VU\", \"ZDI\", \"URL\", \"WPVDB\", \"PACKETSTORM\", \"LOGO\", \"SOUNDTRACK\", \"OSVDB\", \"VTS\", \"OVE\"]" ] end end diff --git a/spec/support/lib/module_validation.rb b/spec/support/lib/module_validation.rb index 0e39ee4800867..353e76e2680c8 100644 --- a/spec/support/lib/module_validation.rb +++ b/spec/support/lib/module_validation.rb @@ -91,6 +91,8 @@ def initialize(mod) BID MSB EDB + GHSA + OSV US-CERT-VU ZDI URL @@ -126,7 +128,7 @@ def validate_filename_is_snake_case end def validate_reference_ctx_id - references_ctx_id_list = references.map(&:ctx_id) + references_ctx_id_list = references.select { |ref| ref.respond_to?(:ctx_id) }.map(&:ctx_id) invalid_references = references_ctx_id_list - VALID_REFERENCE_CTX_ID_VALUES invalid_references.each do |ref| diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb index fca228e8c8421..0f4694e75e5d2 100755 --- a/tools/dev/msftidy.rb +++ b/tools/dev/msftidy.rb @@ -246,9 +246,10 @@ def check_ref_identifiers in_refs = false elsif in_super and line =~ /["']Notes["'][[:space:]]*=>/ in_notes = true - elsif in_super and in_refs and line =~ /[^#]+\[[[:space:]]*['"](.+)['"][[:space:]]*,[[:space:]]*['"](.+)['"][[:space:]]*\]/ + elsif in_super and in_refs and line =~ /[^#]+\[[[:space:]]*['"](.+)['"][[:space:]]*,[[:space:]]*['"](.+)['"][[:space:]]*(?:,[[:space:]]*['"](.+)['"])?[[:space:]]*\]/ identifier = $1.strip.upcase value = $2.strip + repo = $3.strip if $3 case identifier when 'CVE' @@ -270,6 +271,17 @@ def check_ref_identifiers warn("Invalid WPVDB reference") if value !~ /^\d+$/ and value !~ /^[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}?$/ when 'PACKETSTORM' warn("Invalid PACKETSTORM reference") if value !~ /^\d+$/ + when 'GHSA' + # Allow both formats: with or without GHSA- prefix + # Format: GHSA-xxxx-xxxx-xxxx or xxxx-xxxx-xxxx (where xxxx is 4 alphanumeric chars) + ghsa_pattern = /^(?:GHSA-)?[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}$/i + warn("Invalid GHSA reference") if value !~ ghsa_pattern + # No specific validation for repo format yet, as it's an optional string + when 'OSV' + # OSV format: ECOSYSTEM-YEAR-ID or ECOSYSTEM-xxxx-xxxx-xxxx (e.g., GO-2021-0113, GHSA-8c52-x9w7-vc95, MINI-xwm2-xhhw-2w6h) + # OSV accepts various formats depending on the ecosystem + osv_pattern = /^[A-Z]+-[A-Z0-9-]+$/i + warn("Invalid OSV reference") if value !~ osv_pattern when 'URL' if value =~ /^https?:\/\/cvedetails\.com\/cve/ warn("Please use 'CVE' for '#{value}'") @@ -289,6 +301,10 @@ def check_ref_identifiers warn("Please use 'WPVDB' for '#{value}'") elsif value =~ /^https?:\/\/(?:[^\.]+\.)?packetstormsecurity\.(?:com|net|org)\// warn("Please use 'PACKETSTORM' for '#{value}'") + elsif value =~ /^https?:\/\/github\.com\/(?:advisories|[\w\-]+\/[\w\-]+\/security\/advisories)\/GHSA-/ + warn("Please use 'GHSA' for '#{value}'") + elsif value =~ /^https?:\/\/osv\.dev\/vulnerability\// + warn("Please use 'OSV' for '#{value}'") end when 'AKA' warn("Please include AKA values in the 'notes' section, rather than in 'references'.") diff --git a/tools/modules/module_missing_reference.rb b/tools/modules/module_missing_reference.rb index 5e03e03a01056..22cdc6a16ad44 100644 --- a/tools/modules/module_missing_reference.rb +++ b/tools/modules/module_missing_reference.rb @@ -24,6 +24,8 @@ def types 'ZDI', 'WPVDB', 'PACKETSTORM', + 'GHSA', + 'OSV', 'URL' ] end diff --git a/tools/modules/module_reference.rb b/tools/modules/module_reference.rb index 5f4a39d73f330..61ace7518c285 100755 --- a/tools/modules/module_reference.rb +++ b/tools/modules/module_reference.rb @@ -34,6 +34,8 @@ def types 'ZDI' => 'http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}', 'WPVDB' => 'https://wpscan.com/vulnerability/#{in_ctx_val}', 'PACKETSTORM' => 'https://packetstormsecurity.com/files/#{in_ctx_val}', + 'GHSA' => 'https://github.com/advisories/#{in_ctx_val}', + 'OSV' => 'https://osv.dev/vulnerability/#{in_ctx_val}', 'URL' => '#{in_ctx_val}' } end