Feature/tag CVE

apps/dashboard/src/main/java/com/akto/action/testing_issues/IssuesAction.java

@@ -197,6 +197,7 @@ public static BasicDBObject createSubcategoriesInfoObj(TestConfig testConfig) {
         infoObj.put("testName", info.getName());
         infoObj.put("references", info.getReferences());
         infoObj.put("cwe", info.getCwe());
+        infoObj.put("cve", info.getCve());
         infoObj.put("name", testConfig.getId());
         infoObj.put("_name", testConfig.getId());
         infoObj.put("content", testConfig.getContent());

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AbusingCRLFInHeaders.yaml

@@ -24,6 +24,9 @@ info:
     - CWE-93
     - CWE-74
     - CWE-20
+  cve:
+    - CVE-2020-15693
+    - CVE-2023-0040
 
 api_selection_filters:
   query_param:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AddUserId.yaml

@@ -28,6 +28,8 @@ info:
     - CWE-639
     - CWE-284
     - CWE-285
+  cve:
+    - CVE-2022-34621
 
 auth:
   authenticated: true

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AirflowConfigurationExposure.yaml

@@ -18,6 +18,8 @@ info:
   cwe:
     - CWE-200
     - CWE-213
+  cve:
+    - CVE-2023-35005
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AmazonDockerConfig.yaml

@@ -16,6 +16,8 @@ info:
   cwe:
     - CWE-200
     - CWE-213
+  cve:
+    - CVE-2020-14329
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ApacheConfig.yaml

@@ -16,6 +16,8 @@ info:
   cwe:
     - CWE-200
     - CWE-213
+  cve:
+    - CVE-2018-10245
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/AppendXSS.yaml

@@ -21,6 +21,10 @@ info:
     - "https://hackerone.com/reports/840759"
   cwe:
     - CWE-79
+  cve:
+    - CVE-2015-1159 
+    - CVE-2023-24737 
+    - CVE-2020-25495
 
 api_selection_filters:
   method:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BOLAByChangingAuthToken.yaml

@@ -32,6 +32,8 @@ info:
     - CWE-284
     - CWE-285
     - CWE-639
+  cve:
+    - CVE-2023-39349
 
 auth:
   authenticated: true

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BasicXSS.yaml

@@ -20,6 +20,9 @@ info:
     - "https://owasp.org/www-community/attacks/xss/"
   cwe:
     - CWE-79
+  cve:
+    - CVE-2022-34196 
+    - CVE-2023-44764
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaRemovingCookie.yaml

@@ -19,6 +19,9 @@ info:
   references:
   cwe:
     - CWE-307
+  cve:
+    - CVE-2023-0085
+    - CVE-2021-37417
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/BypassCaptchaUsingHeader.yaml

@@ -20,6 +20,9 @@ info:
     - "https://hackerone.com/reports/210417"
   cwe:
     - CWE-287
+  cve:
+    - CVE-2022-39955
+    - CVE-2023-0085
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationInvalidOrigin.yaml

@@ -24,6 +24,9 @@ info:
     - "https://crashtest-security.com/cors-misconfiguration/"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2021-27786
+    - CVE-2021-26991
 
 auth:
   authenticated: true

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CORSMisconfigurationWhitelistOrigin.yaml

@@ -23,6 +23,8 @@ info:
     - "https://crashtest-security.com/cors-misconfiguration/"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2021-27786
 
 auth:
   authenticated: true

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CSRFLoginAttack.yaml

@@ -23,6 +23,9 @@ info:
     - "https://www.invicti.com/web-vulnerability-scanner/vulnerabilities/cross-site-request-forgery-in-login-form-invicti/"
   cwe:
     - CWE-352
+  cve:
+    - CVE-2023-33212
+    - CVE-2023-42270
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CgiPrintEnv.yaml

@@ -15,6 +15,8 @@ info:
     - https://www.acunetix.com/vulnerabilities/web/test-cgi-script-leaking-environment-variables/
   cwe:
     - CWE-16
+  cve:
+    - CVE-2023-22897
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CommandInjectionByAddingQueryParams.yaml

@@ -21,6 +21,9 @@ info:
     - "https://twitter.com/trbughunters/status/1283133356922884096"
   cwe:
     - CWE-77
+  cve:
+    - CVE-2023-25826
+    - CVE-2023-41031
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigJson.yaml

@@ -16,6 +16,9 @@ info:
   cwe:
     - CWE-200
     - CWE-213
+  cve:
+    - CVE-2021-31567
+    - CVE-2023-35005
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigRuby.yaml

@@ -16,6 +16,8 @@ info:
     - https://www.acunetix.com/vulnerabilities/web/ruby-on-rails-database-configuration-file/
   cwe:
     - CWE-538
+  cve:
+    - CVE-2019-5418
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ConfigurationListing.yaml

@@ -15,6 +15,9 @@ info:
     - https://www.exploit-db.com/ghdb/7014 
   cwe:
     - CWE-16
+  cve:
+    - CVE-2021-1126
+    - CVE-2021-33214
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/ContentTypeHeaderMissing.yaml

@@ -28,6 +28,9 @@ info:
     - "https://cwe.mitre.org/data/definitions/639.html"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2023-38199
+    - CVE-2023-26130
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/CookieMisconfiguration.yaml

@@ -19,6 +19,9 @@ info:
     - "https://hackerone.com/reports/58679"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2023-4654
+    - CVE-2023-28708
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DefaultLoginCredentials.yml

@@ -25,6 +25,9 @@ info:
     - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/"
   cwe:
     - CWE-1392
+  cve:
+    - CVE-2023-41878
+    - CVE-2023-37755
 
 wordLists:
   usernames:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DescriptiveErrorMessageInvalidPayloads.yaml

@@ -20,6 +20,9 @@ info:
     - "https://owasp.org/www-community/Improper_Error_Handling"
   cwe:
     - CWE-209
+  cve:
+    - CVE-2020-11883
+    - CVE-2020-15652
 
 api_selection_filters:
   method:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DjangoUrlExposed.yaml

@@ -24,6 +24,8 @@ info:
     - "https://hackerone.com/reports/1033423"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2017-12794
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/DockerComposeConfig.yaml

@@ -16,6 +16,8 @@ info:
     - https://secapps.com/vulndb/docker-compose-exposure
   cwe:
     - CWE-16
+  cve:
+    - CVE-2023-37273
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FetchSensitiveFilesViaSSRF.yaml

@@ -26,6 +26,8 @@ info:
     - "https://www.cobalt.io/blog/from-ssrf-to-port-scanner"
   cwe:
     - CWE-918
+  cve:
+    - CVE-2023-27163
 
 api_selection_filters:
   or:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseConfigExposure.yaml

@@ -15,6 +15,9 @@ info:
     - https://github.com/firebase/firebaseui-web/blob/master/demo/public/sample-config.js
   cwe:
     - CWE-16
+  cve:
+    - CVE-2020-7765
+    - CVE-2021-46743
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FirebaseUnauthenticated.yaml

@@ -20,6 +20,9 @@ info:
     - "http://ghostlulz.com/google-exposed-firebase-database/"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2020-7765
+    - CVE-2021-46743
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FlaskDebugModeEnabled.yaml

@@ -28,6 +28,8 @@ info:
     - "http://ghostlulz.com/flask-rce-debug-mode/"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2015-5306
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/FtpCredentialsExposure.yaml

@@ -16,6 +16,9 @@ info:
   cwe:
     - CWE-200
     - CWE-213
+  cve:
+    - CVE-2023-2061
+    - CVE-2018-18371
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfig.yaml

@@ -15,6 +15,8 @@ info:
     - https://pentester.land/blog/source-code-disclosure-via-exposed-git-folder/
   cwe:
     - CWE-16
+  cve:
+    - CVE-2023-29007
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitConfigNginxoffbyslash.yaml

@@ -17,6 +17,9 @@ info:
     - https://github.com/PortSwigger/nginx-alias-traversal/blob/master/off-by-slash.py
   cwe:
     - CWE-16
+  cve:
+    - CVE-2021-23017
+
 api_selection_filters:
   response_code:
     gte: 200

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GitCredentialsDisclosure.yaml

@@ -16,6 +16,8 @@ info:
   cwe:
     - CWE-200
     - CWE-213
+  cve:
+    - CVE-2020-5260
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GithubWorkflowsDisclosure.yaml

@@ -15,6 +15,9 @@ info:
     - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/github-workflows-disclosure.json
   cwe:
     - CWE-16
+  cve:
+    - CVE-2023-34111
+    - CVE-2022-46258
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlDevelopmentConsoleExposed.yaml

@@ -27,6 +27,8 @@ info:
     - "https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2021-41248
 
 api_selection_filters:
   url:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlFieldSuggestionEnabled.yaml

@@ -24,6 +24,8 @@ info:
     - "https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2023-5192
 
 api_selection_filters:
   url:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlIntrospectionEnabled.yaml

@@ -26,6 +26,8 @@ info:
     - "https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2023-5192
 
 api_selection_filters:
   url:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/GraphqlTypeIntrospectionAllowed.yaml

@@ -25,6 +25,8 @@ info:
     - "https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2021-41248
 
 api_selection_filters:
   url:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeadMethodTest.yaml

@@ -35,6 +35,8 @@ info:
     - "https://cwe.mitre.org/data/definitions/639.html"
   cwe:
     - CWE-16
+  cve:
+    - CVE-2022-45956
 
 auth:
   authenticated: true

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HeaderReflectedInInvalidUrl.yaml

@@ -19,7 +19,9 @@ info:
   references:
     - "https://hackerone.com/reports/792998"
   cwe:
-    - "CWE-16"
+    - CWE-16
+  cve:
+    - CVE-2022-37724
 
 api_selection_filters:
   response_code:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/HttpResponseSplitting.yaml

@@ -21,6 +21,8 @@ info:
     - "https://www.invicti.com/blog/web-security/crlf-http-header/"
   cwe:
     - CWE-93
+  cve:
+    - CVE-2023-41834
 
 api_selection_filters:
   query_param:

apps/dashboard/src/main/resources/inbuilt_test_yaml_files/InvalidFileInput.yaml

@@ -27,6 +27,8 @@ info:
   cwe:
     - CWE-728
     - CWE-388
+  cve:
+    - CVE-2020-10097
 
 api_selection_filters:
   response_code: