| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | security-center |
| Provider | Azure |
It is recommended that at least one valid contact is configured for the security center. Microsoft will notify the security contact directly in the event of a security incident and will look to use a telephone number in cases where a prompt response is required.
Set a telephone number for security center contact
| Property | |
|---|---|
| Language | |
| Severity | |
| Service | network |
| Provider | Nifcloud |
The router is configured to use a common private network that is shared with other users, rather than an isolated private LAN. This setup does not effectively separate sensitive internal traffic from other tenants.
Sensitive data transmitted between servers could be exposed to other users sharing the same network, increasing the risk of data leakage, unauthorized access, and potential lateral movement by attackers within the shared environment.
| Property | |
|---|---|
| Language | |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
| Vulnerability Type | omission |
The S3 bucket used to store AWS CloudTrail logs is configured with public access, allowing anyone to view sensitive log data. This exposes detailed records of all API activity within the AWS account.
Public exposure of CloudTrail logs can reveal sensitive operational details, user activity, and configuration information, enabling attackers to identify vulnerabilities or plan targeted attacks against the AWS environment.
| Property | |
|---|---|
| Language | |
| Severity |  |
| Service | rds |
| Provider | AWS |
| Vulnerability Type | omission |
The RDS Aurora cluster is configured without storage encryption enabled or without specifying a KMS key, leaving data at rest unprotected. This misconfiguration allows data to be stored in plaintext on disk.
If the RDS cluster is compromised, attackers could access and read unencrypted database files, exposing sensitive application or customer data and potentially violating compliance requirements.
| Property | |
|---|---|
| Language | |
| Severity | |
| Vulnerability Type | misconfiguration |
The deployment includes Helm Tiller, a component from Helm v2 that runs with elevated privileges and exposes an unauthenticated gRPC endpoint, making the cluster management plane vulnerable to remote access and manipulation.
If exploited, attackers could gain full control over Kubernetes resources by sending commands to Tiller, potentially leading to privilege escalation, unauthorized deployments or deletions, and compromise of the entire cluster.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Using Filename.temp_file can create temporary files in a way that allows attackers to replace them with malicious files or symlinks before your code opens them. This happens because the file is created and opened in separate steps, introducing a timing window.
An attacker could exploit this race condition to read, modify, or hijack sensitive temporary files, potentially leading to data leaks, privilege escalation, or code execution. This may compromise application integrity and expose sensitive data or system resources.
| Property | |
|---|---|
| Language | java |
| Severity | |
| CWE | CWE-501: Trust Boundary Violation |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
User input from HTTP requests is being stored directly in session attributes without validation or sanitization. This allows untrusted data to be saved in the session, making it possible for attackers to manipulate session state.
If exploited, attackers could inject malicious data into the user session, potentially leading to privilege escalation, unauthorized actions, or bypassing security checks. This compromises the trust boundary between user input and secure session data, putting sensitive operations and user accounts at risk.
| Property | |
|---|---|
| Language | |
| Severity | |
| Service | storage |
| Provider | Azure |
| Vulnerability Type | omission |
Storage account network rules are configured without allowing ‘AzureServices’ in the bypass list, preventing trusted Microsoft services from accessing the storage account as intended. This restricts legitimate service integrations that rely on direct access beyond typical network rules.
Trusted Microsoft services, such as Azure Backup or Azure Monitoring, may fail to interact with the storage account, potentially causing disruptions in backups, monitoring, or other automated operations. This could lead to service outages, data loss, or inability to meet compliance and operational requirements.
| Property | |
|---|---|
| Language |  |
| Severity | |
| CWE | CWE-650: Trusting HTTP Permission Methods on the Server Side |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
The code checks only for GET requests using request.get?, but in Rails, HEAD requests are routed as GET and will not pass this check. This can lead to unexpected or incorrect behavior if HEAD requests aren’t properly handled.
Attackers may exploit this oversight to bypass certain logic or access routes in unintended ways, potentially exposing sensitive information or causing the application to behave unpredictably under HEAD requests. This can result in data leakage or functionality misuse.
| Property | |
|---|---|
| Language |  |
| Severity | |
| CWE | CWE-252: Unchecked Return Value |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
If you use openssl_decrypt without checking if it returned false, your code may mistakenly process failed decryption as valid data. This can lead to unexpected behavior or errors, especially if the decrypted data is assumed to be correct.
Failing to handle decryption errors could allow attackers to trigger logic errors, bypass security checks, or cause the application to operate on invalid data. This may result in data corruption, application crashes, or unintended information disclosure.