hh-hunter
commented
1 year ago @maoning hi,Are you still active? Could you give me a reply?
Closed hh-hunter closed 9 months ago
hh-hunter
commented
1 year ago @maoning hi,Are you still active? Could you give me a reply?
maoning
commented
1 year ago Hi @hh-hunter,
Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.
Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.
Thanks!
hh-hunter
commented
10 months ago @tooryx Has this issue been resolved? Do I need to resubmit the participation form regarding this issue? When I logged into https://bughunters.google.com/, I found that there is no information about my previous submission. What could be the reason for this?
tooryx
commented
10 months ago Hi @hh-hunter,
Your PR has been merged. This usually means a reward will be granted. Google will start the internal QC process and the reward amount will be determined based on the quality of the detector report. Please be patient and allow up to a week for the QC process to finish. You'll be notified once the decision is made.
I indeed do not see a previous submission for this contribution. Could you please fill the participation form again?
Finally, can I ask you to take a look at my merge request for the test docker images you provided? Once reviewed, could you also please submit them to the testbeds repository? I would do it myself, but then you would not get credit for it.
Thanks! ~tooryx
hh-hunter
commented
10 months ago @tooryx Thank you very much for pointing out some issues with my Docker image. I have merged your pull request and resubmitted the form information. https://github.com/google/security-testbeds/pull/16
hh-hunter
commented
10 months ago @tooryx There is another question. I previously submitted many plugins and fingerprints, but now I can't see them on bughunters. Can this issue be resolved?
tooryx
commented
10 months ago Thank you @hh-hunter! For bughunters, we will retro-file them together as we go through the different submissions. As I mentioned in a different comment, we are slowly going through the backlog. Please bear with us.
~tooryx
tooryx
commented
9 months ago Hi @hh-hunter,
We came to a decision for this issue and you should soon receive a message with the amount of the reward and forward instructions. Feel free to reopen if there are issues in the process.
~tooryx
Hello.
I would like to start implementing a plugin to detect CVE-2023-1177,This vulnerability should be relatively new and has been patched.
The vulnerability has been assigned a CVE ID CVE-2023-1177 (CVSS score >= 7.0) and the severity level of the vulnerability is HIGH or CRITICAL: CVSS score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Improper Access Control which enables malicious actors to download arbitrary files unrelated to MLflow from the host server, including any files stored in remote locations to which the host server has access
This vulnerability can read arbitrary files. Since MLflow usually configures s3 storage, it means that AWS account information can also be obtained, and information such as local ssh private keys can also be read, resulting in RCE
The vulnerability can be exploited remotely without authentication and user interaction.
Please let me know if this is in scope to start with its development.