Add CVE-2024-22476 Detector Plugin

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

860 stars 178 forks source link

Add CVE-2024-22476 Detector Plugin #501

Closed frkngksl closed 1 week ago

frkngksl commented 3 weeks ago

Hi @tooryx ,

This is the plugin PR that resolves #494

Vulnerable and Fixed Environments are here: https://github.com/google/security-testbeds/pull/63

frkngksl commented 3 weeks ago

One point that I should mention is, neural-compressor webserver works multi-threaded. Therefore, sending a sleep command to detect the vulnerability doesn't work because injected command works in another thread (different than the threat that sends the response). That's why I didn't add a control for cases which callback server is not available.

frkngksl commented 2 weeks ago

Hi @leonardo-doyensec ,

Thank you for your comments. I guess I fixed all your reviews according to your advices. Can you review the changes again please?

frkngksl commented 2 weeks ago

Sent the last change too @leonardo-doyensec

leonardo-doyensec commented 2 weeks ago

LGTM - Approved @maoning we can merge this. Moreover we can also merge the testbed

Reviewer: Leonardo, Doyensec Plugin: CVE-2024-22476 Detector - OS Command Injection in Intel Neural Compressor Feedback: The overall quality is decent. The security testbed was easy to deploy, but the steps to trigger manually the vulnerability were missing at first. The plugin was lacking a fingerprinting phase and some minor aspect of formatting went overlooked. The contributor was really fast to address all the issues. Drawback: None.