Closed joernNNN closed 1 week ago
tooryx
commented
1 week ago Hi @joernNNN,
Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.
Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.
Thanks!
joernNNN
commented
1 week ago @tooryx Sadly I was wrong and can't validate an exposed dagster UI with the help of a tsunami callback server because I can't execute arbitrary commands. should I continue writing a plugin or can you please let me work with the following PRP instead which is one of the most popular web apps? https://github.com/google/tsunami-security-scanner-plugins/issues/508
tooryx
commented
1 week ago I will discuss this with the rest of the team and let you know. Most likely next week.
~tooryx
tooryx
commented
1 week ago Hi @joernNNN,
Then if it does not lead to remote code execution, let's abort the development of this plugin. Thank you for taking the time to submit a proposal.
~tooryx
My third PRP :)
if you are not familiar with Dagster, it is an organization-level data orchestration platform that contains a web server. according to my preliminary research Dasgter web server doesn't have authentication and we can run workflows, so again I think the misconfigured Dasgter instance can be confirmed with the help of the tsunami callback server.
quick setup if you want to test it: according to: https://docs.dagster.io/deployment/guides/docker#docker-compose-example
open the browser and navigate to
http://dockerContainerIP:3000