Merge pull request #563 from bugcrowd/Q3-VRT-Update

Cloud Security VRT Additions

Author: RRudder

bugcrowd_templates.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   spec.required_ruby_version = '>= 3.0'
 
-  spec.add_development_dependency 'bundler', '~> 2.6.3'
+  spec.add_development_dependency 'bundler', '~> 2.7.1'
   spec.add_development_dependency 'pry', '~> 0.14.2'
   spec.add_development_dependency 'rake', '~> 13.0.6'
   spec.add_development_dependency 'rspec', '~> 3.12'

submissions/description/cloud_security/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how to access and exploit the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
+
+Attempt to escalate the content spoofing vulnerability. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/cloud_security/identity_and_access_management_iam_misconfigurations/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how to access and exploit the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
+
+Attempt to escalate the content spoofing vulnerability. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/cloud_security/identity_and_access_management_iam_misconfigurations/overly_permissive_iam_roles/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how to access and exploit the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
+
+Attempt to escalate the content spoofing vulnerability. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/cloud_security/identity_and_access_management_iam_misconfigurations/overly_permissive_iam_roles/recommendations.md

@@ -0,0 +1,8 @@
+# Recommendation(s)
+
+Harden cloud environments by enforcing least privilege on identities, encrypting data in transit and at rest, blocking public access to sensitive resources, and restricting admin interfaces to trusted networks. Implement proper network segmentation, enable logging and continuous monitoring, and audit configurations regularly using automated tools. Follow cloud security benchmarks and adopt defense-in-depth strategies.
+
+For more information, view the following resources:
+
+- <https://owasp.org/www-project-cloud-native-application-security-top-10/>
+- <https://cloudsecurityalliance.org/artifacts/security-guidance-v4/>

submissions/description/cloud_security/identity_and_access_management_iam_misconfigurations/overly_permissive_iam_roles/template.md

@@ -0,0 +1,17 @@
+Overly permissive Identity and Access Management (IAM) roles grant more permissions than necessary for a user or service to perform the intended functions of their role. A lack of least privilege creates a larger attack surface, allowing an attacker who compromises an entity with an overly permissive role to perform a larger set of actions. This can lead to unauthorized access, data manipulation, or full control over cloud resources.
+
+**Business Impact**
+
+This vulnerability can result in financial losses and regulatory fines, as well as reputational damage and a loss of customer trust.
+
+**Steps to Reproduce**
+
+1. Identify the following IAM role or policy that appears to have excessive permissions: {{IAM role/policy}}
+1. Perform an action that is outside the normal scope of the role's intended function but is permitted by its overly broad policy: {{unintended action}}
+1. Observe that the unintended action is successfully executed, demonstrating the excessive permissions
+
+**Proof of Concept**
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+
+{{screenshot}}

submissions/description/cloud_security/identity_and_access_management_iam_misconfigurations/publicly_accessible_iam_credentials/guidance.md

@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with a screenshot on how to access and exploit the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
+
+Attempt to escalate the content spoofing vulnerability. If this is possible, provide a full Proof of Concept (PoC).

submissions/description/cloud_security/identity_and_access_management_iam_misconfigurations/publicly_accessible_iam_credentials/recommendations.md

@@ -0,0 +1,8 @@
+# Recommendation(s)
+
+Harden cloud environments by enforcing least privilege on identities, encrypting data in transit and at rest, blocking public access to sensitive resources, and restricting admin interfaces to trusted networks. Implement proper network segmentation, enable logging and continuous monitoring, and audit configurations regularly using automated tools. Follow cloud security benchmarks and adopt defense-in-depth strategies.
+
+For more information, view the following resources:
+
+- <https://owasp.org/www-project-cloud-native-application-security-top-10/>
+- <https://cloudsecurityalliance.org/artifacts/security-guidance-v4/>

submissions/description/cloud_security/identity_and_access_management_iam_misconfigurations/publicly_accessible_iam_credentials/template.md

@@ -0,0 +1,18 @@
+Publicly accessible IAM credentials occur when cloud access keys, secret keys, or other authentication tokens are exposed in public repositories, such as GitHub or public S3 buckets, logs, or insecure configurations. These credentials grant direct access to cloud accounts and resources. An attacker identifying these credentials can immediately gain unauthorized access, bypassing traditional security controls.
+
+**Business Impact**
+
+This vulnerability can result in data theft, deletion of critical resources, deployment of malicious infrastructure, and significant financial fraud. The business can face severe reputational damage, regulatory non-compliance, and loss of data and customer trust.
+
+**Steps to Reproduce**
+
+1. Use public code scanning tools, search engines, or specific credential-finding tools to search for exposed cloud credentials: {{tool or search query}}
+1. Observe that a set of publicly accessible IAM access keys and secret keys is visible at the following location: {{location of exposed credentials}}
+1. Run the following command to list or access resources in the associated cloud account: {{test PoC command}}
+1. Observe that access is gained to the cloud account and its resources
+
+**Proof of Concept**
+
+The screenshot(s) below demonstrate(s) the vulnerability:
+
+{{screenshot}}

submissions/description/cloud_security/identity_and_access_management_iam_misconfigurations/recommendations.md

@@ -0,0 +1,8 @@
+# Recommendation(s)
+
+Harden cloud environments by enforcing least privilege on identities, encrypting data in transit and at rest, blocking public access to sensitive resources, and restricting admin interfaces to trusted networks. Implement proper network segmentation, enable logging and continuous monitoring, and audit configurations regularly using automated tools. Follow cloud security benchmarks and adopt defense-in-depth strategies.
+
+For more information, view the following resources:
+
+- <https://owasp.org/www-project-cloud-native-application-security-top-10/>
+- <https://cloudsecurityalliance.org/artifacts/security-guidance-v4/>