FlagThis - #ProjectDiscovery

A high-severity vulnerability has been discovered in the popular open-source vulnerability scanner, Nuclei. Tracked as CVE-2024-43405, the flaw allows attackers to bypass Nuclei's template signature verification process and inject malicious code into systems using custom templates. This is made possible by a discrepancy in how Nuclei handles newline characters using regular expressions (regex) in combination with its YAML parser. The regex verification treats "r" as part of the same line, while the YAML parser sees it as a line break. This discrepancy allows the insertion of malicious code, circumventing signature verification. The vulnerability has a CVSS score of 7.4 out of 10 and affects all versions of Nuclei later than 3.0.0.

The attack vector arises when untrusted or community-contributed templates are used without proper validation or isolation. Attackers can craft malicious templates with manipulated digest lines or carefully placed \r line breaks to bypass the signature checks. This could potentially lead to arbitrary code execution and allow access to sensitive host data. The discovery of the vulnerability is credited to researchers at Cloud security firm Wiz. ProjectDiscovery, the developer of Nuclei, has issued a patch in version 3.3.2. It is imperative users upgrade to the latest version of the Nuclei scanner and thoroughly validate all templates.


References :

• ciso2ciso.com: Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution – Source:thehackernews.com
• securityaffairs.com: Nuclei flaw allows signature bypass and code execution
• The Hacker News: Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
• ciso2ciso.com: Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution – Source:thehackernews.com
• ciso2ciso.com: Nuclei flaw allows signature bypass and code execution – Source: securityaffairs.com
• ciso2ciso.com: Nuclei flaw allows signature bypass and code execution – Source: securityaffairs.com
• Pyrzout :vm:: Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution – Source:thehackernews.com
• Osint10x: Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
• ciso2ciso.com: Open source vulnerability scanner found with a serious vulnerability in its own code – Source: www.csoonline.com
• ciso2ciso.com: Open source vulnerability scanner found with a serious vulnerability in its own code
• malware.news: High-severity Nuclei signature verification bypass issue examined
• www.scworld.com: High-severity Nuclei signature verification bypass issue examined

Classification:

• HashTags: #Nuclei #VulnerabilityScanner #CodeExecution
• Company: Nuclei
• Target: Nuclei Users
• Product: Nuclei
• Feature: Code Execution
• Type: Vulnerability
• Severity: Major