Summary of Releases v9.6.5, v9.6.6, v9.6.7 and v9.6.8

This month, we've released multiple versions of Nuclei Templates that bring numerous enhancements to Nuclei users.

Introduction

Welcome to the October 2023 edition of Nuclei Templates Monthly Release. The cyber landscape continues to evolve with new, significant CVEs making waves in the community. This month, we're spotlighting a range of serious vulnerabilities including:

• F5 BIG-IP's - Unauthenticated RCE via AJP Smuggling
• NextGen Mirth Connect's - Remote Code Execution
• Viessmann Vitogate 300's - Remote Code Execution
• Citrix Bleed - Leaking Session Tokens
• JetBrains TeamCity < 2023.05.4 - Remote Code Execution
• Sitecore - Remote Code Execution
• Microsoft SharePoint - Authentication Bypass
• Atlassian Confluence - Privilege Escalation

These CVEs have garnered substantial attention due to their potential impact on network security and data integrity. For instance, the unauthenticated RCE in F5 BIG-IP systems could provide attackers with unauthorized access to sensitive systems. The discoveries highlight the ever-urgent need for robust security measures and continuous vigilance in the face of evolving cyber threats. Our latest releases encapsulate these, along with other notable CVEs, furnishing the security community with vital tools to tackle these looming threats head-on.

New Templates Added

We are excited to announce the addition of 255 new templates to the Nuclei Templates project. These templates cover a wide range of security checks, from trending CVEs to templates for newly supported protocols in Nuclei v3, empowering you to identify potential vulnerabilities efficiently. The contributions from our dedicated community have been immeasurably valuable in expanding the breadth of Nuclei's capabilities, and we extend our gratitude to all those involved.

New CVEs Added

This month we have added 158 🔥 new CVEs, ensuring you remain current with the latest security vulnerabilities. By including these CVEs in the Nuclei Templates, we aim to provide you with the necessary tools to detect and mitigate potential risks proactively.

Bug Fixes and Enhancements

This month we have done several bug fixes and implemented enhancements to improve the overall functionality of Nuclei Templates. The following contributions from our community members have been instrumental in making these improvements:

• 16 new Log4j templates were added by Shaikh Yaser
• The remediation, EPSS, product, vendor, and other metadata details have been updated on the CVE templates
• All templates have been signed to ensure the integrity and authenticity of Nuclei templates. You can read more about it here.
• A new JavaScript protocol directory has been added to the nuclei-templates repo.
• 10 templates have been updated to fix false negatives and positives.

Highlighted CVE Templates

✅ CVE-2023-46747: F5 BIG-IP - Unauthenticated RCE via AJP Smuggling

F5 BIG-IP is vulnerable to an unauthenticated remote code execution via AJP Smuggling which allows an attacker to execute arbitrary system commands.

✅ CVE-2023-45852: Viessmann Vitogate 300 - Remote Code Execution

Viessmann Vitogate 300 has a vulnerability where an unauthenticated attacker can bypass authentication and execute arbitrary commands.

✅ CVE-2023-4966: Citrix Bleed - Leaking Session Tokens

Termed as "Citrix Bleed", this vulnerability in Citrix NetScaler ADC and NetScaler Gateway leads to information disclosure allowing an unauthenticated attacker to hijack an existing authenticated session.

✅ CVE-2023-42793: JetBrains TeamCity < 2023.05.4 - Remote Code Execution

JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

✅ CVE-2023-35813: Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3

✅ CVE-2023-29357: Microsoft SharePoint - Auth Bypass

Microsoft SharePoint Server Elevation of Privilege Vulnerability

✅ ServiceNow Widget-Simple-List - Misconfiguration

This template highlights a misconfiguration vulnerability in ServiceNow Widget-Simple-List which can potentially lead to unauthorized access or data exposure.

✅ CVE-2023-22515 - Atlassian Confluence - Privilege Escalation

Atlassian Confluence Data Center and Server contains a privilege escalation vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.

✅ CVE-2023-37979 - Ninja Forms < 3.6.26 - Cross-Site Scripting

Ninja Forms has a Cross-Site Scripting (XSS) vulnerability in versions before 3.6.26 which could allow attackers to inject malicious scripts into web pages viewed by other users.

✅ CVE-2021-25016: Chaty < 2.8.2 - Cross-Site Scripting

Chaty has a Cross-Site Scripting (XSS) vulnerability in versions before 2.8.2 which could potentially allow attackers to inject malicious scripts.

✅ CVE-2020-6950: Eclipse Mojarra - Local File Read

Eclipse Mojarra has a vulnerability that allows local file read, potentially allowing attackers to read sensitive files on the server.

✅ CVE-2023-4451: Cockpit - Cross-Site Scripting

Cockpit has a Cross-Site Scripting (XSS) vulnerability which could potentially allow attackers to inject malicious scripts.

✅ CVE-2023-3710: Honeywell PM43 Printers - Command Injection

Honeywell PM43 Printers are vulnerable to a command injection attack, which could allow attackers to execute arbitrary commands.

✅ CVE-2023-3219: EventON Lite < 2.1.2 - Arbitrary File Download

EventON Lite has a vulnerability that allows arbitrary file download in versions before 2.1.2, which could potentially lead to information disclosure.

We express our sincere appreciation to the community members, including our first-time contributors for their contributions to the Nuclei Templates project.

• @shaikhyaser made their first contribution in #8419
• @rxerium made their first contribution in #8427
• @5hank4r made their first contribution in #8086
• @fmunozs made their first contribution in #8240
• @fapami made their first contribution in #8246
• @zn9988 made their first contribution in #8216
• @joaonevess made their first contribution in #8274
• @danfaizer made their first contribution in #8287
• @sttlr made their first contribution in #8227
• @Thabisocn made their first contribution in #8289
• @jainiresh made their first contribution in #8286
• @CravateRouge made their first contribution in #8217
• @Osb0rn3 made their first contribution in #8322
• @thehlopster made their first contribution in #8252

News, Upcoming Features & Roadmap

We're thrilled to share that Nuclei v3 has been released, featuring new additions such as Code Protocol, Template Signing & Verification, JavaScript Protocol, Multi-Protocol Engine, Flow Template Engine, SDK-4-ALL (revamped GO SDK), and enhanced stability across different execution environments.

The Nuclei v3 release benefits template writers through its new Flow Template Engine, allowing for more complex workflows, and the Template Signing & Verification feature, ensuring the integrity and authenticity of templates. Additionally, the revamped SDK-4-ALL provides a more robust toolkit for template development. You can read more about it here.

Join the Nuclei Templates community on Discord, where you can actively participate, collaborate, and share valuable insights. Feel free to join the Discord server if you have any questions or suggestions for further improving Nuclei Templates.