Vulners got all exploits from GitHub

Vulners released new robot to search exploits/PoC in open-source projects on the GitHub. Enrich your vulnerability systems with new data and set up new correlation. Maybe your previous vulnerabilities will turn out to be more critical with the new parameters?

The feature is available to all Enterprise subscription users. You can start testing this feature with a Trial subscription.

Why look for exploits in open source?

The main purpose of the new robot is to find new exploit/PoCs for vulnerabilities on GitHub. For example, someone can convert PoC into working tools, or, if you have submitted a new vulnerability, you can subscribe to news on it and find out when a potential exploit will appear for it.

For example CVE-2021-22205 in GitLab:

For the first time PoC appeared on GitHub earlier than similar code in official sources. Sometimes, an exploit or PoC is only presented on GitHub and not found in other databases. If an exploit/PoC has appeared for a vulnerability, then this fact significantly affects its exploitability and level of severity.

Why is it so valuable to Vulners?

Anyone can try to do the same parsing via GitHub web console or GitHub API. The advantage of the new robot in the cross-correlation of the bulletins and other advantages of Vulners.

For example, in the GitHub exploit for CVE-2020-1472 vulnerability, it will be highlighted to which vulnerability it belongs to and any other bulletins associated with this vulnerability. Also, the user can receive this information through the API and use it in Vulnerability management systems:

vulners_api = vulners.Vulners(api_key="API KEY")
audit_result = vulners_api.document("CVE-2020-1472",  fields=["*"])

Results in references:

{
                    "type": "githubexploit",
                    "idList": [
                        "87B06BBD-7ED2-5BD2-95E1-21EE66501505",
                        "9C9BD402-511C-597D-9864-647131FE6647",
                        "4CB63A18-5D6F-57E3-8CD8-9110CF63E120",
                        "49EC151F-12F0-59CF-960C-25BD54F46680",
                        "5E80DB20-575C-537A-9B83-CCFCCB55E448",
                        "2255B39F-1B91-56F4-A323-8704808620D3",
                        "7078ED42-959E-5242-BE9D-17F2F99C76A8",
                        "DEC5B8BB-1933-54FF-890E-9C2720E9966E",
                        "AEF449B8-DC3E-544A-A748-5A1C6F7EBA59",
                        "2E71FF50-1B48-5A8E-9212-C4CF9399715C",
                        "BBE1926E-1EC7-5657-8766-3CA8418F815C",
                        "2D16FB2A-7A61-5E45-AAF8-1E090E0ADCC0",
                        "C7CE5D12-A4E5-5FF2-9F07-CD5E84B4C02F",
                        "50FA6373-CBCD-5EF5-B37D-0ECD621C6134",
                        "939F3BE7-AF69-5351-BD56-12412FA184C5",
                        "14BD2DBD-3A91-55FC-9836-14EF9ABF56CF",
                        "06BAC40D-74DF-5994-909F-3A87FC3B76C8",
                        "B7C1C535-3653-5D12-8922-4C6A5CCBD5F3",
                        "6FB0B63E-DE9A-5065-B577-ECA3ED5E9F4B",
                        "3F400483-1F7E-5BE5-8612-4D55D450D553",
                        "12E44744-1AF0-523A-ACA2-593B4D33E014",
                        "BA280EB1-2FF9-52DA-8BA4-A276A1158DD8",
                        "879CF3A7-ECBC-552A-A044-5E2724F63279",
                        "0CFAB531-412C-57A0-BD9E-EF072620C078",
                        "CF07CF32-0B8E-58E5-A410-8FA68D411ED0",
                        "C7F6FB3B-581D-53E1-A2BF-C935FE7B03C8",
                        "FC661572-B96B-5B2C-B12F-E8D279E189BF",
                        "5B025A0D-055E-552C-B1FB-287C6F191F8E",
                        "D178DAA4-01D0-50D0-A741-1C3C76A7D023",
                        "28D42B84-AB24-5FC6-ADE1-610374D67F21",
                        "C841D92F-11E1-5077-AE70-CA2FEF0BC96E",
                        "E9F25671-2BEF-5E8B-A60A-55C6DD9DE820",
                        "042AB58A-C86A-5A8B-AED3-2FF3624E97E3",
                        "04BCA9BC-E3AD-5234-A5F0-7A1ED826F600",
                        "63C36F7A-5F99-5A79-B99F-260360AC237F",
                        "A24AC1AC-55EF-51D8-B696-32F369DCAB96",
                        "D3C401E0-D013-59E2-8FFB-6BEF41DA3D1B",
                        "20466D13-6C5B-5326-9C8B-160E9BE37195",
                        "07DF268C-467E-54A3-B713-057BA19C72F7",
                        "07E56BF6-A72B-5ACD-A2FF-818C48E4E132",
                        "C5B49BD0-D347-5AEB-A774-EE7BB35688E9",
                        "F085F702-F1C3-5ACB-99BE-086DA182D98B"
                    ]
                },

Key points for prioritizing vulnerabilities in own vulnerability management:

  • Scores: CVSS 2/3, AI, etc;
  • In the wild or not;
  • Exploitability;
  • Exploits;
  • Vulnerability type: RCE, LPE, XSS, etc;
  • Others.

The new GitHub exploits option will be useful for those doing custom correlations to prioritize vulnerabilities.

How it works?

The new robot updates the information in the Vulners database every 2 hours. The CVSS score of such a GitHub exploit bill is inherited from the original vulnerability. All other fields will be unique for each bill, including the AI score.

During the implementation of the robot there were few problems with this task. GitHub has API restrictions and sometimes fails to get all the information it needs. Therefore, the Vulners team resolved the problems within legitimate use and search on GitHub, while solving the main task!

The feature is available to all Enterprise subscription users. Additionally, everyone can test this feature with a Trial subscription. You need to get your API key and use type: githubexploit. Welcome to test the new feature!

Leave a Reply