maride/penretem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
penretem/findings.typ
maride a74aa0fb8a Add support for CVEs
2026-02-04 09:47:56 +01:00

45 lines
2.5 KiB
Typst
Raw Permalink Blame History

#import "addons/cve.typ"
#import "addons/cvss.typ"
#import "addons/mitre.typ"
= Findings
////////////////////////////////////////////////////////////////////////////////////////////////
== Administration Interfaces reachable
#cvss.createTable(
attackVector: "N",
attackComplexity: "L",
privilegesRequired: "N",
userInteraction: "N",
scope: "U",
confidentiality: "N",
integrity: "N",
availability: "N",
)
=== Description
Administrative web applications and interfaces enable the management of organizational resources, processes, and data. These applications are typically used by administrative staff and other authorized persons to perform a variety of tasks. For example, administrators can use technical administration interfaces to read runtime data from servers and ensure smooth operation.
=== Finding
When searching for administration interfaces, the applications `Uptime Kuma` at `https://status.ellingson-mineral.co` and `Nginx Proxy Manager` at `https://nginx.ellingson-mineral.co` were found. The URLs of the administration interfaces were found via TLS Transparency Logs#footnote[https://letsencrypt.org/docs/ct-logs/].
Both applications have a login screen and cannot be used by unauthorized visitors. Since administration accounts are set up during the initial configuration of the applications, it was not possible to log in using default credentials. A brute force attack was not performed to check for common passwords.
The version of `Uptime Kuma` is not specified, while the version of `Nginx Proxy Manager` is 2.11.2. This instance of `Nginx Proxy Manager` is not vulnerable to the Command Injection vulnerability referenced to as #cve.reference("2024-39935").
This is referenced in MITRE's ATT&CK framework as #mitre.reference(name: "External Remote Services").
=== Evaluation
The administration interfaces are not vulnerable and cannot be used without valid credentials. Because of this, the findings are considered purely informative.
=== Recommendation
It should be checked whether these administration interfaces must be accessible via the Internet. Protecting the interfaces behind an additional authentication layer, such as HTTP Basic Auth, or only offering them within a protected network such as a VPN would minimize the attack surface and prevent the possible exploitation of security vulnerabilities in the administration interfaces that may be found in the future.
////////////////////////////////////////////////////////////////////////////////////////////////
Reference in New Issue View Git Blame Copy Permalink