projectdiscovery/nuclei-templates v10.2.0

GCP Cloud Configuration Templates - Nuclei Templates v10.2.0 🎉

on GitHub

🔥 Release Highlights 🔥

We’re excited to announce the expansion of the Nuclei Templates with new templates specifically for Google Cloud Platform (GCP) Configurations. This release introduces a series of specialized security checks tailored for a wide range of GCP services, including Compute Engine, GKE clusters, Cloud Storage buckets, BigQuery datasets, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code analysis.

The introduction of these GCP-specific templates empowers security teams to conduct thorough security audits of their GCP environments, uncovering critical misconfigurations and vulnerabilities. Moreover, these checks can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these GCP security templates further. For more details, please visit our latest blog post.

Other Highlights

• [CVE-2025-34028] Commvault - SSRF via /commandcenter/deployWebpackage.do (@dhiyaneshdk, @abhishekrautela) [critical] 🔥
• [CVE-2025-32433] Erlang/OTP SSH - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @darses) [critical] 🔥
• [CVE-2025-31324] SAP NetWeaver Visual Composer Metadata Uploader - Deserialization (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-30406] Gladinet CentreStack < 16.4.10315.56368 - Unauth RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-29306] FoxCMS v.1.2.5 - Remote Code Execution (@ritikchaddha) [critical] 🔥
• [CVE-2024-6235] NetScaler Console - Sensitive Information Disclosure (@dhiyaneshdk) [critical] 🔥

What's Changed

New Templates Added: 268 | CVEs Added: 11 | First-time contributions: 4

• [CVE-2025-34028] Commvault - SSRF via /commandcenter/deployWebpackage.do (@dhiyaneshdk, @abhishekrautela) [critical] 🔥
• [CVE-2025-32433] Erlang/OTP SSH - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch, @darses) [critical] 🔥
• [CVE-2025-31324] SAP NetWeaver Visual Composer Metadata Uploader - Deserialization (@iamnoooob, @rootxharsh, @parthmalhotra, @pdresearch) [critical] 🔥
• [CVE-2025-30406] Gladinet CentreStack < 16.4.10315.56368 - Unauth RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2025-29306] FoxCMS v.1.2.5 - Remote Code Execution (@ritikchaddha) [critical] 🔥
• [CVE-2025-28367] mojoPortal <=2.9.0.1 - Directory Traversal (@dhiyaneshdk) [medium]
• [CVE-2025-27892] Shopware < 6.5.8.13 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [CVE-2024-32870] iTop Hub Connector - Information Disclosure (@dhiyaneshdk) [medium]
• [CVE-2024-6235] NetScaler Console - Sensitive Information Disclosure (@dhiyaneshdk) [critical] 🔥
• [CVE-2022-35507] Proxmox - CRLF Injection (@dhiyaneshdk) [high]
• [CVE-2022-28508] MantisBT < 2.25.2 - Cross-Site Scripting (@ritikchaddha) [medium]
• [gcloud-api-key-restrictions-missing] Missing API Key API Restrictions (@princechaddha) [medium]
• [gcloud-api-key-unrestricted] Unrestricted API Key Usage (@princechaddha) [medium]
• [gcloud-api-keys-inactive-services] API Keys Should Only Exist for Active Services (@princechaddha) [low]
• [gcloud-critical-service-apis-disabled] Critical Service APIs Not Enabled (@princechaddha) [critical]
• [gcloud-security-center-api-disabled] Security Command Center API Disabled (@princechaddha) [high]
• [gcloud-cloud-asset-disabled] Cloud Asset Inventory Not Enabled (@princechaddha) [high]
• [gcloud-artifact-registry-public] Publicly Accessible Artifact Registry Repositories (@princechaddha) [high]
• [gcloud-vuln-scan-missing] Artifact Registry Vulnerability Scanning Not Enabled (@princechaddha) [high]
• [gcloud-bigquery-cmek-not-enabled] BigQuery Dataset Encryption with Customer-Managed Encryption Keys Not Enabled (@princechaddha) [high]
• [gcloud-bigquery-cmk-not-enabled] BigQuery Datasets Not Encrypted with Customer-Managed Keys (@princechaddha) [high]
• [gcloud-bigquery-public-datasets] Publicly Accessible BigQuery Datasets (@princechaddha) [high]
• [gcloud-backend-bucket-missing-storage] Backend Buckets Referencing Missing Storage Buckets (@princechaddha) [high]
• [gcloud-cdn-backend-bucket] Check Cloud CDN Backend Bucket Configuration (@princechaddha) [medium]
• [gcloud-cdn-origin-auth-unconfigured] Unconfigured Cloud CDN Origin Authentication (@princechaddha) [medium]
• [gcloud-cdn-ssl-enforcement] Cloud CDN SSL/TLS Not Enforced (@princechaddha) [medium]
• [gcloud-cdn-tls-unenforced] Unenforced SSL/TLS on Cloud CDN Backend Service Origins (@princechaddha) [medium]
• [gcloud-certificate-validity-exceeded] Exceeded SSL Certificate Validity Period (@princechaddha) [medium]
• [gcloud-disk-image-public-access] Disk Images Publicly Shared (@princechaddha) [medium]
• [gcloud-instance-group-autohealing-disabled] Instance Group Autohealing Not Enabled (@princechaddha) [high]
• [gcloud-mig-no-load-balancer] Managed Instance Group Not Using Load Balancer (@princechaddha) [low]
• [gcloud-mig-single-zone] Managed Instance Group Not Configured for Multiple Zones (@princechaddha) [low]
• [gcloud-oslogin-disabled] OS Login Not Enabled for GCP Projects (@princechaddha) [low]
• [gcloud-persistent-disks-suspended-vms] Persistent Disks Attached to Suspended Virtual Machines (@princechaddha) [high]
• [gcloud-vm-automatic-restart-disabled] VM Instance Automatic Restart Not Enabled (@princechaddha) [medium]
• [gcloud-vm-confidential-computing-disabled] VM Instance Confidential Computing Not Enabled (@princechaddha) [medium]
• [gcloud-vm-default-service-account-full-access] VM Instance Using Default Service Account with Full API Access (@princechaddha) [medium]
• [gcloud-vm-default-service-account] VM Instance Using Default Service Account (@princechaddha) [medium]
• [gcloud-vm-deletion-protection-disabled] VM Instance Deletion Protection Not Enabled (@princechaddha) [medium]
• [gcloud-vm-disk-autodelete-enabled] Auto-Delete Not Disabled for VM Instance Persistent Disks (@princechaddha) [medium]
• [gcloud-vm-disk-cmk-not-enabled] Virtual Machine Disk Encryption with Customer-Managed Keys Not Enabled (@princechaddha) [high]
• [gcloud-vm-disk-csek-disabled] VM Disk Encryption with Customer-Supplied Keys Disabled (@princechaddha) [high]
• [gcloud-vm-disk-csek-not-enabled] Virtual Machine Disk Encryption with Customer-Supplied Keys Not Enabled (@princechaddha) [high]
• [gcloud-vm-ip-forwarding-enabled] IP Forwarding Not Disabled for VM Instances (@princechaddha) [medium]
• [gcloud-vm-maintenance-terminate] VM Instance Maintenance Policy Set to Terminate (@princechaddha) [high]
• [gcloud-vm-oslogin-2fa-disabled] OS Login with 2FA Authentication Not Enabled for VM Instances (@princechaddha) [high]
• [gcloud-vm-preemptible-enabled] VM Instance Preemptibility Not Disabled (@princechaddha) [high]
• [gcloud-vm-project-ssh-keys-enabled] Block Project-Wide SSH Keys Not Enabled (@princechaddha) [medium]
• [gcloud-vm-public-ip-enabled] VM Instance Using Public IP Address (@princechaddha) [high]
• [gcloud-vm-serial-console-enabled] Interactive Serial Console Support Not Disabled (@princechaddha) [medium]
• [gcloud-vm-shielded-disabled] Shielded VM Security Features Not Enabled (@princechaddha) [medium]
• [gcloud-dataproc-no-cmk] Dataproc Cluster Not Using Customer-Managed Keys (@princechaddha) [high]
• [gcloud-dataproc-public-access] Dataproc Cluster Publicly Accessible (@princechaddha) [high]
• [gcloud-dns-dangling-records] Dangling DNS Records Check (@princechaddha) [high]
• [gcloud-dns-dnssec-unenabled] DNSSEC Not Enabled for Google Cloud DNS Zones (@princechaddha) [medium]
• [gcloud-dnssec-keysigning-rsasha1] DNSSEC RSASHA1 Algorithm Deprecated Usage (@princechaddha) [medium]
• [gcloud-dnssec-rsasha1-deprecated] DNSSEC RSASHA1 Algorithm Deprecated (@princechaddha) [medium]
• [gcloud-filestore-deletion-protection-disabled] Filestore Instance Deletion Protection Not Enabled (@princechaddha) [medium]
• [gcloud-filestore-no-backups] Filestore Instance Not Using On-Demand Backup (@princechaddha) [high]
• [gcloud-filestore-no-cmek] Filestore Instance Not Using Customer-Managed Encryption Keys (@princechaddha) [high]
• [gcloud-filestore-no-vpc-controls] Filestore Instance Not Protected by VPC Service Controls (@princechaddha) [medium]
• [gcloud-filestore-unrestricted-access] Filestore Instance Client Access Not Restricted by IP (@princechaddha) [medium]
• [gcloud-func-auto-runtime-updates-disabled] Automatic Runtime Security Updates Disabled in Google Cloud Functions (@princechaddha) [medium]
• [gcloud-func-cmek-not-used] No Customer-Managed Encryption Keys in Google Cloud Functions (@princechaddha) [high]
• [gcloud-func-inactive-svc-acc] Inactive Service Accounts in Google Cloud Functions (@princechaddha) [high]
• [gcloud-func-min-instances-unset] Unset Minimum Instances for Cloud Functions (@princechaddha) [medium]
• [gcloud-func-missing-labels] Missing User-Defined Labels in Google Cloud Functions (@princechaddha) [low]
• [gcloud-func-no-vpc-access] No Serverless VPC Access in Google Cloud Functions (@princechaddha) [high]
• [gcloud-func-public-access] Publicly Accessible Google Cloud Functions (@princechaddha) [high]
• [gcloud-func-pubsub-dlt-missing] Configure Dead Lettering for Pub/Sub-Triggered Functions (@princechaddha) [low]
• [gcloud-func-secrets-unmanaged] Use Secrets Manager for Managing Secrets in Google Cloud Functions (@princechaddha) [medium]
• [gcloud-func-unrestricted-outbound] Unrestricted Outbound Network Access in Google Cloud Functions (@princechaddha) [high]
• [gcp-cloud-func-gen1-deprecated] Deprecated 1st Generation Google Cloud Functions (@princechaddha) [high]
• [gcp-func-default-svc-acc] Google Cloud Functions Using Default Service Account (@princechaddha) [medium]
• [gcp-env] GCP Environment Validation (@princechaddha) [info]
• [gcloud-gke-auto-repair-disabled] GKE Node Pools Without Auto-Repair Enabled (@princechaddha) [medium]
• [gcloud-gke-auto-upgrade-disabled] GKE Node Pools Without Auto-Upgrade Enabled (@princechaddha) [medium]
• [gcloud-gke-backups-disabled] GKE Clusters Without Backups Enabled (@princechaddha) [medium]
• [gcloud-gke-binary-authorization-disabled] GKE Clusters Without Binary Authorization Enabled (@princechaddha) [medium]
• [gcloud-gke-client-certificate-enabled] GKE Clusters With Client Certificate Authentication Enabled (@princechaddha) [medium]
• [gcloud-gke-confidential-nodes-disabled] GKE Clusters Not Using Confidential Nodes (@princechaddha) [medium]
• [gcloud-gke-cos-containerd-disabled] GKE Clusters Not Using Container-Optimized OS (@princechaddha) [medium]
• [gcloud-gke-cost-allocation-disabled] GKE Clusters Without Cost Allocation Enabled (@princechaddha) [medium]
• [gcloud-gke-default-service-account] GKE Clusters Using Default Service Account (@princechaddha) [medium]
• [gcloud-gke-integrity-monitoring-disabled] GKE Node Pools Without Integrity Monitoring (@princechaddha) [medium]
• [gcloud-gke-intranode-visibility-disabled] GKE Clusters Without Intranode Visibility Enabled (@princechaddha) [medium]
• [gcloud-gke-labels-missing] GKE Clusters Missing Resource Labels (@princechaddha) [low]
• [gcloud-gke-logging-disabled] GKE Clusters Without Cloud Logging Enabled (@princechaddha) [medium]
• [gcloud-gke-metadata-server-disabled] GKE Clusters Without Metadata Server Enabled (@princechaddha) [medium]
• [gcloud-gke-monitoring-disabled] GKE Clusters Without Cloud Monitoring Enabled (@princechaddha) [medium]
• [gcloud-gke-notifications-disabled] GKE Clusters Without Critical Notifications Enabled (@princechaddha) [medium]
• [gcloud-gke-private-nodes-disabled] GKE Clusters Without Private Nodes Enabled (@princechaddha) [medium]
• [gcloud-gke-public-endpoint-enabled] GKE Clusters with Public Control Plane Endpoints (@princechaddha) [medium]
• [gcloud-gke-release-channel-disabled] GKE Clusters Without Release Channel Configuration (@princechaddha) [medium]
• [gcloud-gke-sandbox-disabled] GKE Cluster Not Using Sandbox with gVisor (@princechaddha) [medium]
• [gcloud-gke-secrets-encryption-disabled] GKE Clusters Without Application-Layer Secrets Encryption (@princechaddha) [high]
• [gcloud-gke-secure-boot-disabled] GKE Node Pools Without Secure Boot Enabled (@princechaddha) [medium]
• [gcloud-gke-security-posture-disabled] GKE Security Posture Dashboard Not Enabled (@princechaddha) [medium]
• [gcloud-gke-shielded-nodes-disabled] GKE Cluster Not Using Shielded Nodes (@princechaddha) [medium]
• [gcloud-gke-transparent-encryption-disabled] GKE Clusters Without Inter-Node Transparent Encryption (@princechaddha) [high]
• [gcloud-gke-vpc-native-disabled] GKE Clusters Without VPC-Native Traffic Routing (@princechaddha) [medium]
• [gcloud-gke-vulnerability-scanning-disabled] GKE Clusters Without Workload Vulnerability Scanning (@princechaddha) [medium]
• [gcloud-gke-workload-identity-disabled] GKE Clusters Without Workload Identity Federation (@princechaddha) [medium]
• [gcloud-access-approval-not-enabled] Access Approval Not Enabled in GCP Projects (@princechaddha) [high]
• [gcloud-api-keys-present] Delete Google Cloud API Keys (@princechaddha) [low]
• [gcloud-iam-admin-roles] IAM Users with Administrative Roles (@princechaddha) [medium]
• [gcloud-iam-primitive-roles] Minimize the Use of Primitive Roles (@princechaddha) [medium]
• [gcloud-iam-separation-duties] Enforce Separation of Duties for Service-Account Related Roles (@princechaddha) [medium]
• [gcloud-iam-service-roles-project-level] Service Account Roles at Project Level (@princechaddha) [medium]
• [gcloud-iam-unrestricted-decryption] IAM Users with Unrestricted Data Decryption Permissions (@princechaddha) [medium]
• [gcloud-service-account-admin-restriction] Restrict Administrator Access for Service Accounts (@princechaddha) [medium]
• [gcloud-service-account-user-keys] User-Managed Service Account Keys Found (@princechaddha) [medium]
• [gcloud-kms-public-access] Publicly Accessible Google Cloud KMS Keys (@princechaddha) [high]
• [gcloud-alb-ssl-google-managed] Use Google-Managed SSL Certificates for Application Load Balancers (@princechaddha) [high]
• [gcloud-approved-external-lb] Unapproved External Load Balancers in Google Cloud Projects (@princechaddha) [medium]
• [gcloud-https-lb-logging-disabled] Logging Disabled on HTTP(S) Load Balancers (@princechaddha) [high]
• [gcloud-lb-backend-unsecured] Unsecured Backend Services in Google Cloud Load Balancers (@princechaddha) [medium]
• [gcloud-ssl-policy-insecure-ciphers] Insecure SSL Cipher Suites in GCP Load Balancers (@princechaddha) [medium]
• [gcloud-enable-data-access-audit-logging] Enable Data Access Audit Logging for All Critical Service APIs (@princechaddha) [medium]
• [gcloud-logging-global-buckets-check] Logging Buckets Not Configured with Global Location (@princechaddha) [medium]
• [gcloud-log-retention-period-insufficient] Insufficient Log Data Retention Period in Cloud Logging Buckets (@princechaddha) [high]
• [gcloud-logging-sink-not-configured] Export All Log Entries Using Sinks Not Configured (@princechaddha) [medium]
• [gcloud-logs-router-cmek-not-enabled] Logs Router Encryption with Customer-Managed Keys Not Enabled (@princechaddha) [high]
• [gcloud-vpc-network-changes-monitoring-not-enabled] Enable VPC Network Changes Monitoring (@princechaddha) [medium]
• [gcloud-iam-least-privilege-nat] Least Privilege Access for Cloud NAT Management (@princechaddha) [medium]
• [gcloud-nat-logging-disabled] Logging Disabled for Cloud NAT Gateways (@princechaddha) [medium]
• [gcloud-nat-private-subnet-disabled] Cloud NAT Not Enabled for Private Subnets (@princechaddha) [medium]
• [gcloud-nat-static-ip-unconfigured] Cloud NAT Gateways Not Configured with Reserved Static IPs (@princechaddha) [medium]
• [gcloud-nat-subnet-unrestricted] NAT Gateway Subnets Not Restricted to Specific VPCs (@princechaddha) [medium]
• [gcloud-pubsub-cmek-disabled] Pub/Sub Topics Not Encrypted with Customer-Managed Encryption Keys (@princechaddha) [high]
• [gcloud-pubsub-crossproject-access] Pub/Sub Subscription Cross-Project Access (@princechaddha) [high]
• [gcloud-pubsub-deadletter-disabled] Dead Letter Topic Not Enabled for Google Pub/Sub Subscriptions (@princechaddha) [low]
• [gcloud-pubsub-publicly-accessible] Publicly Accessible Pub/Sub Topics (@princechaddha) [high]
• [gcloud-org-allowed-apis] Google Cloud APIs and Services Not Restricted (@princechaddha) [medium]
• [gcloud-org-allowed-external-ips] Organization Policy for Allowed External IPs Not Configured (@princechaddha) [medium]
• [gcloud-org-auto-iam-grants] Automatic IAM Role Grants for Default Service Accounts Not Disabled (@princechaddha) [medium]
• [gcloud-org-default-network] Default Network Creation Not Disabled (@princechaddha) [medium]
• [gcloud-org-detailed-audit-logging] Detailed Audit Logging Mode Not Enabled (@princechaddha) [medium]
• [gcloud-org-guest-attributes] Guest Attributes of Compute Engine Metadata Not Disabled (@princechaddha) [medium]
• [gcloud-org-ip-forwarding] VM IP Forwarding Not Restricted (@princechaddha) [medium]
• [gcloud-org-load-balancer-types] Load Balancer Creation Not Restricted by Type (@princechaddha) [medium]
• [gcloud-org-os-login] OS Login Not Required (@princechaddha) [medium]
• [gcloud-org-resource-locations] Resource Location Restrictions Not Configured (@princechaddha) [medium]
• [gcloud-org-service-account-creation] Service Account Creation Not Disabled (@princechaddha) [medium]
• [gcloud-org-service-account-key-creation] Service Account Key Creation Not Disabled (@princechaddha) [high]
• [gcloud-org-service-account-key-upload] Service Account Key Upload Not Disabled (@princechaddha) [medium]
• [gcloud-org-shared-vpc-subnets] Shared VPC Subnetworks Not Restricted (@princechaddha) [medium]
• [gcloud-org-sql-authorized-networks] Cloud SQL Authorized Networks Not Restricted (@princechaddha) [medium]
• [gcloud-org-sql-default-encryption] Default Google-Managed Encryption for Cloud SQL Not Restricted (@princechaddha) [medium]
• [gcloud-org-sql-public-ip] Public IP Access for Cloud SQL Instances Not Restricted (@princechaddha) [medium]
• [gcloud-org-trusted-images] Trusted Image Projects Not Defined (@princechaddha) [medium]
• [gcloud-org-uniform-bucket-access] Uniform Bucket-Level Access Not Enforced (@princechaddha) [medium]
• [gcloud-org-vpc-peering] VPC Peering Usage Not Restricted (@princechaddha) [medium]
• [gcloud-org-vpn-peer-ips] VPN Peer IP Addresses Not Restricted (@princechaddha) [medium]
• [gcloud-org-workload-identity] Workload Identity Cluster Creation Not Disabled (@princechaddha) [medium]
• [gcloud-run-services-user-labels-missing] Missing User-Defined Labels in Cloud Run Services (@princechaddha) [low]
• [gcloud-mysql-local-infile-enabled] Local Infile Enabled in MySQL Database Instances (@princechaddha) [medium]
• [gcloud-mysql-pitr-disabled] Point-in-Time Recovery Disabled for MySQL Instances (@princechaddha) [medium]
• [gcloud-mysql-slowquerylog-disabled] Slow Query Log Disabled for MySQL Database Servers (@princechaddha) [medium]
• [gcloud-pg-log-error-verbosity-flag-not-configured] Log Error Verbosity Flag Not Configured Properly for PostgreSQL Instances (@princechaddha) [medium]
• [gcloud-pg-log-executor-stats-enabled] Log Executor Stats Enabled in PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-pg-log-min-duration-statement-enabled] Log Min Duration Statement Enabled in PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-pg-log-min-error-statement-flag-not-configured] Log Min Error Statement Flag Not Configured Properly for PostgreSQL Instances (@princechaddha) [medium]
• [gcloud-pg-log-min-messages-flag-not-configured] Log Min Messages Flag Not Configured Properly for PostgreSQL Instances (@princechaddha) [medium]
• [gcloud-pg-log-parser-stats-enabled] Log Parser Stats Enabled in PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-pg-log-planner-stats-enabled] Log Planner Stats Enabled in PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-pg-log-statement-flag-not-configured] Log Statement Flag Not Configured Properly for PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-pg-log-statement-stats-enabled] Log Statement Stats Enabled in PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-postgresql-log-checkpoints-disabled] PostgreSQL Log Checkpoints Flag Disabled (@princechaddha) [medium]
• [gcloud-postgresql-log-disconnections-unenabled] Log Disconnections Flag Not Enabled for PostgreSQL Instances (@princechaddha) [medium]
• [gcloud-postgresql-log-hostname-disabled] Log Hostname Flag Disabled for PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-postgresql-logtempfiles-disabled] Log Temporary Files Flag Disabled in PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-sql-auto-storage-disabled] Automatic Storage Increase Disabled for Google Cloud SQL Instances (@princechaddha) [high]
• [gcloud-sql-auto-storage-limit-not-configured] Automatic Storage Increase Limit Not Configured for Cloud SQL (@princechaddha) [medium]
• [gcloud-sql-backups-disabled] Automated Backups Not Enabled for Cloud SQL Instances (@princechaddha) [medium]
• [gcloud-sql-cmk-not-enabled] Cloud SQL Instance Encryption with Customer-Managed Keys Not Enabled (@princechaddha) [high]
• [gcloud-sql-contained-db-authentication-enabled] Contained Database Authentication Enabled in SQL Server Database Instances (@princechaddha) [medium]
• [gcloud-sql-cross-db-ownership-chaining-enabled] Cross DB Ownership Chaining Enabled in SQL Server Database Instances (@princechaddha) [medium]
• [gcloud-sql-database-public-ip-configured] Cloud SQL Database Instances with Public IPs (@princechaddha) [medium]
• [gcloud-sql-external-scripts-enabled] External Scripts Enabled in SQL Server Database Instances (@princechaddha) [high]
• [gcloud-sql-ha-not-enabled] High Availability Not Enabled for Cloud SQL Database Instances (@princechaddha) [high]
• [gcloud-sql-log-checkpoints-disabled] Log Checkpoints Disabled in PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-sql-log-connections-disabled] Log Connections Disabled for PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-sql-log-lock-waits-disabled] Log Lock Waits Flag Disabled for PostgreSQL Database Instances (@princechaddha) [medium]
• [gcloud-sql-pgaudit-not-enabled] pgAudit Flags Not Enabled for PostgreSQL Instances in Cloud SQL (@princechaddha) [medium]
• [gcloud-sql-publicly-accessible-instances] Publicly Accessible Cloud SQL Database Instances (@princechaddha) [medium]
• [gcloud-sql-remote-access-enabled] Remote Access Enabled for SQL Server Database Instances (@princechaddha) [high]
• [gcloud-sql-skip-show-database-disabled] Skip Show Database Flag Not Enabled for MySQL Instances (@princechaddha) [medium]
• [gcloud-sql-ssl-not-enforced] SSL/TLS Not Enforced for Cloud SQL Incoming Connections (@princechaddha) [medium]
• [gcloud-sql-ssl-tls-connections-not-enforced] Allow SSL/TLS Connections Only (@princechaddha) [medium]
• [gcloud-sql-trace-3625-enabled] Trace Flag 3625 Enabled in SQL Server Database Instances (@princechaddha) [medium]
• [gcloud-sql-user-options] User Options Flag Enabled in Google Cloud SQL Server Instances (@princechaddha) [medium]
• [gcloud-bucket-lock-not-configured] Configure Retention Policies with Bucket Lock for Log Buckets (@princechaddha) [medium]
• [gcloud-bucket-policies-admin-permissions] Check Bucket Policies with Administrative Permissions (@princechaddha) [high]
• [gcloud-bucket-website-config-not-defined] Define Index Page Suffix and Error Page for Bucket Website Configuration (@princechaddha) [high]
• [gcloud-data-access-audit-logs-not-enabled] Enable Data Access Audit Logs for Cloud Storage (@princechaddha) [medium]
• [gcloud-insufficient-data-retention-period] Check for Sufficient Data Retention Period for Cloud Storage Buckets (@princechaddha) [medium]
• [gcloud-lifecycle-management-not-enabled] Enable Lifecycle Management for Cloud Storage Objects (@princechaddha) [medium]
• [gcloud-object-encryption-cmk-not-enabled] Enable Object Encryption with Customer-Managed Keys for Cloud Storage Buckets (@princechaddha) [high]
• [gcloud-object-versioning-not-enabled] Enable Object Versioning for Cloud Storage Buckets (@princechaddha) [medium]
• [gcloud-public-access-prevention-not-enabled] Enforce Public Access Prevention for Cloud Storage Buckets (@princechaddha) [high]
• [gcloud-publicly-accessible-storage-buckets] Check for Publicly Accessible Cloud Storage Buckets (@princechaddha) [high]
• [gcloud-secure-cors-configuration] Secure CORS Configuration for Cloud Storage Buckets (@princechaddha) [medium]
• [gcloud-storage-logs-not-enabled] Enable Usage and Storage Logs for Cloud Storage Buckets (@princechaddha) [medium]
• [gcloud-uniform-bucket-level-access-not-enabled] Enable Uniform Bucket-Level Access for Cloud Storage Buckets (@princechaddha) [medium]
• [gcloud-vpc-service-controls-not-configured] Use VPC Service Controls for Cloud Storage Buckets (@princechaddha) [medium]
• [gcloud-vertexai-auto-upgrades] Automatic Upgrades Not Enabled for Vertex AI Notebooks (@princechaddha) [medium]
• [gcloud-vertexai-default-vpc] Default VPC Network In Use for Vertex AI Notebooks (@princechaddha) [medium]
• [gcloud-vertexai-external-ip] External IP Addresses Assigned to Vertex AI Notebooks (@princechaddha) [medium]
• [gcloud-vertexai-idle-shutdown] Idle Shutdown Not Enabled for Vertex AI Notebooks (@princechaddha) [medium]
• [gcloud-vertexai-integrity] Integrity Monitoring Not Enabled for Vertex AI Notebooks (@princechaddha) [medium]
• [gcloud-vertexai-monitoring] Cloud Monitoring Not Enabled for Vertex AI Notebooks (@princechaddha) [medium]
• [gcloud-vertexai-root-access] Root Access Not Disabled for Vertex AI Notebooks (@princechaddha) [high]
• [gcloud-vertexai-secure-boot] Secure Boot Not Enabled for Vertex AI Notebooks (@princechaddha) [medium]
• [gcloud-vertexai-vtpm] Virtual Trusted Platform Module Not Enabled for Vertex AI Notebooks (@princechaddha) [medium]
• [gcloud-check-legacy-networks] Check for Legacy Networks (@princechaddha) [medium]
• [gcloud-default-vpc-in-use] Default VPC Network In Use (@princechaddha) [medium]
• [gcloud-dns-logging-not-enabled] Enable Cloud DNS Logging for VPC Networks (@princechaddha) [medium]
• [gcloud-enable-vpc-flow-logs] Enable VPC Flow Logs for VPC Subnets (@princechaddha) [medium]
• [gcloud-exclude-metadata-from-firewall-logging] Exclude Metadata from Firewall Logging (@princechaddha) [medium]
• [gcloud-firewall-rule-logging-not-enabled] Enable Logging for VPC Firewall Rules (@princechaddha) [medium]
• [gcloud-unrestricted-dns-access] Check for Unrestricted DNS Access (@princechaddha) [high]
• [gcloud-unrestricted-ftp-access] Check for Unrestricted FTP Access (@princechaddha) [high]
• [gcloud-unrestricted-icmp-access] Check for Unrestricted ICMP Access (@princechaddha) [high]
• [gcloud-unrestricted-inbound-uncommon-ports] Check for Unrestricted Inbound Access on Uncommon Ports (@princechaddha) [high]
• [gcloud-unrestricted-mysql-access] Check for Unrestricted MySQL Database Access (@princechaddha) [high]
• [gcloud-unrestricted-oracle-db-access] Check for Unrestricted Oracle Database Access (@princechaddha) [high]
• [gcloud-unrestricted-outbound-access] Check for Unrestricted Outbound Access on All Ports (@princechaddha) [high]
• [gcloud-unrestricted-postgresql-access] Check for Unrestricted PostgreSQL Database Access (@princechaddha) [high]
• [gcloud-unrestricted-rdp-access] Check for Unrestricted RDP Access (@princechaddha) [critical]
• [gcloud-unrestricted-rpc-access] Check for Unrestricted RPC Access (@princechaddha) [high]
• [gcloud-unrestricted-smtp-access] Check for Unrestricted SMTP Access (@princechaddha) [high]
• [gcloud-unrestricted-sqlserver-access] Check for Unrestricted SQL Server Access (@princechaddha) [critical]
• [gcloud-unrestricted-ssh-access] Check for Unrestricted SSH Access (@princechaddha) [critical]
• [gcloud-vpc-firewall-port-ranges] Check for VPC Firewall Rules with Port Ranges (@princechaddha) [medium]
• [gcloud-vpc-private-service-connect] Private Service Connect Endpoints Not Configured (@princechaddha) [medium]
• [gcloud-vpc-unattached-static-ips] Unattached Static External IP Addresses (@princechaddha) [low]
• [bmc-controlm-mft-panel] BMC Control-M MFT Login Panel - Detect (@righettod) [info]
• [cockpit-project-panel] Cockpit Project Login Panel - Detect (@righettod) [info]
• [ice-hrm-panel] ICE HRM Login - Detect (@Th3l0newolf) [info]
• [orangehrm-panel] OrangeHRM Login Panel - Detect (@Th3l0newolf) [info]
• [request-tracker-panel] Request Tracker - Panel (@BUrso) [info]
• [onion-website-supported] Onion Website Supported via Onion-Location Header (@rxerium) [info]
• [anteon-dashboard-unauth] Anteon Dashboard - Unauthenticated (@dhiyaneshdk) [medium]
• [ingress-nginx-valid-admission] Kubernetes Ingress-Nginx Valid AdmissionReview - Detection (@BUrso) [unknown]
• [dokploy-installer] Dokploy Installer Exposure (@dhiyaneshdk) [high]
• [listmonk-installer] Listmonk Installer Exposure (@dhiyaneshdk) [high]
• [mailpit-app-info-disclosure] Mailpit App - Information Disclosure (@dhiyaneshdk) [medium]
• [ntfy-web-exposure] NTFY Web - Exposure (@dhiyaneshdk) [medium]
• [smtp4dev-interface-exposed] SMTP4Dev Interface - Exposed (@dhiyaneshdk) [high]
• [apache-activemq-artemis-detect] Apache ActiveMQ Artemis - Detection (@icarot) [info]
• [ibm-spectrum-detect] IBM Spectrum - Detect (@righettod) [info]
• [openarchives-detect] openarchives - Detection (@zerochill) [info]
• [sap-netweaver-backdoor] SAP NetWeaver - Backdoor Detection (@dhiyaneshdk) [critical]
• [ldap-default-login] LDAP Default Credential - Bruteforce (@pussycat0x) [info]
• [erlang-otp-ssh-detect] Erlang/OTP SSH Server - Detect (@darses) [info]
• [fortiswitch-certificate] Fortinet FortiSwitch Certificate - Detect (@johnk3r) [info]
• [fortiweb-certificate] Fortinet FortiWEB Certificate - Detect (@johnk3r) [info]
• [ldap-workflow] Ldap Security Checks (@pussycat0x)
• [mongodb-workflow] MongoDb Security Checks (@pussycat0x)
• [mysql-workflow] MySQL Security Checks (@pussycat0x)
• [pop3-workflow] POP3 Security Checks (@pussycat0x)
• [pgsql-workflow] PgSQL Security Checks (@pussycat0x)
• [rdp-workflow] RDP Security Checks (@pussycat0x)
• [redis-workflow] Redis Security Checks (@pussycat0x)
• [smb-workflow] SMB Security Checks (@pussycat0x)
• [smtp-workflow] SMTP Security Checks (@pussycat0x)
• [ssh-workflow] SSH Security Checks (@pussycat0x)

New Contributors

• @whattheslime made their first contribution in #11941
• @matusso made their first contribution in #11856
• @darses made their first contribution in #11958
• @abhishekrautela made their first contribution in #12015

Full Changelog: v10.1.7...v10.2.0