DefectDojo
:bug: fix Nuclei deduplication #12397
This pull request introduces a potential security concern with the new 'endpoints' attribute in Nuclei Scan configuration, which might inadvertently expose sensitive network or infrastructure details if not carefully managed.
:thought_balloon: Unconfirmed Findings (1)
| Vulnerability | Potential Information Exposure via Endpoint Tracking |
|---|---|
| Description | The new 'endpoints' attribute in Nuclei Scan configuration may expose detailed network or application endpoint information. This could lead to unintended revelation of sensitive infrastructure details if access and visibility are not properly controlled, presenting a potential security risk through expanded metadata tracking. |
All finding details can be found in the DryRun Security Dashboard.
![dryrunsecurity[bot] avatar](https://avatars.githubusercontent.com/in/377039?v=4 "Published by a pub.dev verified publisher"){kind=small}
Maybe the parser must be updated to mark the findings as dynamic?
I was thinking something similar. Some parsers aggregate endpoints by their finding. I think that should be implemented here as well. Tenable is great example of this use case
Hm, I am not really sure how to proceed here. You are right @valentijnscholten, I wasn't aware that endpoints are always considered. Furthermore, the Finding is dynamic by default: https://github.com/DefectDojo/django-DefectDojo/blob/924c2c88645ad555193f9122c5eba2dc7bd5c65c/dojo/models.py#L2542
So, it means that if the findings have different endpoints, they shouldn't be closed as duplicates. But based on my testing and the screenshot I provided, they are still being closed as duplicates
