Fix Security Advisories and RSS feeds (Velocidex#944)

- Fixed feeds by replacing RSS template with updated version from Hugo
project. Made some adjustments to match pages.
- Added missing RSS feeds.
- Refactored CVE notices section.
- Set menu and children sort order.
- Improved RSS listing page content.
- Fixed rss.xml to deliver absolute image links and full content instead
of summaries (see
https://jdheyburn.co.uk/blog/who-goes-blogging-6-three-steps-to-improve-hugos-rss-feeds/)
- Removed deprecated `taxonomyterm` page kind.
- Removed branch pages in Blog because they get rendered to RSS.

config.yaml

@@ -68,5 +68,5 @@ outputs:
   page: ["HTML"]
   home: ["HTML"]
   section: ["HTML"]
-  taxonomyTerm: ["HTML"]
   taxonomy: ["HTML"]
+

content/_index.md

@@ -25,7 +25,7 @@ carousel:
 
 Please upgrade your client to mitigate `CVE-2024-10526` to at least
 release `0.73.3`. Alternatively run a hunt to update file permissions.
-[More details](/announcements/2024-cves/)
+[More details](/announcements/advisories/cve-2024-10526)
 
 {{% /notice %}}
 

content/announcements/advisories/CVE-2023-0242/_index.md

@@ -0,0 +1,14 @@
+---
+menutitle: "CVE-2023-0242"
+title: "CVE-2023-0242  Insufficient Permission Check In The VQL Copy() Function"
+description: |
+    Improper Privilege Management vulnerability in Rapid7 Velociraptor in the copy() function.
+    This issue affects Velociraptor: before 0.6.7-5.
+weight: 10
+date: 2023-01-18T00:00:00Z
+no_edit: true
+noTitle: false
+no_children: true
+---
+
+{{< include-html "CVE-2023-0242.html" >}}

content/announcements/2023-cves/CVE-2023-0290.html → content/announcements/advisories/CVE-2023-0290/CVE-2023-0290.html

@@ -1,4 +1,4 @@
-<p><span>Published</span>on 2023-01-17</p>
+<p><span>Published</span> on 2023-01-17</p>
 <details class="popup">
   <summary class="lbl rnd sec CVSS HIGH">
     CVSS · HIGH · 8.1<sub>⁄10</sub> <span style=

content/announcements/advisories/CVE-2023-0290/_index.md

@@ -0,0 +1,14 @@
+---
+menutitle: "CVE-2023-0290"
+title: "CVE-2023-0290 Directory Traversal In Client Id Parameter"
+description: |
+    Velociraptor did not properly sanitize the client id parameter to the CreateCollection API allowing a directory traversal in where the collection task could be written.
+    This issue affects Velociraptor: before 0.6.7-5.
+weight: 10
+date: 2023-01-17T00:00:00Z
+no_edit: true
+noTitle: false
+no_children: true
+---
+
+{{< include-html "CVE-2023-0290.html" >}}

content/announcements/2023-cves/CVE-2023-2226.html → content/announcements/advisories/CVE-2023-2226/CVE-2023-2226.html

@@ -1,5 +1,4 @@
-<p><span>Published by <b>rapid7</b></span> Published 2023-04-21
-  (updated 2023-04-21)</p>
+<p><span>Published</span> on 2023-04-21</p>
 <details class="popup">
   <summary class="lbl rnd sec CVSS LOW">CVSS · LOW ·
     3.3<sub>⁄10</sub> <span style="font-size:0px;opacity:0">·

content/announcements/advisories/CVE-2023-2226/_index.md

@@ -0,0 +1,16 @@
+---
+menutitle: "CVE-2023-2226"
+title: "CVE-2023-2226  Velociraptor crashes while parsing some malformed PE or OLE files"
+description: |
+    Due to insufficient validation in the PE and OLE parsers in
+    Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker
+    to crash Velociraptor during parsing of maliciously malformed
+    files. This issue affects Velociraptor: before 0.6.8.
+weight: 10
+date: 2023-04-21T00:00:00Z
+no_edit: true
+noTitle: false
+no_children: true
+---
+
+{{< include-html "CVE-2023-2226.html" >}}

content/announcements/advisories/CVE-2023-5950/_index.md

@@ -0,0 +1,18 @@
+---
+menutitle: "CVE-2023-5950"
+title: "CVE-2023-5950  Rapid7 Velociraptor Reflected XSS"
+description: |
+    Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a
+    reflected cross site scripting vulnerability. This vulnerability
+    allows attackers to inject JS into the error path, potentially
+    leading to unauthorized execution of scripts within a user's web
+    browser. This issue affects Velociraptor: before 0.7.0-4.
+    Patches are also available for version 0.6.9 (0.6.9-1)
+weight: 10
+date: 2023-11-06T00:00:00Z
+no_edit: true
+noTitle: false
+no_children: true
+---
+
+{{< include-html "CVE-2023-5950.html" >}}

content/announcements/2024-cves/CVE-2024-10526.html → content/announcements/advisories/CVE-2024-10526/CVE-2024-10526.html

@@ -35,6 +35,6 @@
 </code></pre>
 
 </div>
-<div class="rnd pad sec vgap" id="credits"><h2>Credits:</h2><p>We thank Jean-Baptiste Mesnard-Sense from SYNACKTIV for identifying and reporting this issue</p></div><div id="timeline"><h2>Timeline:</h2><p></p><ul><li>2024-10-28 - Initial Notification by SYNACKTIV</li><li>2024-11-03 - 0.73.3 was released to address this issue and an advisory published on Velociraptor's website.</li></ul><p></p></div><div id="references"><h2>References</h2><p></p><div><a href="https://docs.velociraptor.app/announcements/2024-cves/">docs.velociraptor.app/announcements/2024-cves/</a></div><p></p></div></div>
+<div class="rnd pad sec vgap" id="credits"><h2>Credits:</h2><p>We thank Jean-Baptiste Mesnard-Sense from SYNACKTIV for identifying and reporting this issue</p></div><div id="timeline"><h2>Timeline:</h2><p></p><ul><li>2024-10-28 - Initial Notification by SYNACKTIV</li><li>2024-11-03 - 0.73.3 was released to address this issue and an advisory published on Velociraptor's website.</li></ul><p></p></div><div id="references"><h2>References</h2><p></p><div><a href="https://docs.velociraptor.app/announcements/advisories/">docs.velociraptor.app/announcements/advisories/</a></div><p></p></div></div>
 
 </div>

content/announcements/advisories/CVE-2024-10526/_index.md

@@ -0,0 +1,13 @@
+---
+menutitle: "CVE-2024-10526"
+title: "CVE-2024-10526 Local Privilege Escalation In Windows Velociraptor Service"
+description: |
+    The Velociraptor Windows MSI installer creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.
+weight: 10
+date: 2024-11-03T00:00:00Z
+no_edit: true
+noTitle: false
+no_children: true
+---
+
+{{< include-html "CVE-2024-10526.html" >}}

content/announcements/advisories/_index.md

@@ -0,0 +1,22 @@
+---
+menutitle: "Security Advisories"
+title: "Security Advisories"
+description: |
+    CVEs and other security advisories.
+weight: 10
+no_edit: true
+noTitle: true
+pre: <i class="fas fa-exclamation-triangle"></i>
+outputs:
+- html
+- RSS
+---
+
+The following CVEs have been noted.
+
+Please upgrade to [the current release]({{< baseurl >}}/downloads).
+
+{{% children description="true" %}}
+
+Please consider subscribing to our [Security Advisories RSS feed]({{< baseurl >}}/rss) to receive
+timely notifications.

content/knowledge_base/_index.md

@@ -21,8 +21,8 @@ things that you have never even imagined was possible!
 
 This section of the site facilitates sharing the community's
 experiences, tips and tricks for getting certain tasks done.  The key
-for using this resource is asking a question: `What task are we trying
-to achieve?`
+for using this resource is asking a question: "What task are we trying
+to achieve?"
 
 Search the below questions to read a short knowledge base article of
 how to answer the question.

content/rss/_index.md

@@ -11,10 +11,34 @@ hidden: true
 ---
 
 
-This site has a number of RSS feeds you can follow
+This site has a the following RSS feeds that you can follow.
 
-| | |
-|---|---|
-|Follow new blog entries| [{{< baseurl >}}blog/index.xml]({{< baseurl >}}blog/index.xml)|
-|Follow new artifacts in the Artifact Exchange|[{{< baseurl >}}exchange/index.xml]({{< baseurl >}}exchange/index.xml)|
-|Follow new Knowledge base Artifact|[{{< baseurl >}}knowledge_base/index.xml]({{< baseurl >}}knowledge_base/index.xml)|
+<i class="fas fa-newspaper"></i>
+Blog Posts
+
+[{{< baseurl >}}blog/index.xml]({{< baseurl >}}blog/index.xml)
+
+<i class="fas fa-book"></i>
+Built-in artifacts
+
+[{{< baseurl >}}artifact_references/index.xml]({{< baseurl >}}artifact_references/index.xml)
+
+<i class="fas fa-code"></i>
+Community Exchange Artifacts
+
+[{{< baseurl >}}exchange/index.xml]({{< baseurl >}}exchange/index.xml)
+
+<i class="fas fa-brain"></i>
+Knowledge Base articles
+
+[{{< baseurl >}}knowledge_base/index.xml]({{< baseurl >}}knowledge_base/index.xml)
+
+<i class="fas fa-play"></i>
+Playbooks
+
+[{{< baseurl >}}training/playbooks/index.xml]({{< baseurl >}}training/playbooks/index.xml)
+
+<i class="fas fa-exclamation-triangle"></i>
+Security Advisories
+
+[{{< baseurl >}}announcements/advisories/index.xml]({{< baseurl >}}announcements/advisories/index.xml)

layouts/_default/rss.xml

@@ -1,54 +1,54 @@
-{{- $baseUrl := .Site.BaseURL -}}
-{{- printf "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>" | safeHTML -}}
-{{- $jsonPath := .Page.Params.rss_data_file -}}
-{{- if $jsonPath -}}
-{{- $data := slice -}}
-{{- with resources.Get $jsonPath -}}
-  {{- $data = . | transform.Unmarshal -}}
-{{ end }}
+{{- $authorEmail := "" }}
+{{- with site.Params.author }}
+  {{- if reflect.IsMap . }}
+    {{- with .email }}
+      {{- $authorEmail = . }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- $authorName := "" }}
+{{- with site.Params.author }}
+  {{- if reflect.IsMap . }}
+    {{- with .name }}
+      {{- $authorName = . }}
+    {{- end }}
+  {{- else }}
+    {{- $authorName  = . }}
+  {{- end }}
+{{- end }}
+
+{{- $pctx := . }}
+{{- $pages := slice }}
+{{- $pages = $pctx.Pages }}
+{{- $limit := .Site.Config.Services.RSS.Limit }}
+{{- if ge $limit 1 }}
+{{- $pages = $pages | first $limit }}
+{{- end }}
+{{- printf "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>" | safeHTML }}
 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
   <channel>
-    <title>
-      {{- if .Page.Params.rss_title -}}
-         {{- .Page.Params.rss_title -}}
-      {{- else -}}
-        {{- if eq  .Title  .Site.Title -}}
-          {{- .Site.Title -}}
-        {{- else -}}
-          {{ with .Title }}{{.}} on {{ end }}{{ .Site.Title }}
-        {{- end -}}
-      {{- end -}}</title>
+    <title>{{ if eq .Title .Site.Title }}{{ .Site.Title }}{{ else }}{{ with .Title }}{{ . }} on {{ end }}{{ .Site.Title }}{{ end }}</title>
     <link>{{ .Permalink }}</link>
-    <description>Recent content
-    {{- if .Page.Params.rss_description -}}
-      {{- .Page.Params.rss_description -}}
-    {{- else -}}
-      {{ if ne  .Title  .Site.Title }}
-        {{- with .Title }} in {{.}}
-        {{- end -}}
-      {{- end }} on {{ .Site.Title -}}
-    {{- end -}}
-    </description>
-    <generator>Hugo -- gohugo.io</generator>{{ with .Site.LanguageCode }}
-    <language>{{.}}</language>{{end}}{{ with .Site.Author.email }}
-    <managingEditor>{{.}}{{ with $.Site.Author.name }} ({{.}}){{end}}</managingEditor>{{end}}{{ with .Site.Author.email }}
-    <webMaster>{{.}}{{ with $.Site.Author.name }} ({{.}}){{end}}</webMaster>{{end}}{{ with .Site.Copyright }}
-    <copyright>{{.}}</copyright>{{end}}{{ if not .Date.IsZero }}
-    <lastBuildDate>{{ .Date.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}</lastBuildDate>{{ end }}
-    {{- with .OutputFormats.Get "RSS" -}}
+    <description>Recent content {{ if ne .Title .Site.Title }}{{ with .Title }}in {{ . }} {{ end }}{{ end }}on {{ .Site.Title }}</description>
+    <generator>Hugo</generator>
+    <language>{{ site.Language.LanguageCode }}</language>{{ with $authorEmail }}
+    <managingEditor>{{.}}{{ with $authorName }} ({{ . }}){{ end }}</managingEditor>{{ end }}{{ with $authorEmail }}
+    <webMaster>{{ . }}{{ with $authorName }} ({{ . }}){{ end }}</webMaster>{{ end }}{{ with .Site.Copyright }}
+    <copyright>{{ . }}</copyright>{{ end }}{{ if not .Date.IsZero }}
+    <lastBuildDate>{{ (index $pages.ByLastmod.Reverse 0).Lastmod.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}</lastBuildDate>{{ end }}
+    {{- with .OutputFormats.Get "RSS" }}
     {{ printf "<atom:link href=%q rel=\"self\" type=%q />" .Permalink .MediaType | safeHTML }}
-    {{- end -}}
-    {{ range $data | first 50 }}
-    {{- if .date -}}
+    {{- end }}
+    {{- range $pages }}
     <item>
-      <title>{{ .title }}</title>
-      <link>{{ $baseUrl }}{{ strings.TrimPrefix "/" .link }}</link>
-      <pubDate>{{ dateFormat "Mon, 02 Jan 2006 15:04:05 -0700" .date }}</pubDate>
-      <guid>{{ $baseUrl }}{{ .link }}</guid>
-      <description>{{ .description }}</description>
+      <title>{{ .Title }}</title>
+      <link>{{ .Permalink }}</link>
+      <pubDate>{{ .PublishDate.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}</pubDate>
+      {{- with $authorEmail }}<author>{{ . }}{{ with $authorName }} ({{ . }}){{ end }}</author>{{ end }}
+      <guid>{{ .Permalink }}</guid>
+      <description>{{ replaceRE "img src=\"(.*?)\"" (printf "%s%s%s" "img src=\"" .Permalink "$1\"") .Content | transform.XMLEscape | safeHTML }}</description>
     </item>
-    {{ end }}
-    {{ end }}
+    {{- end }}
   </channel>
 </rss>
-{{ end }}