NSAuditor AI EE 0.9.1: External Adversarial-Audit Cycle Closes Air-Gap CVE Blind Spot and Pacu Privilege-Escalation Gaps in Under 24 Hours

Nsasoft US LLC today shipped NSAuditor AI Enterprise Edition 0.9.1 — a patch release driven entirely by an external adversarial-audit-skill cycle that found 10 ship-blockers in production security tooling and closed all of them in under 24 hours.

The audit cycle deployed three purpose-built Claude Code skills (audit-cpe-drift-analyzer, audit-iam-effective-permissions-solver, audit-jwt-airgap-validator) and ran 12 independent subagent scans against the shipped EE 0.9.0 codebase. The result was a reproducer-grade punch list of 10 findings across 4 source files — all against pre-existing code, with no regression introduced in 0.9.0.

The Air-Gap Discoverability Gap

The most significant finding was a 20-line stub in feeds/nvd_feed_processor.mjs that threw Not implemented on every offline CVE lookup. Any EE 0.9.0 deployment running with --no-network or NSAUDITOR_OFFLINE_ONLY=1 would have received zero CVE findings — a result indistinguishable from a fully patched environment.

EE 0.9.1 replaces the stub with a real NVD JSON 2.0 offline feed importer. The new implementation streams and parses NVD JSON 2.0, recursively walks nested AND/OR configuration nodes, persists full CPE applicability data including all four version-range fields, CVSS v2/v3 scores, CWE identifiers, and a last_import_at timestamp. Gzip input is handled via gunzipSync with a 2 GiB output cap as a gzip-bomb defense. The result is atomic-rename write for crash safety and a module-level lazy index for performant CPE-keyed lookups.

Four Missing Pacu Privilege-Escalation Paths

Plugin 1030 (IAM Privilege Escalation Auditor) was missing nine canonical action strings covering four Pacu-documented attack classes:

• C-CRIT-1: iam:CreateRole — enables manufacturing a self-trusting admin role via iam:PutRolePolicy + sts:AssumeRole
• C-CRIT-2: Permissions-boundary tampering — PutRolePermissionsBoundary, DeleteRolePermissionsBoundary, PutUserPermissionsBoundary, DeleteUserPermissionsBoundary
• C-CRIT-3: KMS-layer privesc — kms:CreateGrant, PutKeyPolicy, ScheduleKeyDeletion (grants survive key-policy hardening and do not appear in the key policy itself)
• C-CRIT-4: sts:GetFederationToken federation-session bypass, where the resulting session’s permissions are the intersection of caller permissions and an inline policy

Plugin 1110 KMS False-Positive Close

Plugin 1110 (IAM Effective Decrypt-Path Auditor) was firing HIGH findings on principals whose theoretical KMS decrypt access was not backed by any key in the account actually trusting that principal via key policy or grant. EE 0.9.1 adds a KMS-layer cross-reference pass: identity-policy HIGH findings now downgrade to INFO when enumeration confirms no key trusts the principal.

A new finding class, kms-grant-decrypt-no-identity-grant (MEDIUM), fires for KMS grants authorizing decrypt-equivalent operations to principals with zero identity-policy decrypt grants — directly closing the Pacu P-16 stealth path. A partial-trust-map guard prevents the downgrade pass when KMS enumeration is incomplete due to pagination caps, access denials, or budget limits, emitting a kms-trust-map-partial evidence-gap finding instead.

CE License-Verifier Hardening

Three realistic abuse paths against the Community Edition license verifier are closed in EE 0.9.1:

• D-HIGH-1: Per-host licenseId replay defense — first activation persists the licenseId; subsequent loads with a different licenseId fail-closed with reason: 'license_id_mismatch', closing the seat-cloning class
• D-HIGH-2: ES256-signed revocation blocklist at data/license-revocations.json — algorithm-pinned to ES256 P-256, enabling instant license revocation without key rotation
• D-HIGH-3: Monotonic-clock anchor — a persisted lastSeenUnixTs checked on each load; wall-clock rewind beyond a 5-minute tolerance fails-closed with reason: 'clock_rollback_detected', defeating faketime-style attacks against JWT exp

Coverage Matrix Unchanged

EE 0.9.1 is a pure depth-uplift release. The SOC 2 coverage matrix remains at 10 fully covered + 4 partial + 33 out-of-scope AICPA TSC controls. The HIPAA §164.312 coverage matrix remains at 7 covered + 3 partial + 45 out-of-scope. Plugin count is unchanged at 24. This is the twenty-seventh consecutive trio-publish in the EE + CE + agent-skill cadence running since version 0.4.5.

EE 0.9.1 is live on npm as latest:

npm install -g nsauditor-ai@0.1.70 @nsasoft/nsauditor-ai-ee@0.9.1
npm install nsauditor-ai-agent-skill@0.1.37   # AI coding-agent users

Full coverage documentation is available at nsauditor.com/ai/enterprise/.

]]>