-
Notifications
You must be signed in to change notification settings - Fork 345
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b436647
commit e6a8a37
Showing
4 changed files
with
192 additions
and
0 deletions.
There are no files selected for viewing
50 changes: 50 additions & 0 deletions
50
advisories/unreviewed/2023/09/GHSA-5836-grcc-8j89/GHSA-5836-grcc-8j89.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-5836-grcc-8j89", | ||
| "modified": "2023-09-24T03:30:20Z", | ||
| "published": "2023-09-24T03:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-1625" | ||
| ], | ||
| "details": "An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1625" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2023-1625" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://launchpad.net/bugs/1999665" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2023/09/GHSA-6qqp-4vm3-359v/GHSA-6qqp-4vm3-359v.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6qqp-4vm3-359v", | ||
| "modified": "2023-09-24T03:30:20Z", | ||
| "published": "2023-09-24T03:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-1633" | ||
| ], | ||
| "details": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1633" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2023-1633" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
42 changes: 42 additions & 0 deletions
42
advisories/unreviewed/2023/09/GHSA-6rx9-c2rh-3qv4/GHSA-6rx9-c2rh-3qv4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-6rx9-c2rh-3qv4", | ||
| "modified": "2023-09-24T03:30:20Z", | ||
| "published": "2023-09-24T03:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-1636" | ||
| ], | ||
| "details": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1636" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2023-1636" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |
58 changes: 58 additions & 0 deletions
58
advisories/unreviewed/2023/09/GHSA-92hx-3mh6-hc49/GHSA-92hx-3mh6-hc49.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-92hx-3mh6-hc49", | ||
| "modified": "2023-09-24T03:30:20Z", | ||
| "published": "2023-09-24T03:30:20Z", | ||
| "aliases": [ | ||
| "CVE-2023-1260" | ||
| ], | ||
| "details": "An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1260" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/errata/RHSA-2023:3976" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/errata/RHSA-2023:4093" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/errata/RHSA-2023:4312" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/errata/RHSA-2023:4898" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://access.redhat.com/security/cve/CVE-2023-1260" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176267" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
|
|
||
| ], | ||
| "severity": null, | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": null | ||
| } | ||
| } |