diff --git a/advisories/unreviewed/2023/09/GHSA-5836-grcc-8j89/GHSA-5836-grcc-8j89.json b/advisories/unreviewed/2023/09/GHSA-5836-grcc-8j89/GHSA-5836-grcc-8j89.json new file mode 100644 index 0000000000000..49ac29fe65cff --- /dev/null +++ b/advisories/unreviewed/2023/09/GHSA-5836-grcc-8j89/GHSA-5836-grcc-8j89.json @@ -0,0 +1,50 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5836-grcc-8j89", + "modified": "2023-09-24T03:30:20Z", + "published": "2023-09-24T03:30:20Z", + "aliases": [ + "CVE-2023-1625" + ], + "details": "An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1625" + }, + { + "type": "WEB", + "url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2023-1625" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621" + }, + { + "type": "WEB", + "url": "https://launchpad.net/bugs/1999665" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/09/GHSA-6qqp-4vm3-359v/GHSA-6qqp-4vm3-359v.json b/advisories/unreviewed/2023/09/GHSA-6qqp-4vm3-359v/GHSA-6qqp-4vm3-359v.json new file mode 100644 index 0000000000000..a8c436d7f8049 --- /dev/null +++ b/advisories/unreviewed/2023/09/GHSA-6qqp-4vm3-359v/GHSA-6qqp-4vm3-359v.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6qqp-4vm3-359v", + "modified": "2023-09-24T03:30:20Z", + "published": "2023-09-24T03:30:20Z", + "aliases": [ + "CVE-2023-1633" + ], + "details": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1633" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2023-1633" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/09/GHSA-6rx9-c2rh-3qv4/GHSA-6rx9-c2rh-3qv4.json b/advisories/unreviewed/2023/09/GHSA-6rx9-c2rh-3qv4/GHSA-6rx9-c2rh-3qv4.json new file mode 100644 index 0000000000000..af1be44c7d080 --- /dev/null +++ b/advisories/unreviewed/2023/09/GHSA-6rx9-c2rh-3qv4/GHSA-6rx9-c2rh-3qv4.json @@ -0,0 +1,42 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6rx9-c2rh-3qv4", + "modified": "2023-09-24T03:30:20Z", + "published": "2023-09-24T03:30:20Z", + "aliases": [ + "CVE-2023-1636" + ], + "details": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1636" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2023-1636" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2023/09/GHSA-92hx-3mh6-hc49/GHSA-92hx-3mh6-hc49.json b/advisories/unreviewed/2023/09/GHSA-92hx-3mh6-hc49/GHSA-92hx-3mh6-hc49.json new file mode 100644 index 0000000000000..d21e45755af6e --- /dev/null +++ b/advisories/unreviewed/2023/09/GHSA-92hx-3mh6-hc49/GHSA-92hx-3mh6-hc49.json @@ -0,0 +1,58 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-92hx-3mh6-hc49", + "modified": "2023-09-24T03:30:20Z", + "published": "2023-09-24T03:30:20Z", + "aliases": [ + "CVE-2023-1260" + ], + "details": "An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [ + + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1260" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:3976" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:4093" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:4312" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:4898" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2023-1260" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176267" + } + ], + "database_specific": { + "cwe_ids": [ + + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": null + } +} \ No newline at end of file