[GHSA-7mgx-gvjw-m3w3] CrateDB authentication bypass vulnerability

advisories/github-reviewed/2024/01/GHSA-7mgx-gvjw-m3w3/GHSA-7mgx-gvjw-m3w3.json

@@ -1,18 +1,14 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7mgx-gvjw-m3w3",
-  "modified": "2024-09-13T18:28:16Z",
+  "modified": "2024-09-13T18:28:18Z",
   "published": "2024-01-30T03:30:30Z",
   "aliases": [
     "CVE-2023-51982"
   ],
   "summary": "CrateDB authentication bypass vulnerability",
   "details": "CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
@@ -94,25 +90,6 @@
           ]
         }
       ]
-    },
-    {
-      "package": {
-        "ecosystem": "PyPI",
-        "name": "crate"
-      },
-      "ranges": [
-        {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "0"
-            },
-            {
-              "last_affected": "0.35.2"
-            }
-          ]
-        }
-      ]
     }
   ],
   "references": [
@@ -128,10 +105,6 @@
       "type": "WEB",
       "url": "https://github.com/crate/crate/pull/15234"
     },
-    {
-      "type": "WEB",
-      "url": "https://github.com/crate/crate-python/commit/813946b9420d45877ef7c369311dbc8804d6674f"
-    },
     {
       "type": "WEB",
       "url": "https://github.com/crate/crate/commit/0c166ef083bec4d64dd55c1d8cb9b3dec350d241"