CWE-402
Allowed-with-ReviewTransmission of Private Resources into a New Sphere ('Resource Leak')
Abstraction: Class · Status: Draft
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.
44 vulnerabilities reference this CWE, most recent first.
GHSA-7VR7-CGHH-CH63
Vulnerability from github – Published: 2023-06-20 16:45 – Updated: 2023-06-20 16:45Impact
The mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated: - the rest response was also containing the mail unobfuscated - user were able to filter and sort on the unobfuscated (allowing to infer the mail content)
The consequence was the possibility to retrieve the email addresses of all users even when obfuscated.
See https://jira.xwiki.org/browse/XWIKI-20333 for the reproduction steps.
Patches
This has been patched in XWiki 14.10.4, XWiki 14.4.8, and XWiki 15.0-rc-1.
Workarounds
The workaround is to modify the page XWiki.LiveTableResultsMacros following this patch.
References
https://jira.xwiki.org/browse/XWIKI-20333
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira XWiki.org
- Email us at Security Mailing List
Attribution
This vulnerability has been reported on Intigriti by @floerer
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-livetable-ui"
},
"ranges": [
{
"events": [
{
"introduced": "3.5-milestone-1"
},
{
"fixed": "14.4.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-livetable-ui"
},
"ranges": [
{
"events": [
{
"introduced": "14.5"
},
{
"fixed": "14.10.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-34467"
],
"database_specific": {
"cwe_ids": [
"CWE-402",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-20T16:45:32Z",
"nvd_published_at": "2023-06-23T17:15:09Z",
"severity": "HIGH"
},
"details": "### Impact\nThe mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated:\n- the rest response was also containing the mail unobfuscated\n- user were able to filter and sort on the unobfuscated (allowing to infer the mail content)\n\nThe consequence was the possibility to retrieve the email addresses of all users even when obfuscated.\n\nSee https://jira.xwiki.org/browse/XWIKI-20333 for the reproduction steps.\n\n### Patches\nThis has been patched in XWiki 14.10.4, XWiki 14.4.8, and XWiki 15.0-rc-1.\n\n### Workarounds\nThe workaround is to modify the page `XWiki.LiveTableResultsMacros` following this [patch](https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a).\n\n### References\n\nhttps://jira.xwiki.org/browse/XWIKI-20333\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n\n### Attribution\n\nThis vulnerability has been reported on Intigriti by @floerer",
"id": "GHSA-7vr7-cghh-ch63",
"modified": "2023-06-20T16:45:32Z",
"published": "2023-06-20T16:45:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vr7-cghh-ch63"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34467"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20333"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "XWiki Platform may retrieve email addresses of all users "
}
GHSA-89XC-2H7R-QC62
Vulnerability from github – Published: 2025-01-15 18:30 – Updated: 2025-12-15 21:30Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6.
{
"affected": [],
"aliases": [
"CVE-2025-0502"
],
"database_specific": {
"cwe_ids": [
"CWE-402"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-15T18:15:24Z",
"severity": "MODERATE"
},
"details": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027) vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6.",
"id": "GHSA-89xc-2h7r-qc62",
"modified": "2025-12-15T21:30:27Z",
"published": "2025-01-15T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0502"
},
{
"type": "WEB",
"url": "https://craftercms.com/docs/current/security/advisory.html#cv-2025011501"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9J38-893W-VVH9
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.
{
"affected": [],
"aliases": [
"CVE-2017-8442"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-402"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-07T20:29:00Z",
"severity": "MODERATE"
},
"details": "Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.",
"id": "GHSA-9j38-893w-vvh9",
"modified": "2022-05-13T01:36:11Z",
"published": "2022-05-13T01:36:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8442"
},
{
"type": "WEB",
"url": "https://www.elastic.co/community/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9RC7-JMVV-4FHR
Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2025-11-12 09:30A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash.
{
"affected": [],
"aliases": [
"CVE-2022-30231"
],
"database_specific": {
"cwe_ids": [
"CWE-402",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-14T10:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions \u003c V2.6.6), SICAM GridEdge Essential Intel (All versions \u003c V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions \u003c V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions \u003c V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash.",
"id": "GHSA-9rc7-jmvv-4fhr",
"modified": "2025-11-12T09:30:26Z",
"published": "2022-06-15T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30231"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-631336.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-631336.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-CQMW-QRQR-V255
Vulnerability from github – Published: 2025-04-05 21:30 – Updated: 2025-04-05 21:30In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API.
{
"affected": [],
"aliases": [
"CVE-2025-32360"
],
"database_specific": {
"cwe_ids": [
"CWE-402"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-05T21:15:40Z",
"severity": "MODERATE"
},
"details": "In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information, and also to manipulate them via API.",
"id": "GHSA-cqmw-qrqr-v255",
"modified": "2025-04-05T21:30:23Z",
"published": "2025-04-05T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32360"
},
{
"type": "WEB",
"url": "https://zammad.com/en/advisories/zaa-2025-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FH4C-98RX-VXVW
Vulnerability from github – Published: 2025-12-01 18:30 – Updated: 2025-12-01 18:30Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected.
{
"affected": [],
"aliases": [
"CVE-2024-32388"
],
"database_specific": {
"cwe_ids": [
"CWE-402"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-01T16:15:49Z",
"severity": "MODERATE"
},
"details": "Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected.",
"id": "GHSA-fh4c-98rx-vxvw",
"modified": "2025-12-01T18:30:37Z",
"published": "2025-12-01T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32388"
},
{
"type": "WEB",
"url": "https://keros.docs.kerlink.com/security/security_advisories_kerOS5"
},
{
"type": "WEB",
"url": "https://www.bdosecurity.de/en-gb/advisories/cve-2024-32388"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G9W4-PRF3-M25G
Vulnerability from github – Published: 2023-07-27 19:28 – Updated: 2024-03-18 19:55Impact
The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.
See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.
Patches
This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.
Workarounds
The workaround is to modify the page XWiki.LiveTableResultsMacros following this patch.
References
- https://jira.xwiki.org/browse/XWIKI-20601
- https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira XWiki.org
- Email us at Security Mailing List
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-livetable-ui"
},
"ranges": [
{
"events": [
{
"introduced": "3.5-milestone-1"
},
{
"fixed": "14.10.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-livetable-ui"
},
"ranges": [
{
"events": [
{
"introduced": "15.0"
},
{
"fixed": "15.3-rc-1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-38509"
],
"database_specific": {
"cwe_ids": [
"CWE-402"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-27T19:28:45Z",
"nvd_published_at": "2023-11-07T04:17:20Z",
"severity": "MODERATE"
},
"details": "## Impact\n\nThe mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails.\n\nSee https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps.\n\n## Patches\n\nThis has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1.\n\n## Workarounds\n\nThe workaround is to modify the page XWiki.LiveTableResultsMacros following this [patch](https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c).\n\n## References\n\n- https://jira.xwiki.org/browse/XWIKI-20601\n- https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n- Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n- Email us at [Security Mailing List](mailto:security@xwiki.org)",
"id": "GHSA-g9w4-prf3-m25g",
"modified": "2024-03-18T19:55:38Z",
"published": "2023-07-27T19:28:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38509"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20601"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Obfuscated email addresses should not be sorted"
}
GHSA-J9WR-49VQ-RM5G
Vulnerability from github – Published: 2021-04-19 14:46 – Updated: 2021-10-08 21:24Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.
- https://vaadin.com/security/cve-2021-31407
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "14.4.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.vaadin:vaadin-bom"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0"
},
{
"fixed": "19.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"19.0.0"
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-402"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-16T23:12:45Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Vulnerability in OSGi integration in `com.vaadin:flow-server` versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.\n\n- https://vaadin.com/security/cve-2021-31407",
"id": "GHSA-j9wr-49vq-rm5g",
"modified": "2021-10-08T21:24:54Z",
"published": "2021-04-19T14:46:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vaadin/platform/security/advisories/GHSA-j9wr-49vq-rm5g"
},
{
"type": "PACKAGE",
"url": "https://github.com/vaadin/platform"
},
{
"type": "WEB",
"url": "https://vaadin.com/security/cve-2021-31407"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19"
}
GHSA-JQFC-9Q34-PRHG
Vulnerability from github – Published: 2025-11-30 03:30 – Updated: 2025-12-02 00:30Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "7.5.0"
},
{
"fixed": "7.6.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "7.1.0"
},
{
"fixed": "7.4.21"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "trytond"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.70"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66422"
],
"database_specific": {
"cwe_ids": [
"CWE-402"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T00:30:16Z",
"nvd_published_at": "2025-11-30T03:15:47Z",
"severity": "MODERATE"
},
"details": "Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.",
"id": "GHSA-jqfc-9q34-prhg",
"modified": "2025-12-02T00:30:16Z",
"published": "2025-11-30T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66422"
},
{
"type": "WEB",
"url": "https://discuss.tryton.org/t/security-release-for-issue-14354/8950"
},
{
"type": "WEB",
"url": "https://foss.heptapod.net/tryton/tryton/-/issues/14354"
},
{
"type": "PACKAGE",
"url": "https://github.com/tryton/trytond"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "trytond allows remote attackers to obtain sensitive trace-back (server setup) information"
}
GHSA-MMC5-HGPC-M8Q5
Vulnerability from github – Published: 2024-01-02 21:30 – Updated: 2024-04-25 18:30A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.
{
"affected": [],
"aliases": [
"CVE-2023-7192"
],
"database_specific": {
"cwe_ids": [
"CWE-401",
"CWE-402"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-02T19:15:11Z",
"severity": "MODERATE"
},
"details": "A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.",
"id": "GHSA-mmc5-hgpc-m8q5",
"modified": "2024-04-25T18:30:38Z",
"published": "2024-01-02T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7192"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-7192"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.