All the vulnerabilites related to redhat - ansible_automation_platform
cve-2022-1632
Vulnerability from cvelistv5
Published
2022-09-01 00:00
Modified
2024-08-03 00:10
Severity ?
EPSS score ?
Summary
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Openshift",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.8.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1632",
"datePublished": "2022-09-01T00:00:00",
"dateReserved": "2022-05-09T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3532
Vulnerability from cvelistv5
This CVE is marked as INVALID and not a bug
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-01-15T16:44:44.547Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE is marked as INVALID and not a bug"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3532",
"datePublished": "2021-06-09T11:09:03",
"dateRejected": "2024-01-15T15:50:43.309Z",
"dateReserved": "2021-05-03T00:00:00",
"dateUpdated": "2024-01-15T16:44:44.547Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
cve-2021-3533
Vulnerability from cvelistv5
This vulnerability does not meet the criteria for a security vulnerability
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-01-23T12:25:46.129Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This vulnerability does not meet the criteria for a security vulnerability"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3533",
"datePublished": "2021-06-09T11:09:16",
"dateRejected": "2024-01-15T16:11:56.140Z",
"dateReserved": "2021-05-03T00:00:00",
"dateUpdated": "2024-01-23T12:25:46.129Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
cve-2021-3583
Vulnerability from cvelistv5
Published
2021-09-22 00:00
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412"
},
{
"name": "[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ansible_tower 3.7, ansible_engine 2.9.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible, where a user\u0027s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20-\u003eCWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:06:20.554219",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412"
},
{
"name": "[debian-lts-announce] 20231228 [SECURITY] [DLA 3695-1] ansible security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3583",
"datePublished": "2021-09-22T00:00:00",
"dateReserved": "2021-06-07T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44487
Vulnerability from cvelistv5
Published
2023-10-10 00:00
Modified
2024-08-19 07:48
Severity ?
EPSS score ?
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-44487",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T20:34:21.334116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:35:03.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:48:04.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"tags": [
"x_transferred"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"tags": [
"x_transferred"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"tags": [
"x_transferred"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"tags": [
"x_transferred"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"tags": [
"x_transferred"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:34.967324",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"url": "https://github.com/golang/go/issues/63417"
},
{
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"url": "https://github.com/line/armeria/pull/5232"
},
{
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-44487",
"datePublished": "2023-10-10T00:00:00",
"dateReserved": "2023-09-29T00:00:00",
"dateUpdated": "2024-08-19T07:48:04.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5189
Vulnerability from cvelistv5
Published
2023-11-14 22:57
Modified
2024-12-06 11:10
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:7773 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1536 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2010 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5189 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2234387 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected: 0:0.4.18-1.el8ap < * cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"name": "RHSA-2024:1536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"name": "RHSA-2024:2010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"name": "RHBZ#2234387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:15:00.429640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:16:10.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "python3x-galaxy-importer",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.14::el8",
"cpe:/a:redhat:satellite:6.14::el8",
"cpe:/a:redhat:satellite_capsule:6.14::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.14 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.18-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.19-2.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_maintenance:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8",
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "python-galaxy-importer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.19-2.el8pc",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-09-26T05:28:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T11:10:59.899Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"name": "RHSA-2024:1536",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"name": "RHSA-2024:2010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"name": "RHBZ#2234387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-26T05:28:00+00:00",
"value": "Made public."
}
],
"title": "Hub: insecure galaxy-importer tarfile extraction",
"x_redhatCweChain": "CWE-23: Relative Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5189",
"datePublished": "2023-11-14T22:57:00.584Z",
"dateReserved": "2023-09-26T05:27:24.004Z",
"dateUpdated": "2024-12-06T11:10:59.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5764
Vulnerability from cvelistv5
Published
2023-12-12 22:01
Modified
2024-11-23 03:36
Severity ?
EPSS score ?
Summary
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:7773 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5764 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2247629 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected: 1:2.15.8-1.el8ap < * cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T03:55:28.216152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:39:40.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-25T13:07:31.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5764"
},
{
"name": "RHBZ#2247629",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241025-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.8-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.8-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.8-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.8-1.el9ap",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-11-02T12:57:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T03:36:26.977Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5764"
},
{
"name": "RHBZ#2247629",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-02T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-02T12:57:00+00:00",
"value": "Made public."
}
],
"title": "Ansible: template injection",
"x_redhatCweChain": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5764",
"datePublished": "2023-12-12T22:01:33.467Z",
"dateReserved": "2023-10-25T10:27:46.601Z",
"dateUpdated": "2024-11-23T03:36:26.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7143
Vulnerability from cvelistv5
Published
2024-08-07 16:49
Modified
2024-12-31 14:23
Severity ?
EPSS score ?
Summary
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:6765 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-7143 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2300125 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/pulp/pulpcore/blob/93f241f34c503da0fbac94bdba739feda2636e12/pulpcore/tasking/_util.py#L108 |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ 3.56.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T17:28:33.839214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T17:28:52.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-10T22:53:16.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/pulp/pulpcore/blob/main/CHANGES.md"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/pulp/pulpcore",
"defaultStatus": "unaffected",
"packageName": "pulp",
"versions": [
{
"lessThanOrEqual": "3.56.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "automation-controller",
"product": "Red Hat Ansible Automation Platform 1.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python3x-urllib3",
"product": "Red Hat Ansible Automation Platform 1.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python-urllib3",
"product": "Red Hat Ansible Automation Platform 1.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "receptor",
"product": "Red Hat Ansible Automation Platform 1.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "automation-controller",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python3x-django",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python3x-pulpcore",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python3x-urllib3",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python-django",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python-pulpcore",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python-urllib3",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "unaffected",
"packageName": "receptor",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "python3x-pulpcore",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "python-pulpcore",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "python-pulpcore",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhui:4::el8"
],
"defaultStatus": "unaffected",
"packageName": "python-pulpcore",
"product": "Red Hat Update Infrastructure 4 for Cloud Providers",
"vendor": "Red Hat"
}
],
"datePublic": "2024-08-07T13:50:03.893000+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn\u0027t dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T14:23:03.504Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:6765",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:6765"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-7143"
},
{
"name": "RHBZ#2300125",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300125"
},
{
"url": "https://github.com/pulp/pulpcore/blob/93f241f34c503da0fbac94bdba739feda2636e12/pulpcore/tasking/_util.py#L108"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-26T19:01:06+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-08-07T13:50:03.893000+00:00",
"value": "Made public."
}
],
"title": "Pulpcore: rbac permissions incorrectly assigned in tasks that create objects",
"x_redhatCweChain": "CWE-277: Insecure Inherited Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-7143",
"datePublished": "2024-08-07T16:49:29.842Z",
"dateReserved": "2024-07-26T18:48:08.747Z",
"dateUpdated": "2024-12-31T14:23:03.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20228
Vulnerability from cvelistv5
Published
2021-04-29 15:34
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1925002 | x_refsource_MISC | |
| https://github.com/ansible/ansible/pull/73487 | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-4950 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ansible/ansible/pull/73487"
},
{
"name": "DSA-4950",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ansible-engine 2.9.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200-\u003eCWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-07T14:06:24",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ansible/ansible/pull/73487"
},
{
"name": "DSA-4950",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "ansible-engine 2.9.18"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200-\u003eCWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002"
},
{
"name": "https://github.com/ansible/ansible/pull/73487",
"refsource": "MISC",
"url": "https://github.com/ansible/ansible/pull/73487"
},
{
"name": "DSA-4950",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20228",
"datePublished": "2021-04-29T15:34:08",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10033
Vulnerability from cvelistv5
Published
2024-10-16 16:59
Modified
2025-01-06 22:01
Severity ?
EPSS score ?
Summary
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:8534 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-10033 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2319162 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ |
||||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T17:37:00.293002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T17:56:50.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/ansible/ansible",
"defaultStatus": "unaffected",
"packageName": "aap-gateway",
"versions": [
{
"lessThan": "2.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "automation-gateway",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.3-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform:2.5::el8"
],
"defaultStatus": "affected",
"packageName": "automation-gateway",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.3-1.el9ap",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Rick Elrod (Red Hat)."
}
],
"datePublic": "2024-10-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T22:01:25.224Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:8534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8534"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-10033"
},
{
"name": "RHBZ#2319162",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319162"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-16T13:44:08.666000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-10-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Aap-gateway: xss on aap-gateway",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-10033",
"datePublished": "2024-10-16T16:59:43.968Z",
"dateReserved": "2024-10-16T13:48:55.226Z",
"dateUpdated": "2025-01-06T22:01:25.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3971
Vulnerability from cvelistv5
Published
2023-10-04 14:26
Modified
2024-11-23 00:01
Severity ?
EPSS score ?
Summary
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:4340 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:4590 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-3971 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2226965 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.3 for RHEL 8 |
Unaffected: 0:4.3.11-1.el8ap < * cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8 cpe:/a:redhat:ansible_automation_platform:2.3::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9 cpe:/a:redhat:ansible_automation_platform:2.3::el8 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-26T19:46:29.640652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:34.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:4340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4340"
},
{
"name": "RHSA-2023:4590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4590"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3971"
},
{
"name": "RHBZ#2226965",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform:2.3::el8"
],
"defaultStatus": "affected",
"packageName": "automation-controller",
"product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.3.11-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform:2.3::el8"
],
"defaultStatus": "affected",
"packageName": "automation-controller",
"product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.3.11-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "automation-controller",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.4.1-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "automation-controller",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.4.1-1.el9ap",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Kunal Pusdekar (redhat) for reporting this issue."
}
],
"datePublic": "2023-07-27T07:28:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T00:01:43.067Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:4340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4340"
},
{
"name": "RHSA-2023:4590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4590"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3971"
},
{
"name": "RHBZ#2226965",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-18T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-27T07:28:00+00:00",
"value": "Made public."
}
],
"title": "Controller: html injection in custom login info",
"x_redhatCweChain": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3971",
"datePublished": "2023-10-04T14:26:01.621Z",
"dateReserved": "2023-07-27T07:24:40.604Z",
"dateUpdated": "2024-11-23T00:01:43.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0690
Vulnerability from cvelistv5
Published
2024-02-06 12:00
Modified
2024-11-23 03:38
Severity ?
EPSS score ?
Summary
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0733 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2246 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3043 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-0690 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2259013 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/ansible/ansible/pull/82565 |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 2.14.0 ≤ Version: 2.15.0 ≤ Version: 2.16.0 ≤ |
||||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T18:30:30.103500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:35.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0733",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0733"
},
{
"name": "RHSA-2024:2246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2246"
},
{
"name": "RHSA-2024:3043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3043"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0690"
},
{
"name": "RHBZ#2259013",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ansible/ansible/pull/82565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.ansible.com/",
"defaultStatus": "unaffected",
"packageName": "ansible",
"versions": [
{
"lessThan": "2.14.4",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
},
{
"lessThan": "2.15.9",
"status": "affected",
"version": "2.15.0",
"versionType": "semver"
},
{
"lessThan": "2.16.3",
"status": "affected",
"version": "2.16.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.9-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.9-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.16.3-2.el8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.14.14-1.el9",
"versionType": "rpm"
}
]
}
],
"datePublic": "2024-01-18T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T03:38:59.164Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0733",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0733"
},
{
"name": "RHSA-2024:2246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2246"
},
{
"name": "RHSA-2024:3043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3043"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0690"
},
{
"name": "RHBZ#2259013",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
},
{
"url": "https://github.com/ansible/ansible/pull/82565"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-18T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-18T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration",
"workarounds": [
{
"lang": "en",
"value": "Explicitly setting \u0027no_log\u0027 within the playbook will prevent the output from containing potentially sensitive information."
}
],
"x_redhatCweChain": "CWE-117: Improper Output Neutralization for Logs"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0690",
"datePublished": "2024-02-06T12:00:28.505Z",
"dateReserved": "2024-01-18T16:03:22.626Z",
"dateUpdated": "2024-11-23T03:38:59.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50782
Vulnerability from cvelistv5
Published
2024-02-05 20:45
Modified
2024-11-25 10:24
Severity ?
EPSS score ?
Summary
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-50782 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 3.2 ≤ |
||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:43.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50782"
},
{
"name": "RHBZ#2254432",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/pyca/cryptography",
"defaultStatus": "unaffected",
"packageName": "python-cryptography",
"versions": [
{
"lessThan": "42.0.0",
"status": "affected",
"version": "3.2",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"packageName": "python-cryptography",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "python-cryptography",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "python39:3.9/python-cryptography",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "python-cryptography",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "python-cryptography",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "python-cryptography",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhui:4::el8"
],
"defaultStatus": "affected",
"packageName": "python-cryptography",
"product": "Red Hat Update Infrastructure 4 for Cloud Providers",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Hubert Kario (Red Hat)."
}
],
"datePublic": "2023-12-13T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T10:24:46.647Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50782"
},
{
"name": "RHBZ#2254432",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-13T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-13T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-327-\u003eCWE-385-\u003eCWE-208: Use of a Broken or Risky Cryptographic Algorithm leads to Covert Timing Channel leads to Observable Timing Discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-50782",
"datePublished": "2024-02-05T20:45:49.705Z",
"dateReserved": "2023-12-13T20:44:02.023Z",
"dateUpdated": "2024-11-25T10:24:46.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3644
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | pulp_ansible |
Version: 0.15 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pulp_ansible",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp\u0027s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3644",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-10-21T00:00:00",
"dateUpdated": "2024-08-03T01:14:03.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4380
Vulnerability from cvelistv5
Published
2023-10-04 14:24
Modified
2024-11-23 00:12
Severity ?
EPSS score ?
Summary
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:4693 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4380 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2232324 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected: 0:1.0.1-1.el8ap < * cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:4693",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4380"
},
{
"name": "RHBZ#2232324",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "automation-eda-controller",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.0.1-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9"
],
"defaultStatus": "affected",
"packageName": "automation-eda-controller",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.0.1-1.el9ap",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-08-16T10:05:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T00:12:44.378Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:4693",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4380"
},
{
"name": "RHBZ#2232324",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-16T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-16T10:05:00+00:00",
"value": "Made public."
}
],
"title": "Platform: token exposed at importing project",
"x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4380",
"datePublished": "2023-10-04T14:24:35.121Z",
"dateReserved": "2023-08-16T10:02:36.139Z",
"dateUpdated": "2024-11-23T00:12:44.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5115
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2024-12-06 11:10
Severity ?
EPSS score ?
Summary
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:5701 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:5758 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5115 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2233810 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.3 for RHEL 8 |
Unaffected: 0:2.14.11-1.el8ap < * cpe:/a:redhat:ansible_automation_platform:2.3::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8 cpe:/a:redhat:ansible_automation_platform:2.3::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:5701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5701"
},
{
"name": "RHSA-2023:5758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5758"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5115"
},
{
"name": "RHBZ#2233810",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.14.11-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.14.11-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.15.5-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.15.5-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform"
],
"defaultStatus": "affected",
"packageName": "ansible",
"product": "Red Hat Ansible Automation Platform 1.2",
"vendor": "Red Hat"
}
],
"datePublic": "2023-09-21T19:33:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T11:10:44.793Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:5701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5701"
},
{
"name": "RHSA-2023:5758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5758"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5115"
},
{
"name": "RHBZ#2233810",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-21T19:33:00+00:00",
"value": "Made public."
}
],
"title": "Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files",
"x_redhatCweChain": "CWE-36: Absolute Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5115",
"datePublished": "2023-12-18T13:43:07.791Z",
"dateReserved": "2023-09-21T19:29:27.130Z",
"dateUpdated": "2024-12-06T11:10:44.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2568
Vulnerability from cvelistv5
Published
2022-08-18 19:28
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2108653 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Red Hat Ansible Automation Platform |
Version: 2.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Hat Ansible Automation Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with \u0027change user\u0027 permissions to modify the account settings of the superuser account and also remove the superuser privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Privilege Management",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T19:28:20",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2568",
"datePublished": "2022-08-18T19:28:20",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4112
Vulnerability from cvelistv5
Published
2022-08-25 19:35
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2028121 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2021-4112 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | ansible-tower |
Version: Fixed in ansible-tower 3.8.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible-tower",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in ansible-tower 3.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 - Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T19:35:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4112"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4112",
"datePublished": "2022-08-25T19:35:45",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3681
Vulnerability from cvelistv5
Published
2022-04-18 16:20
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1989407 | x_refsource_MISC | |
| https://github.com/ansible/galaxy/issues/1977 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989407"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ansible/galaxy/issues/1977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ansible 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in \"galaxy.yml\" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user\u0027s Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522-\u003eCWE-212",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-18T16:20:37",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989407"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ansible/galaxy/issues/1977"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3681",
"datePublished": "2022-04-18T16:20:37",
"dateReserved": "2021-08-03T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4237
Vulnerability from cvelistv5
Published
2023-10-04 14:23
Modified
2024-11-23 01:27
Severity ?
EPSS score ?
Summary
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2023:5653 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHBA-2023:5666 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-4237 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2229979 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform:2.4::el8 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-25T13:07:30.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBA-2023:5653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2023:5653"
},
{
"name": "RHBA-2023:5666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2023:5666"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4237"
},
{
"name": "RHBZ#2229979",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241025-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-24/ee-supported-rhel8",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.0.0-423",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_cloud_billing:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-automation-platform-24/ee-supported-rhel9",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.0.0-424",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jill Rouleau (redhat) for reporting this issue."
}
],
"datePublic": "2023-08-08T11:15:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system\u0027s confidentiality, integrity, and availability."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T01:27:07.673Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2023:5653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2023:5653"
},
{
"name": "RHBA-2023:5666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2023:5666"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4237"
},
{
"name": "RHBZ#2229979",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-08T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-08T11:15:00+00:00",
"value": "Made public."
}
],
"title": "Platform: ec2_key module prints out the private key directly to the standard output",
"x_redhatCweChain": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4237",
"datePublished": "2023-10-04T14:23:20.710Z",
"dateReserved": "2023-08-08T11:15:05.990Z",
"dateUpdated": "2024-11-23T01:27:07.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3205
Vulnerability from cvelistv5
Published
2022-09-13 19:19
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-3205 | vdb-entry, x_redhatRef | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2120597 | issue-tracking, x_redhatRef |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Ansible Automation Platform 1.2 |
cpe:/a:redhat:ansible_automation_platform |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_redhatRef",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3205"
},
{
"name": "RHBZ#2120597",
"tags": [
"issue-tracking",
"x_redhatRef",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform"
],
"defaultStatus": "affected",
"packageName": "ansible-tower",
"product": "Red Hat Ansible Automation Platform 1.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"packageName": "automation-controller",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Oleg Sushchenko (Red Hat)."
}
],
"datePublic": "2022-08-23T11:20:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection"
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T17:53:01.922Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_redhatRef"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3205"
},
{
"name": "RHBZ#2120597",
"tags": [
"issue-tracking",
"x_redhatRef"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120597"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-08-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-08-23T11:20:00+00:00",
"value": "Made public."
}
],
"title": "Controller: cross site scripting in automation controller ui",
"x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3205",
"datePublished": "2022-09-13T19:19:46",
"dateReserved": "2022-09-13T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-09-13 20:15
Modified
2024-11-21 07:19
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 1.2 | |
| redhat | ansible_automation_platform | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA4F8F3-6FC3-4ADD-BB96-A707E94AB0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection"
},
{
"lang": "es",
"value": "Se presenta un ataque de tipo un XSS en la Interfaz de Usuario del controlador de automatizaci\u00f3n en el que el nombre del proyecto es susceptible de inyecci\u00f3n de tipo XSS"
}
],
"id": "CVE-2022-3205",
"lastModified": "2024-11-21T07:19:02.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T20:15:09.937",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2022-3205"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/security/cve/CVE-2022-3205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120597"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-06 12:15
Modified
2024-11-21 08:47
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible | * | |
| redhat | ansible | * | |
| redhat | ansible | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | ansible_automation_platform | 2.4 | |
| redhat | ansible_developer | 1.1 | |
| redhat | ansible_inside | 1.2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
"matchCriteriaId": "645218EF-62EC-4EA5-B196-6C52CC6BF0C6",
"versionEndExcluding": "2.14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80D311E-FA64-4A61-BC42-441B56D3A019",
"versionEndExcluding": "2.15.9",
"versionStartIncluding": "2.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1B5190-DFC2-4C0F-B190-515D768BB3CD",
"versionEndExcluding": "2.16.3",
"versionStartIncluding": "2.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de divulgaci\u00f3n de informaci\u00f3n en ansible-core debido a que no se respet\u00f3 la configuraci\u00f3n de ANSIBLE_NO_LOG en algunos escenarios. Se descubri\u00f3 que la informaci\u00f3n todav\u00eda se incluye en la salida de determinadas tareas, como los elementos del bucle. Dependiendo de la tarea, este problema puede incluir informaci\u00f3n confidencial, como valores secretos descifrados."
}
],
"id": "CVE-2024-0690",
"lastModified": "2024-11-21T08:47:09.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-06T12:15:55.530",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0733"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2246"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:3043"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0690"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/ansible/ansible/pull/82565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:2246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:3043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/ansible/ansible/pull/82565"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 06:22
Severity ?
Summary
A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1989407 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://github.com/ansible/galaxy/issues/1977 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1989407 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ansible/galaxy/issues/1977 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 1.2 | |
| redhat | ansible_galaxy | 3.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA4F8F3-6FC3-4ADD-BB96-A707E94AB0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_galaxy:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1690AEF3-1BBC-40FE-9B89-AD11691269B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in \"galaxy.yml\" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user\u0027s Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en Ansible Galaxy Collections. Cuando las colecciones son construidas manualmente, cualquier archivo en el directorio del repositorio que no sea excluido expl\u00edcitamente por medio de la lista \"build_ignore\" en \"galaxy.yml\" incluye archivos en el archivo \".tar.gz\". Esto contiene informaci\u00f3n confidencial, como la clave de la API de Ansible Galaxy del usuario y cualquier secreto en la salida verbosa de \"ansible\" o \"ansible-playbook\" sin la redacci\u00f3n \"no_log\". Actualmente, no se presenta forma de eliminar una colecci\u00f3n o una versi\u00f3n de la colecci\u00f3n. Una vez publicada, cualquiera que descargue o instale la colecci\u00f3n puede visualizar los secretos"
}
],
"id": "CVE-2021-3681",
"lastModified": "2024-11-21T06:22:08.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-18T17:15:15.507",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989407"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ansible/galaxy/issues/1977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ansible/galaxy/issues/1977"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 17:15
Modified
2024-10-30 18:50
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:8534 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2024-10033 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2319162 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 2.5 | |
| redhat | ansible_developer | 1.2 | |
| redhat | ansible_inside | 1.3 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3FEC89-D26D-4144-8298-4276390AE424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF19DE86-0524-4785-B606-F8E384FD23F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C9238C-11E7-42A2-A87B-3B82F1F6DA5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the \"?next=\" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en aap-gateway. Existe una vulnerabilidad de cross-site scripting (XSS) en el componente de puerta de enlace. Esta falla permite que un usuario malintencionado realice acciones que afectan a los usuarios mediante el uso del \"?next=\" en una URL, lo que puede provocar redireccionamientos, inyecci\u00f3n de secuencias de comandos maliciosas, robo de sesiones y datos."
}
],
"id": "CVE-2024-10033",
"lastModified": "2024-10-30T18:50:04.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T17:15:13.267",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:8534"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-10033"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319162"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-04 15:15
Modified
2024-11-21 08:34
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2023:4693 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-4380 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2232324 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2023:4693 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-4380 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2232324 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 2.4 | |
| redhat | ansible_developer | 1.1 | |
| redhat | ansible_inside | 1.2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability."
},
{
"lang": "es",
"value": "Existe un defecto l\u00f3gico en Ansible. Siempre que se crea un proyecto privado con credenciales incorrectas, se registra en texto plano. Esta falla permite que un atacante recupere las credenciales del registro, lo que resulta en la p\u00e9rdida de confidencialidad, integridad y disponibilidad."
}
],
"id": "CVE-2023-4380",
"lastModified": "2024-11-21T08:34:58.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-04T15:15:12.703",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4380"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-07 17:15
Modified
2024-11-21 09:50
Severity ?
Summary
A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulpproject | pulp | - | |
| pulpproject | pulp | - | |
| redhat | ansible_automation_platform | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulpproject:pulp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18134FC-116E-48A5-A768-6368FF852E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulpproject:pulp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D18134FC-116E-48A5-A768-6368FF852E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn\u0027t dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un defecto en el paquete Pulp. Cuando un objeto de control de acceso basado en roles (RBAC) en Pulp est\u00e1 configurado para asignar permisos en su creaci\u00f3n, utiliza `AutoAddObjPermsMixin` (normalmente el m\u00e9todo add_roles_for_object_creator). Este m\u00e9todo encuentra al creador del objeto verificando el usuario autenticado actual. Para los objetos que se crean dentro de una tarea, este usuario actual lo establece el primer usuario con permisos en el objeto de la tarea. Esto significa que el usuario m\u00e1s antiguo con permisos de tareas a nivel de modelo/dominio siempre se configurar\u00e1 como el usuario actual de una tarea, incluso si no envi\u00f3 la tarea. Por lo tanto, todos los objetos creados en tareas tendr\u00e1n sus permisos asignados a este usuario m\u00e1s antiguo y el usuario creador no recibir\u00e1 nada."
}
],
"id": "CVE-2024-7143",
"lastModified": "2024-11-21T09:50:56.110",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-07T17:15:52.337",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:6765"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-7143"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300125"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/pulp/pulpcore/blob/93f241f34c503da0fbac94bdba739feda2636e12/pulpcore/tasking/_util.py#L108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/pulp/pulpcore/blob/main/CHANGES.md"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-277"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-01 21:15
Modified
2024-11-21 06:41
Severity ?
Summary
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2081181 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2081181 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 2.0 | |
| redhat | openshift_container_platform | 4.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality."
},
{
"lang": "es",
"value": "Se ha encontrado un ataque de comprobaci\u00f3n inapropiada de certificados en Openshift. Una ruta de re-encriptaci\u00f3n con destinationCACertificate expl\u00edcitamente establecido en el serviceCA por defecto omite la comprobaci\u00f3n del certificado TLS del servicio interno. Este fallo permite a un atacante explotar un certificado no v\u00e1lido, resultando en una p\u00e9rdida de confidencialidad"
}
],
"id": "CVE-2022-1632",
"lastModified": "2024-11-21T06:41:08.257",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-01T21:15:08.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-25 18:15
Modified
2024-11-21 07:19
Severity ?
Summary
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pulpproject | pulp_ansible | - | |
| redhat | ansible_automation_platform | 2.0 | |
| redhat | satellite | 6.0 | |
| redhat | update_infrastructure | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pulpproject:pulp_ansible:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCED721-A508-4E93-ACF5-AB2B6C4BF2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:update_infrastructure:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "812C62CE-7B5A-491C-A02E-0E848D1FD780",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp\u0027s encrypted field and exposes them in read/write mode via the API () instead of marking it as write only."
},
{
"lang": "es",
"value": "La colecci\u00f3n remota para pulp_ansible almacena tokens en texto plano en lugar de usar el campo encriptado de pulp y los expone en modo de lectura/escritura por medio de la API () en lugar de marcarla como s\u00f3lo de escritura"
}
],
"id": "CVE-2022-3644",
"lastModified": "2024-11-21T07:19:56.747",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-25T18:15:10.020",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-256"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 20:15
Modified
2024-11-21 06:36
Severity ?
Summary
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2021-4112 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2028121 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2021-4112 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2028121 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform_early_access | 2.0 | |
| redhat | ansible_automation_platform_text-only_advisories | - | |
| redhat | ansible_tower | 3.0 | |
| redhat | ansible_automation_platform | 2.0 | |
| redhat | ansible_automation_platform | 2.1 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform_early_access:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3871C74-20C4-4212-AEF1-D792637A92B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform_text-only_advisories:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C8C05E-EFDF-46AA-AAC3-36E117DBB87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B31C575C-06D2-4CAF-A5B7-B9469B3ED55F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E776BFA8-3F0B-46F3-9FC0-EA9D6EC5CC84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en ansible-tower en el que la instalaci\u00f3n por defecto es vulnerable al escape de aislamiento de trabajos. Este fallo permite a un atacante elevar el privilegio de un usuario con pocos privilegios a un usuario AWX desde fuera del entorno aislado."
}
],
"id": "CVE-2021-4112",
"lastModified": "2024-11-21T06:36:55.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T20:15:09.530",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4112"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028121"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-04 15:15
Modified
2024-11-21 08:34
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 2.0 | |
| redhat | ansible_collection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60009086-F9BE-4F69-B37C-1F57F8C2C4D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system\u0027s confidentiality, integrity, and availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en la plataforma de automatizaci\u00f3n Ansible. Al crear un nuevo par de claves, el m\u00f3dulo ec2_key imprime la clave privada directamente en la salida est\u00e1ndar. Esta falla permite que un atacante obtenga esas claves de los archivos de registro, comprometiendo la confidencialidad, integridad y disponibilidad del sistema."
}
],
"id": "CVE-2023-4237",
"lastModified": "2024-11-21T08:34:41.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-04T15:15:12.643",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHBA-2023:5653"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHBA-2023:5666"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4237"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHBA-2023:5653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHBA-2023:5666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241025-0002/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-497"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-12 22:15
Modified
2024-11-21 08:42
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible | * | |
| redhat | ansible | * | |
| redhat | ansible | 2.16.0 | |
| redhat | ansible | 2.16.0 | |
| redhat | ansible | 2.16.0 | |
| redhat | ansible | 2.16.0 | |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| redhat | ansible_automation_platform | 2.4 | |
| redhat | ansible_developer | 1.1 | |
| redhat | ansible_inside | 1.2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5995DC14-0DBB-4784-B57D-21F850D4CE63",
"versionEndExcluding": "2.14.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4212FD6E-7D15-403C-9B4B-48F348F18501",
"versionEndExcluding": "2.15.7",
"versionStartIncluding": "2.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible:2.16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D717EC3B-C9C9-49C5-B64B-58A46A6A99B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible:2.16.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B01E3989-78A3-4CD3-9F6B-CD5AF3559365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible:2.16.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D109D9B1-B465-4708-BC0C-134AF8D81BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible:2.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "90BA6AD3-1627-46DA-9972-96A567EC17A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de inyecci\u00f3n de plantilla en Ansible donde las operaciones de creaci\u00f3n de plantillas internas del controlador de un usuario pueden eliminar la designaci\u00f3n insegura de los datos de la plantilla. Este problema podr\u00eda permitir que un atacante utilice un archivo especialmente manipulado para introducir la inyecci\u00f3n de c\u00f3digo al proporcionar datos de plantillas."
}
],
"id": "CVE-2023-5764",
"lastModified": "2024-11-21T08:42:26.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-12T22:15:22.747",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5764"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241025-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1336"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-10 14:15
Modified
2024-12-20 17:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
Impacted products
{
"cisaActionDue": "2023-10-31",
"cisaExploitAdd": "2023-10-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5200E35-222B-42E0-83E0-5B702684D992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BDC297-F023-4E87-8518-B84CCF9DD6A8",
"versionEndExcluding": "1.57.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D12D5257-7ED2-400F-9EF7-40E0D3650C2B",
"versionEndExcluding": "4.1.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1B058776-B5B7-4079-B0AF-23F40926DCEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D565975-EFD9-467C-B6E3-1866A4EF17A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D487271-1B5E-4F16-B0CB-A7B8908935C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A6F189-6C43-462D-85C9-B0EBDA8A4683",
"versionEndExcluding": "9.4.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C993C920-85C0-4181-A95E-5D965A670738",
"versionEndExcluding": "10.0.17",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E79A8E-E12C-498F-AF4F-1AAA7135661E",
"versionEndExcluding": "11.0.17",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F138D800-9A3B-4C76-8A3C-4793083A1517",
"versionEndExcluding": "12.0.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6341DDDA-AD27-4087-9D59-0A212F0037B4",
"versionEndExcluding": "2.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328120E4-C031-44B4-9BE5-03B0CDAA066F",
"versionEndExcluding": "1.20.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A",
"versionEndExcluding": "1.21.3",
"versionStartIncluding": "1.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*",
"matchCriteriaId": "D7D2F801-6F65-4705-BCB9-D057EA54A707",
"versionEndExcluding": "0.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*",
"matchCriteriaId": "801F25DA-F38C-4452-8E90-235A3B1A5FF0",
"versionEndExcluding": "0.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7522C760-7E07-406F-BF50-5656D5723C4F",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "783E62F2-F867-48F1-B123-D1227C970674",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6603ED6A-3366-4572-AFCD-B3D4B1EC7606",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88978E38-81D3-4EFE-8525-A300B101FA69",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0510296F-92D7-4388-AE3A-0D9799C2FC4D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7698D6C-B1F7-43C1-BBA6-88E956356B3D",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05E452AA-A520-4CBE-8767-147772B69194",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "596FC5D5-7329-4E39-841E-CAE937C02219",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C7A168-F370-441E-8790-73014BCEC39F",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF16FD01-7704-40AB-ACB2-80A883804D22",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1769D69A-CB59-46B1-89B3-FB97DC6DEB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9167FEC1-2C37-4946-9657-B4E69301FB24",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4B3442-E0C0-48CD-87AD-060E15C9801E",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20662BB0-4C3D-4CF0-B068-3555C65DD06C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59203EBF-C52A-45A1-B8DF-00E17E3EFB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F39403-C259-4D6F-9E9A-53671017EEDB",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220F2D38-FA82-45EF-B957-7678C9FEDBC1",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C698C1C-A3DD-46E2-B05A-12F2604E7F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "922AA845-530A-4B4B-9976-4CBC30C8A324",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F938EB43-8373-47EB-B269-C6DF058A9244",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1771493E-ACAA-477F-8AB4-25DB12F6AD6E",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87670A74-34FE-45DF-A725-25B804C845B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E422F6-C4C2-43AC-B137-0997B5739030",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3F710F-DBCB-4976-9719-CF063DA22377",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67DB21AE-DF53-442D-B492-C4ED9A20B105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9FCBCB-9CE0-49E7-85C8-69E71D211912",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "112DFA85-90AD-478D-BD70-8C7C0C074F1B",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D51D9F-2840-4DEA-A007-D20111A1745C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC1D037-74D2-4F92-89AD-C90F6CBF440B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBCE2D1-9D93-415D-AB2C-2060307C305A",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8070B469-8CC4-4D2F-97D7-12D0ABB963C1",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A326597E-725D-45DE-BEF7-2ED92137B253",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B235A78-649B-46C5-B24B-AB485A884654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B25AAB-A98C-4F89-9131-29E3A8C0ED23",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98D2CE1E-DED0-470A-AA78-C78EF769C38E",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC36311E-BB00-4750-85C8-51F5A2604F07",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D357E-4B40-42EC-9AAA-2B6CEF78C401",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBD10E8-6054-408F-9687-B9BF6375CA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6018B01-048C-43BB-A78D-66910ED60CA9",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83794B04-87E2-4CA9-81F5-BB820D0F5395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EC2237-117F-43BD-ADEC-516CF72E04EF",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29563719-1AF2-4BB8-8CCA-A0869F87795D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24815DD-579A-46D1-B9F2-3BB2C56BC54D",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6E7035-3299-474F-8F67-945EA9A059D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0360F76D-E75E-4B05-A294-B47012323ED9",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4607BF-41AC-4E84-A110-74E085FF0445",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "441CC945-7CA3-49C0-AE10-94725301E31D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "969C4F14-F6D6-46D6-B348-FC1463877680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41AD5040-1250-45F5-AB63-63F333D49BCC",
"versionEndIncluding": "1.8.2",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8257AA59-C14D-4EC1-B22C-DFBB92CBC297",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF5007E-761C-4697-8D34-C064DF0ABE8D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "910441D3-90EF-4375-B007-D51120A60AB2",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "667EB77B-DA13-4BA4-9371-EE3F3A109F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F9699-A485-4614-8F38-5A556D31617E",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90F547-97A2-41EC-9FDF-25F869F0FA38",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E76E1B82-F1DC-4366-B388-DBDF16C586A0",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "660137F4-15A1-42D1-BBAC-99A1D5BB398B",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C446827A-1F71-4FAD-9422-580642D26AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D47B7691-A95B-45C0-BAB4-27E047F3C379",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD1637D-0E42-4928-867A-BA0FDB6E8462",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A599F90-F66B-4DF0-AD7D-D234F328BD59",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1B2000-C3FE-4B4C-885A-A5076EB164E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB23AE6-245E-43D6-B832-933F8259F937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1188B4A9-2684-413C-83D1-E91C75AE0FCF",
"versionEndIncluding": "1.25.2",
"versionStartIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3337609D-5291-4A52-BC6A-6A8D4E60EB20",
"versionEndIncluding": "2.4.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF0ABD9-EB28-4966-8C31-EED7AFBF1527",
"versionEndIncluding": "3.3.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F291CB34-47A4-425A-A200-087CC295AEC8",
"versionEndExcluding": "r29",
"versionStartIncluding": "r25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*",
"matchCriteriaId": "5892B558-EC3A-43FF-A1D5-B2D9F70796F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
"matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B",
"versionEndIncluding": "8.5.93",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34",
"versionEndIncluding": "9.0.80",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0765CC3D-AB1A-4147-8900-EF4C105321F2",
"versionEndIncluding": "10.1.13",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*",
"matchCriteriaId": "08190072-3880-4EF5-B642-BA053090D95B",
"versionEndExcluding": "1.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
"matchCriteriaId": "5F4CDEA9-CB47-4881-B096-DA896E2364F3",
"versionEndExcluding": "1.56.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*",
"matchCriteriaId": "E65AF7BC-7DAE-408A-8485-FBED22815F75",
"versionEndIncluding": "1.59.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
"matchCriteriaId": "DD868DDF-C889-4F36-B5E6-68B6D9EA48CC",
"versionEndExcluding": "1.58.3",
"versionStartIncluding": "1.58.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*",
"matchCriteriaId": "FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4496821E-BD55-4F31-AD9C-A3D66CBBD6BD",
"versionEndExcluding": "6.0.23",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF7ECF6-178D-433C-AA21-BAE9EF248F37",
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3418F4-B8BF-4666-BB39-C188AB01F45C",
"versionEndExcluding": "6.0.23",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA",
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314",
"versionEndExcluding": "2023-10-08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8F269-E07E-402F-BFD5-60F3988A5EAF",
"versionEndExcluding": "17.2.20",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8",
"versionEndExcluding": "17.4.12",
"versionStartIncluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5834D4-F52F-41C0-AA11-C974FFEEA063",
"versionEndExcluding": "17.6.8",
"versionStartIncluding": "17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2166106F-ACD6-4C7B-B0CC-977B83CC5F73",
"versionEndExcluding": "17.7.5",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4CD49C41-6D90-47D3-AB4F-4A74169D3A8F",
"versionEndExcluding": "10.0.14393.6351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1",
"versionEndExcluding": "10.0.14393.6351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3",
"versionEndExcluding": "10.0.17763.4974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F9A643-90C6-489C-98A0-D2739CE72F86",
"versionEndExcluding": "10.0.19044.3570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC",
"versionEndExcluding": "10.0.19045.3570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63",
"versionEndExcluding": "10.0.22000.2538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B",
"versionEndExcluding": "10.0.22621.2428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "C61F0294-5C7E-4DB2-8905-B85D0782F35F",
"versionEndExcluding": "18.18.2",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69843DE4-4721-4F0A-A9B7-0F6DF5AAA388",
"versionEndExcluding": "20.8.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25279EF-C406-4133-99ED-0492703E0A4E",
"versionEndExcluding": "2023-10-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5",
"versionEndExcluding": "2023-10-10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C",
"versionEndExcluding": "2023.10.16.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEB508E-0EBD-4450-9074-983DDF568AB4",
"versionEndExcluding": "3.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A1A748-6C71-4191-8A16-A93E94E2CDE4",
"versionEndExcluding": "8.1.9",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A",
"versionEndExcluding": "9.2.3",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F70360D-6214-46BA-AF82-6AB01E13E4E9",
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DA759E-1AF8-49D3-A3FC-1B426C13CA82",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF",
"versionEndExcluding": "1.17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C8E760-C8D2-483A-BBD4-6A6D292A3874",
"versionEndExcluding": "1.18.3",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7",
"versionEndExcluding": "1.19.1",
"versionStartIncluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
"matchCriteriaId": "050AE218-3871-44D6-94DA-12D84C2093CB",
"versionEndExcluding": "2023-10-10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B36BFFB0-C0EC-4926-A1DB-0B711C846A68",
"versionEndExcluding": "2.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "376EAF9B-E994-4268-9704-0A45EA30270F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F3D08335-C291-4623-B80C-3B14C4D1FA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*",
"matchCriteriaId": "FC4C66B1-42C0-495D-AE63-2889DE0BED84",
"versionEndExcluding": "2023-10-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "8633E263-F066-4DD8-A734-90207207A873",
"versionEndIncluding": "2.12.5",
"versionStartIncluding": "2.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "34A23BD9-A0F4-4D85-8011-EAC93C29B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "27ED3533-A795-422F-B923-68BE071DC00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "45F7E352-3208-4188-A5B1-906E00DF9896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "DF89A8AD-66FE-439A-B732-CAAB304D765B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A400C637-AF18-4BEE-B57C-145261B65DEC",
"versionEndExcluding": "1.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653A5B08-0D02-4362-A8B1-D00B24C6C6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FD736A-8730-446A-BA3A-7B608DB62B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C504B6-3902-46E2-82B7-48AEC9CDD48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D54F5AE-61EC-4434-9D5F-9394A3979894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E37E1B3-6F68-4502-85D6-68333643BDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5A7736-A403-4617-8790-18E46CB74DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33F13B03-69BF-4A8B-A0A0-7F47FD857461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9393119E-F018-463F-9548-60436F104195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC45EE1E-2365-42D4-9D55-92FA24E5ED3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E567CD9F-5A43-4D25-B911-B5D0440698F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68146098-58F8-417E-B165-5182527117C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4D6790-63E5-4043-B8BE-B489D649061D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78698F40-0777-4990-822D-02E1B5D0E2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF03BDE8-602D-4DEE-BA5B-5B20FDF47741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*",
"matchCriteriaId": "A58966CB-36AF-4E64-AB39-BE3A0753E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*",
"matchCriteriaId": "585BC540-073B-425B-B664-5EA4C00AFED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF93A27E-AA2B-4C2E-9B8D-FE7267847326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B12A3A8-6456-481A-A0C9-524543FCC149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2E7E3C-A507-4AB2-97E5-4944D8775CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E22EBF9-AA0D-4712-9D69-DD97679CE835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*",
"matchCriteriaId": "941B114C-FBD7-42FF-B1D8-4EA30E99102C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "339CFB34-A795-49F9-BF6D-A00F3A1A4F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D044DBE-6F5A-4C53-828E-7B1A570CACFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*",
"matchCriteriaId": "65203CA1-5225-4E55-A187-6454C091F532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF8EFFB-5686-4F28-A68F-1A8854E098CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA9B2E2-958B-478D-87D6-E5CDDCD44315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF390236-3259-4C8F-891C-62ACC4386CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AAA300-691A-4957-8B69-F6888CC971B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45937289-2D64-47CB-A750-5B4F0D4664A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B129311C-EB4B-4041-B85C-44D5E53FCAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AB54DB-3FB4-41CB-88ED-1400FD22AB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77675CB7-67D7-44E9-B7FF-D224B3341AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C877879-B84B-471C-80CF-0656521CA8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E315FC5C-FF19-43C9-A58A-CF2A5FF13824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F564701-EDC1-43CF-BB9F-287D6992C6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0CF2B-D1E1-4E20-846E-6F0D873499A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8885C2C-7FB8-40CA-BCB9-B48C50BF2499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A903C3AD-2D25-45B5-BF4A-A5BEB2286627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5EBD2A-32A3-46D5-B155-B44DCB7F6902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2792650-851F-4820-B003-06A4BEA092D7",
"versionEndExcluding": "10.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9F6B63B9-F4C9-4A3F-9310-E0918E1070D1",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E6FF5F80-A991-43D4-B49F-D843E2BC5798",
"versionEndIncluding": "2.414.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"matchCriteriaId": "54D25DA9-12D0-4F14-83E6-C69D0293AAB9",
"versionEndIncluding": "2.427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AFFB9-C717-4727-B0C9-5A0C281710E2",
"versionEndExcluding": "9.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25C85001-E0AB-4B01-8EE7-1D9C77CD956E",
"versionEndExcluding": "1.21.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F98F9D27-6659-413F-8F29-4FDB0882AAC5",
"versionEndExcluding": "11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C98BF315-C563-47C2-BAD1-63347A3D1008",
"versionEndExcluding": "4.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "705CBA49-21C9-4400-B7B9-71CDF9F97D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2BE0F1-DD16-4876-8EBA-F187BD38B159",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "796B6C58-2140-4105-A2A1-69865A194A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA99DC6-EA03-469F-A8BE-7F96FDF0B333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6560DBF4-AFE6-4672-95DE-74A0B8F4170A",
"versionEndExcluding": "x14.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84785919-796D-41E5-B652-6B5765C81D4A",
"versionEndExcluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E",
"versionEndExcluding": "4.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD",
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE2F959-1084-48D1-B1F1-8182FC9862DD",
"versionEndExcluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F",
"versionEndExcluding": "3.10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB6B48E-EA36-40A0-96D0-AF909BEC1147",
"versionEndExcluding": "11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBED844-7F94-498C-836D-8593381A9657",
"versionEndExcluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510",
"versionEndExcluding": "2.19.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358FA1DC-63D3-49F6-AC07-9E277DD0D9DA",
"versionEndExcluding": "x14.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF2D182-7599-4B81-B56B-F44EDA1384C0",
"versionEndExcluding": "2024.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4868BCCA-24DE-4F24-A8AF-B3A545C0396E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A",
"versionEndExcluding": "2024.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC75F99-C7F0-47EB-9032-C9D3A42EBA20",
"versionEndExcluding": "2024.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6638F4E-16F7-447D-B755-52640BCB1C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC34F742-530E-4AB4-8AFC-D1E088E256B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E22AD683-345B-4E16-BB9E-E9B1783E09AD",
"versionEndExcluding": "12.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2955BEE9-F567-4006-B96D-92E10FF84DB4",
"versionEndExcluding": "1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67502878-DB20-4410-ABA0-A1C5705064CD",
"versionEndExcluding": "17.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177DED2D-8089-4494-BDD9-7F84FC06CD5B",
"versionEndExcluding": "7.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54A29FD3-4128-4333-8445-A7DD04A6ECF6",
"versionEndExcluding": "15.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67074526-9933-46B3-9FE3-A0BE73C5E8A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9",
"versionEndExcluding": "10.2\\(7\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88",
"versionEndExcluding": "10.3\\(5\\)",
"versionStartIncluding": "10.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528ED62B-D739-4E06-AC64-B506FD73BBAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09AC2BAD-F536-48D0-A2F0-D4E290519EB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4E8EE4-031D-47D3-A12E-EE5F792172EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FF2EC4-0C09-4C00-9956-A2A4A894F63D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D14D4B4E-120E-4607-A4F1-447C7BF3052E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15702ACB-29F3-412D-8805-E107E0729E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29B34855-D8D2-4114-80D2-A4D159C62458",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DBBFE9-835C-4411-8492-6006E74BAC65",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C97C29EE-9426-4BBE-8D84-AB5FF748703D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E142C18F-9FB5-4D96-866A-141D7D16CAF7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7817F4E6-B2DA-4F06-95A4-AF329F594C02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CED628B5-97A8-4B26-AA40-BEC854982157",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFC116A-627F-4E05-B631-651D161217C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4532F513-0543-4960-9877-01F23CA7BA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B43502B-FD53-465A-B60F-6A359C6ACD99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A532C0-B0E3-484A-B356-88970E7D0248",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C84D24C-2256-42AF-898A-221EBE9FE1E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D008CA1C-6F5A-40EA-BB12-A9D84D5AF700",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43913A0E-50D5-47DD-94D8-DD3391633619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA52D5C1-13D8-4D23-B022-954CCEF491F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E505C0B1-2119-4C6A-BF96-C282C633D169",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "915EF8F6-6039-4DD0-B875-30D911752B74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97217080-455C-48E4-8CE1-6D5B9485864F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9",
"versionEndExcluding": "10.2\\(7\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88",
"versionEndExcluding": "10.3\\(5\\)",
"versionStartIncluding": "10.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "532CE4B0-A3C9-4613-AAAF-727817D06FB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24CA1A59-2681-4507-AC74-53BD481099B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB9FDE8-8533-4F65-BF32-4066D042B2F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80AB6FB-32FD-43D7-A9F1-80FA47696210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA5389A-8AD1-476E-983A-54DF573C30F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B2E4C1-2627-4B9D-8E92-4B483F647651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B1A8F1-45B1-4E64-A254-7191FA93CB6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83DA8BFA-D7A2-476C-A6F5-CAE610033BC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "557ED31C-C26A-4FAE-8B14-D06B49F7F08B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11411BFD-3F4D-4309-AB35-A3629A360FB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2FFD26-8255-4351-8594-29D2AEFC06EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E663DE91-C86D-48DC-B771-FA72A8DF7A7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E10975-B47E-4F4D-8096-AEC7B7733612",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40E40F42-632A-47DF-BE33-DC25B826310B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C64136-89C2-443C-AF7B-BED81D3DE25A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEF7F26-BB47-44BD-872E-130820557C23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "182000E0-8204-4D8B-B7DE-B191AFE12E28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC208BC-7E19-48C6-A20E-A79A51B7362C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "102F91CD-DFB6-43D4-AE5B-DA157A696230",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "084D0191-563B-4FF0-B589-F35DA118E1C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DB6FC5-762A-4F16-AE8C-69330EFCF640",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5394DE31-3863-4CA9-B7B1-E5227183100D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "968390BC-B430-4903-B614-13104BFAE635",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4BB834-2C00-4384-A78E-AF3BCDDC58AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE49B45-F2E9-491D-9C29-1B46E9CE14E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFAD21E-59EE-4CCE-8F1E-621D2EA50905",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02C3CE6D-BD54-48B1-A188-8E53DA001424",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498991F7-39D6-428C-8C7D-DD8DC72A0346",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B90D36-5124-4669-8462-4EAF35B0F53D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C45A38D6-BED6-4FEF-AD87-A1E813695DE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1127D2-12C0-454F-91EF-5EE334070D06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6EB963-E0F2-4A02-8765-AB2064BE19E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAAF99B-5406-4722-81FB-A91CBAC2DF41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73DC1E93-561E-490C-AE0E-B02BAB9A7C8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF467E2-4567-426E-8F48-39669E0F514C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68EA1FEF-B6B6-49FE-A0A4-5387F76303F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D6DB7F-C025-4971-9615-73393ED61078",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B53BCB42-ED61-4FCF-8068-CB467631C63C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "737C724A-B6CD-4FF7-96E0-EBBF645D660E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7067AEC7-DFC8-4437-9338-C5165D9A8F36",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489D11EC-5A18-4F32-BC7C-AC1FCEC27222",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D4CF15-B293-4403-A1A9-96AD3933BAEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCC1515-2DBE-4DF2-8E83-29A869170F36",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7282AAFF-ED18-4992-AC12-D953C35EC328",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "360409CC-4172-4878-A76B-EA1C1F8C7A79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D5D5E2-B40B-475D-9EF3-8441016E37E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BE0266-1C00-4D6A-AD96-7F82532ABAA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73F59A4B-AE92-4533-8EDC-D1DD850309FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492A2C86-DD38-466B-9965-77629A73814F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB7AA46-4018-4925-963E-719E1037F759",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31B9D1E4-10B9-4B6F-B848-D93ABF6486D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB270C45-756E-400A-979F-D07D750C881A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A085C-2DBA-4269-AB01-B16019FBB4DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A79DD582-AF68-44F1-B640-766B46EF2BE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04484DA-AA59-4833-916E-6A8C96D34F0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D07B5399-44C7-468D-9D57-BB5B5E26CE50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B76FB64F-16F0-4B0B-B304-B46258D434BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E128053-834B-4DD5-A517-D14B4FC2B56F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "163743A1-09E7-4EC5-8ECA-79E4B9CE173B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE340E4C-DC48-4FC8-921B-EE304DB5AE0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C367BBE0-D71F-4CB5-B50E-72B033E73FE1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85E1D224-4751-4233-A127-A041068C804A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31B075-01B1-429E-83F4-B999356A0EB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3284D16F-3275-4F8D-8AE4-D413DE19C4FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
},
{
"lang": "es",
"value": "El protocolo HTTP/2 permite una denegaci\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\u00f3n de solicitudes puede restablecer muchas transmisiones r\u00e1pidamente, como se explot\u00f3 en la naturaleza entre agosto y octubre de 2023."
}
],
"id": "CVE-2023-44487",
"lastModified": "2024-12-20T17:40:52.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-10T14:15:10.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Press/Media Coverage"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-12-06 11:15
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 2.0 | |
| redhat | satellite | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en Ansible al extraer archivos comprimidos. Un atacante podr\u00eda crear un tarball malicioso para que, al utilizar el importador galaxy de Ansible Automation Hub, se pueda colocar un enlace simb\u00f3lico en el disco, lo que provocar\u00eda la sobrescritura de los archivos."
}
],
"id": "CVE-2023-5189",
"lastModified": "2024-12-06T11:15:07.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:12.290",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 14:15
Modified
2024-12-06 11:15
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Summary
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 1.2 | |
| redhat | ansible_automation_platform | 2.3 | |
| redhat | ansible_automation_platform | 2.4 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | ansible_inside | 1.1 | |
| redhat | ansible_inside | 1.2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | ansible_developer | 1.0 | |
| redhat | ansible_developer | 1.1 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA4F8F3-6FC3-4ADD-BB96-A707E94AB0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B520E9D8-A080-4927-B279-F1C57D993795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_inside:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4488C799-B9F7-40BC-B302-ED34149DBE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_developer:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7F51B9-6E83-46BC-9E4B-7DD6C748435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path."
},
{
"lang": "es",
"value": "Existe un ataque de path traversal absoluto en la plataforma de automatizaci\u00f3n Ansible. Esta falla permite a un atacante crear un rol de Ansible malicioso y hacer que la v\u00edctima ejecute el rol. Se puede utilizar un enlace simb\u00f3lico para sobrescribir un archivo fuera de la ruta de extracci\u00f3n."
}
],
"id": "CVE-2023-5115",
"lastModified": "2024-12-06T11:15:07.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T14:15:10.500",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5701"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5758"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5115"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-36"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-29 16:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1925002 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://github.com/ansible/ansible/pull/73487 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2021/dsa-4950 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1925002 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ansible/ansible/pull/73487 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4950 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_engine | 2.9.18 | |
| redhat | ansible_automation_platform | 1.2 | |
| redhat | ansible_engine | 2.0 | |
| redhat | ansible_engine | 2.9 | |
| redhat | ansible_tower | 3.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:2.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0966CDD1-4D3E-4994-A75D-B81E3DB957AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA4F8F3-6FC3-4ADD-BB96-A707E94AB0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8989CD03-49A1-4831-BF98-9F21592788BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "031BA68C-C515-4F22-BB63-751767E1123E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_tower:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B31C575C-06D2-4CAF-A5B7-B9469B3ED55F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en Ansible Engine versi\u00f3n 2.9.18, donde la informaci\u00f3n confidencial no est\u00e1 enmascarada por defecto y no est\u00e1 protegida por la funcionalidad no_log cuando se usa la funcionalidad sub-option del m\u00f3dulo basic.py.\u0026#xa0;Este fallo permite a un atacante obtener informaci\u00f3n confidencial.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad"
}
],
"id": "CVE-2021-20228",
"lastModified": "2024-11-21T05:46:10.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-29T16:15:09.737",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ansible/ansible/pull/73487"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ansible/ansible/pull/73487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4950"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-18 20:15
Modified
2024-11-21 07:01
Severity ?
Summary
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2108653 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2108653 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 2.1 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | ansible_automation_platform | 2.2 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | ansible_automation_platform | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E776BFA8-3F0B-46F3-9FC0-EA9D6EC5CC84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BBED0AAB-1971-4C72-9A76-6114E4F6235B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with \u0027change user\u0027 permissions to modify the account settings of the superuser account and also remove the superuser privileges."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de escalada de privilegios en Ansible Automation Platform. Este fallo permite a un usuario remoto autenticado con permisos de tipo \"change user\" modificar la configuraci\u00f3n de la cuenta de superusuario y tambi\u00e9n eliminar los privilegios de superusuario."
}
],
"id": "CVE-2022-2568",
"lastModified": "2024-11-21T07:01:15.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-18T20:15:11.357",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108653"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-04 15:15
Modified
2024-11-21 08:18
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2023:4340 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2023:4590 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-3971 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2226965 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2023:4340 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2023:4590 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-3971 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2226965 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_controller | * | |
| redhat | ansible_automation_controller | 4.4 | |
| redhat | ansible_automation_platform | 2.3 | |
| redhat | ansible_automation_platform | 2.4 | |
| redhat | ansible_developer | 1.0 | |
| redhat | ansible_inside | 1.1 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2483395B-1703-4BA1-8B89-539A48F4E696",
"versionEndExcluding": "4.3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_controller:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "990696A6-25A7-4E38-B39F-7E23AA7C44F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B520E9D8-A080-4927-B279-F1C57D993795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_developer:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7F51B9-6E83-46BC-9E4B-7DD6C748435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_inside:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4488C799-B9F7-40BC-B302-ED34149DBE15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla de inyecci\u00f3n de HTML en Controller en la configuraci\u00f3n de la interfaz de usuario. Esta falla permite a un atacante capturar credenciales creando una p\u00e1gina de inicio de sesi\u00f3n personalizada mediante la inyecci\u00f3n de HTML, lo que resulta en un compromiso total."
}
],
"id": "CVE-2023-3971",
"lastModified": "2024-11-21T08:18:25.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-04T15:15:12.430",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4340"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4590"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3971"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:4590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 21:15
Modified
2024-11-21 08:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-50782 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-50782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.couchbase.com/alerts/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 2.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | update_infrastructure | 4 | |
| cryptography.io | cryptography | * | |
| couchbase | couchbase_server | 7.6.0 | |
| couchbase | couchbase_server | 7.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:update_infrastructure:4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D92E10-0E79-479F-A963-5657D1BC4E03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*",
"matchCriteriaId": "A7B7EA1D-8C2A-4C40-B9FC-E83F4E87C62B",
"versionEndExcluding": "42.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE39595E-F4B2-4CEC-A405-809B75E71E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B84B0C96-07C4-44ED-A291-94CEAAF6FFB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposici\u00f3n de datos confidenciales o sensibles."
}
],
"id": "CVE-2023-50782",
"lastModified": "2024-11-21T08:37:18.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T21:15:11.183",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50782"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.couchbase.com/alerts/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-208"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-22 12:15
Modified
2024-11-21 06:21
Severity ?
Summary
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | ansible_automation_platform | 1.2 | |
| redhat | ansible_engine | * | |
| redhat | ansible_tower | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA4F8F3-6FC3-4ADD-BB96-A707E94AB0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C82C3E99-50BE-4FD7-B4A0-E9083DDA2181",
"versionEndExcluding": "2.9.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6709FB79-8862-4A25-93D2-B08093D4FC7C",
"versionEndExcluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible, where a user\u0027s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Ansible, donde el controlador de un usuario es vulnerable a la inyecci\u00f3n de plantillas. Este problema puede ocurrir mediante hechos usados en la plantilla si el usuario est\u00e1 tratando de poner plantillas en cadenas YAML de varias l\u00edneas y los hechos que se manejan no incluyen rutinariamente caracteres especiales de la plantilla. Este defecto permite a atacantes llevar a cabo una inyecci\u00f3n de comandos, lo que divulga informaci\u00f3n confidencial. La mayor amenaza de esta vulnerabilidad es para la confidencialidad y la integridad"
}
],
"id": "CVE-2021-3583",
"lastModified": "2024-11-21T06:21:54.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-22T12:15:07.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}