Vulnerabilites related to redhat - openshift
Vulnerability from fkie_nvd
Published
2016-07-03 21:59
Modified
2024-11-21 02:47
Severity ?
Summary
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
References
cve@mitre.orghttp://openvswitch.org/pipermail/announce/2016-March/000082.htmlVendor Advisory
cve@mitre.orghttp://openvswitch.org/pipermail/announce/2016-March/000083.htmlPatch
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0523.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0524.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0537.html
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3533
cve@mitre.orghttp://www.securityfocus.com/bid/85700
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2016:0615
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1318553
cve@mitre.orghttps://security-tracker.debian.org/tracker/CVE-2016-2074
cve@mitre.orghttps://security.gentoo.org/glsa/201701-07
cve@mitre.orghttps://support.citrix.com/article/CTX232655
af854a3a-2127-422b-91ae-364da2661108http://openvswitch.org/pipermail/announce/2016-March/000082.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://openvswitch.org/pipermail/announce/2016-March/000083.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0523.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0524.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0537.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3533
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/85700
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:0615
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1318553
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/CVE-2016-2074
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-07
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX232655
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openvswitch:openvswitch:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A796838-9780-419B-9EAD-2360626C4695",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openvswitch:openvswitch:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B37942A8-CBC2-4750-9299-E39076F1D6F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openvswitch:openvswitch:2.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "30BB36D5-5E72-40BC-8C38-1804F48E0D30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openvswitch:openvswitch:2.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D03F8D4-40DA-4B83-8C5A-571DF817081D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openvswitch:openvswitch:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "166C64EF-1F33-4257-AA88-83B37C128B9D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.",
      },
      {
         lang: "es",
         value: "Desbordamiento de buffer en lib/flow.c en ovs-vswitchd en Open vSwitch 2.2.x y 2.3.x en versiones anteriores a 2.3.3 y 2.4.x en versiones anteriores a 2.4.1 permite a atacantes remotos ejecutar código arbitrario a través de paquetes MPLS manipulados, según lo demostrado por una cadena larga en un comando ovs-appctl.",
      },
   ],
   id: "CVE-2016-2074",
   lastModified: "2024-11-21T02:47:45.333",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-07-03T21:59:10.837",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2016/dsa-3533",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/85700",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2016:0615",
      },
      {
         source: "cve@mitre.org",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
      },
      {
         source: "cve@mitre.org",
         url: "https://security-tracker.debian.org/tracker/CVE-2016-2074",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/201701-07",
      },
      {
         source: "cve@mitre.org",
         url: "https://support.citrix.com/article/CTX232655",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2016/dsa-3533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/85700",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0615",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security-tracker.debian.org/tracker/CVE-2016-2074",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201701-07",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.citrix.com/article/CTX232655",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-10-01 17:55
Modified
2024-11-21 01:38
Severity ?
Summary
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "129BE399-B405-4DF1-987B-6DA24172FC19",
                     versionEndIncluding: "1.8.22",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D6A915B-43FF-4FFA-98FA-968403825D43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "767790C2-2C72-45C0-A4EF-F21EAAAD1698",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBAB2571-F73A-4843-A494-1D10A214862D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "57847827-F148-42C9-9180-3D5482249CB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "323AC584-E261-445D-9C84-DA34DFDE2D39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A563E3D-2D87-4712-8C90-067ABB9D6810",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B540D22-0BDC-4727-B11E-9667F6E188BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "741E979F-6AD5-4C15-8541-5D5F659E5ED3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C93DD3-19B4-431D-A7BD-E86F90F91745",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA2C407B-2C0F-4C46-9F5B-6C63CC887941",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "7865522C-C5D0-4D4B-B090-7B756B36DF4F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "95AE74A8-4A90-4372-8B88-81FF7E6E578B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F6BED14-99EA-4F87-95BB-078D2CEED349",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EC8340E-D33E-4DB6-A08B-E56EA035C133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "41E7E929-1144-438A-A55D-0B5CE6886C0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3EB522C-6EA5-4CF5-B610-CB9414DD4815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF3220D1-DEFF-46A6-95B3-A40838D4E294",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8DA4D9E-B822-4254-856C-3176A948D718",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.2.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "09EC6448-BC55-49B3-A224-B650764B3A1A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.",
      },
      {
         lang: "es",
         value: "RubyGems anteriores a 1.8.23 no verifican un certificado SSL, lo cual permite a atacantes remotos modificar una gema durante la instalación a través de un ataque man-in-the-middle.",
      },
   ],
   id: "CVE-2012-2126",
   lastModified: "2024-11-21T01:38:33.090",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-10-01T17:55:03.367",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/55381",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1582-1/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/55381",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1582-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-04-24 18:29
Modified
2024-11-21 03:59
Summary
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "516F4E8E-ED2F-4282-9DAB-D8B378F61258",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "559A4609-EC7E-40CD-9165-5DA68CBCEE9B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
                     matchCriteriaId: "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E9AF77C-5D49-4842-9817-AD710A919073",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "03EB0F63-DB24-4240-BC44-C92BAE7EAF42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF786B57-02C3-48B7-B902-318356B3A3B6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "723DDE45-6CD8-4486-B742-FCFA0EA88873",
                     versionEndExcluding: "18.02.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.",
      },
      {
         lang: "es",
         value: "La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direcciones virtuales del host. Esto podría conducir a que un invitado malicioso exponga la memoria del proceso del backend del usuario vhost. Todas las versiones anteriores a la 18.02.1 son vulnerables.",
      },
   ],
   id: "CVE-2018-1059",
   lastModified: "2024-11-21T03:59:05.420",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.6,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-04-24T18:29:00.233",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1267",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2018:2038",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2018:2102",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2018:2524",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2018-1059",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3642-1/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3642-2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1267",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2018:2038",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2018:2102",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2018:2524",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2018-1059",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3642-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3642-2/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-12-09 18:15
Modified
2024-11-21 07:19
Summary
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.
Impacted products
Vendor Product Version
redhat openshift 4.9



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "0189F456-4CE5-4E94-83F9-9EC636C72F18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.",
      },
      {
         lang: "es",
         value: "Openshift 4.9 no utiliza HTTP Strict Transport Security (HSTS), que puede permitir ataques de intermediario (MITM).",
      },
   ],
   id: "CVE-2022-3259",
   lastModified: "2024-11-21T07:19:09.773",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-12-09T18:15:19.617",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103220",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103220",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-665",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-12-22 17:15
Modified
2024-11-21 06:18
Summary
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE236FAA-CBC7-49D6-934B-55CA67F0AE95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F15C8979-996E-44AE-BDF9-98BA5F1B3C41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "96168F0A-20FD-4F59-A4AC-0430276583AD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.",
      },
      {
         lang: "es",
         value: "IBM Cloud Pak for Security (CP4S) versiones 1.7.2.0, 1.7.1.0 y 1.7.0.0, podría permitir que un usuario autenticado obtuviera información confidencial en las respuestas HTTP que podría ser usada en otros ataques contra el sistema. IBM X-Force ID: 213651",
      },
   ],
   id: "CVE-2021-39013",
   lastModified: "2024-11-21T06:18:24.683",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-12-22T17:15:09.063",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6529200",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6529200",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-22 22:15
Modified
2024-11-21 08:19
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC8BCB15-DD67-4718-9F68-ED2FA305AFEF",
                     versionEndIncluding: "21.0.7.1",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "70BC850D-2B60-48ED-9500-A445A18B905B",
                     versionEndIncluding: "21.0.7.1",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled.  IBM X-Force ID:  263470.\n\n",
      },
   ],
   id: "CVE-2023-40370",
   lastModified: "2024-11-21T08:19:18.877",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-22T22:15:08.700",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263470",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7028218",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263470",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7028218",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-05-17 14:08
Modified
2024-11-21 02:50
Summary
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.
Impacted products
Vendor Product Version
redhat openshift 3.1
redhat openshift 3.2
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C",
                     versionEndIncluding: "1.649",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508",
                     versionEndIncluding: "1.651.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso avanzado a lectura obtener información sensible de contraseña leyendo la configuración de trabajo.",
      },
   ],
   id: "CVE-2016-3724",
   lastModified: "2024-11-21T02:50:34.803",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-05-17T14:08:08.843",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-02-06 21:15
Modified
2024-11-21 07:24
Summary
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "88D39D31-4C45-4BEC-96AA-2A95B866C6C1",
                     versionEndIncluding: "11.0.0.19",
                     versionStartIncluding: "11.0.0.17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise:12.0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3718A35D-12A7-4E89-8064-80E649966613",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise:12.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBA5E7D8-685A-4A33-A6B0-10EA8F8E0775",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4BF8AF2-0047-4E43-AEDF-0D4D54446876",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "37215CD7-7390-4BCD-AA3A-E1B233875147",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B9B1A13B-7F98-44A6-9933-A0052E93D7F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9816F05C-8D57-48AD-9E64-907CDB24D612",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C7B481C-86B1-44B0-AB68-48C1739B0DB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACA125F0-42C5-40E2-A63D-FDE0444A7D32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\n\n",
      },
   ],
   id: "CVE-2022-42439",
   lastModified: "2024-11-21T07:24:58.383",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-02-06T21:15:09.200",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6952435",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6952435",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-07-31 20:29
Modified
2024-11-21 02:59
Summary
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
Impacted products
Vendor Product Version
redhat openshift 3.0
redhat openshift 3.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "84C890EC-229B-458B-AEF7-EA03C6248A25",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.",
      },
      {
         lang: "es",
         value: "El router OpenShift Enterprise 3 no clasifica correctamente las rutas al procesar rutas añadidas recientemente. Un atacante con acceso para crear rutas puede sobrescribir las rutas existentes y redirigir el tráfico de red de otros usuarios a su propio sitio.",
      },
   ],
   id: "CVE-2016-8631",
   lastModified: "2024-11-21T02:59:43.393",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.7,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.1,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-07-31T20:29:00.370",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/94110",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:2696",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/94110",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:2696",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 2.0
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.",
      },
      {
         lang: "es",
         value: "Los widgets de panel lateral en el comando CLI de la páginas de resumen y ayuda en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permiten a atacantes remotos obtener información sensible a través de una petición directa a las páginas.",
      },
   ],
   id: "CVE-2015-5321",
   lastModified: "2024-11-21T02:32:47.467",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-25T20:59:12.447",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-05 18:15
Modified
2024-11-21 07:27
Summary
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1749AC0-F96C-457C-9F0D-122C638EFE72",
                     versionEndExcluding: "21.0.3.1",
                     versionStartIncluding: "20.12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control.   A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak.  IBM X-Force ID:  239081.",
      },
      {
         lang: "es",
         value: "IBM Robotic Process Automation para Cloud Pak 20.12 a 21.0.3 es vulnerable a un control de acceso roto. Un usuario no es redirigido correctamente a la pantalla de cierre de sesión de la plataforma cuando cierra sesión en IBM RPA para Cloud Pak. ID de IBM X-Force: 239081.",
      },
   ],
   id: "CVE-2022-43844",
   lastModified: "2024-11-21T07:27:16.227",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-05T18:15:08.880",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239081",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6852663",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239081",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6852663",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-613",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-18 19:15
Modified
2024-11-21 07:45
Summary
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "15415B7F-CCF3-4587-906E-F8C4DA4EC873",
                     versionEndExcluding: "21.0.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD7C2384-44EA-43D6-858A-63B83F9C502B",
                     versionEndExcluding: "21.0.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B2CED36-4A9B-4B88-A31F-AF19C6E269F2",
                     versionEndExcluding: "21.0.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "22EB28CE-7C7F-4290-85FE-5E3EBF905CF0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  244075.",
      },
      {
         lang: "es",
         value: "IBM Robotic Process Automation para Cloud Pak 20.12.0 a 21.0.4 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. ID de IBM X-Force: 244075.",
      },
   ],
   id: "CVE-2023-22594",
   lastModified: "2024-11-21T07:45:01.713",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.6,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 2.5,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-18T19:15:12.647",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244075",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6855835",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6855835",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift 2.0
jenkins jenkins *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permiten a atacantes remotos obtener información sensible a través de petición directa a queue/api.",
      },
   ],
   id: "CVE-2015-5324",
   lastModified: "2024-11-21T02:32:47.810",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-25T20:59:15.950",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-07-13 22:29
Modified
2024-11-21 03:42
Summary
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.htmlThird Party Advisory
secalert@redhat.comhttp://www.securitytracker.com/id/1041396Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHBA-2018:3788Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2150Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2151Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2152Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2166Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2321Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2585Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:0054Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2019/09/msg00016.htmlThird Party Advisory
secalert@redhat.comhttps://usn.ubuntu.com/4072-1/Third Party Advisory
secalert@redhat.comhttps://www.debian.org/security/2019/dsa-4396Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041396Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHBA-2018:3788Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2150Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2151Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2152Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2166Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2321Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2585Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0054Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/09/msg00016.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4072-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4396Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8989CD03-49A1-4831-BF98-9F21592788BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5864D753-2A37-4800-A73E-6ACA0662B605",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C5A40D5-4DF7-43D9-962E-1529D2DF198D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "13BACD7C-AC7E-4D86-8D9B-ABB614005D0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D07DF15E-FE6B-4DAF-99BB-2147CF7D7EEA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "516F4E8E-ED2F-4282-9DAB-D8B378F61258",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:gluster_storage:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E58427C-8EBB-4E51-B268-EC1AB34E81A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
                     matchCriteriaId: "704CFA1A-953E-4105-BFBE-406034B83DED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "284A8DA0-317B-4BBE-AECB-7E91BBF0DD3B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C649194-B8C2-49F7-A819-C635EE584ABF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario.",
      },
   ],
   id: "CVE-2018-10875",
   lastModified: "2024-11-21T03:42:11.830",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-07-13T22:29:00.220",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1041396",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHBA-2018:3788",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2150",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2151",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2152",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2166",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2321",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2585",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0054",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4072-1/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4396",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1041396",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHBA-2018:3788",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2150",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2151",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2152",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2166",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2321",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2585",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0054",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4072-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4396",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-426",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-426",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-10-28 21:55
Modified
2024-11-21 01:51
Severity ?
Summary
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1428.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1429.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1430.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1442.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1448.htmlVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/55716
secalert@redhat.comhttp://ubuntu.com/usn/usn-2029-1
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2827
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
secalert@redhat.comhttp://www.securityfocus.com/bid/63174
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2016:0070
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88133
secalert@redhat.comhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
secalert@redhat.comhttps://www.tenable.com/security/research/tra-2016-23
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1428.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1429.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1430.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1442.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1448.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55716
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-2029-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2827
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/63174
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:0070
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
af854a3a-2127-422b-91ae-364da2661108https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/research/tra-2016-23



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6B1CE36-5131-425D-90BD-FC597F27B3E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*",
                     matchCriteriaId: "C9C9C8B4-693E-4777-BC31-5933147DFC54",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3451D2AD-BB7B-4149-97C3-2DB1BCC0EF85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC0F117C-E25C-4B0C-9459-4BB4413440CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "36684290-780F-444A-8534-907C52796F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:ubuntu:ubuntu:10.04:*:lts:*:*:*:*:*",
                     matchCriteriaId: "C0939929-26C2-4BD4-A57A-38CCE953D47B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.",
      },
      {
         lang: "es",
         value: "La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a través de un byte NULL en un nombre de archivo en una instancia serializada.",
      },
   ],
   id: "CVE-2013-2186",
   lastModified: "2024-11-21T01:51:12.450",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-10-28T21:55:05.157",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1428.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1429.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1430.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1442.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1448.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/55716",
      },
      {
         source: "secalert@redhat.com",
         url: "http://ubuntu.com/usn/usn-2029-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2013/dsa-2827",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/63174",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133",
      },
      {
         source: "secalert@redhat.com",
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.tenable.com/security/research/tra-2016-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1428.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1429.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1430.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1442.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1448.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/55716",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://ubuntu.com/usn/usn-2029-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2013/dsa-2827",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/63174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.tenable.com/security/research/tra-2016-23",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 17:59
Modified
2024-11-21 02:47
Summary
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
Impacted products
Vendor Product Version
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 3.2 permite a usuarios remotos autenticados leer archivos de registro de otro espacio de nombre utilizando el mismo nombre que un espacio de nombre que haya sido eliminado cuando se crea un nuevo espacio de nombre.",
      },
   ],
   id: "CVE-2016-2149",
   lastModified: "2024-11-21T02:47:54.580",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T17:59:01.767",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1064",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1064",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-12-08 16:15
Modified
2024-11-21 07:19
Summary
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
References
Impacted products
Vendor Product Version
redhat openshift 4.9



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "0189F456-4CE5-4E94-83F9-9EC636C72F18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.",
      },
      {
         lang: "es",
         value: "El encabezado de respuesta no ha habilitado X-FRAME-OPTIONS, lo que ayuda a prevenir ataques de Clickjacking. Algunos navegadores interpretarían estos resultados incorrectamente, permitiendo ataques de clickjacking.",
      },
   ],
   id: "CVE-2022-3260",
   lastModified: "2024-11-21T07:19:09.900",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.7,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-12-08T16:15:13.237",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106780",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106780",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-1021",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-1021",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-04-11 19:29
Modified
2024-11-21 03:32
Summary
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "84C890EC-229B-458B-AEF7-EA03C6248A25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "E1056A33-690E-4120-821F-52B9705CB84B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0FB4CEB9-3106-41D7-BBAA-FA92D2698FA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "4B196A82-385B-492A-8927-723CB8690CCC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2D9724B7-D99B-4376-B1B5-5CE5F336D767",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "A8F8362B-DA49-439F-ADA1-B5BA443F91F7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.",
      },
      {
         lang: "es",
         value: "Las versiones 3.x de OpenShift Enterprise son vulnerables a Cross-Site Scripting (XSS) persistente mediante el visor de logs para pods. El error se debe a la falta de saneamiento de entradas de usuario, específicamente los caracteres de escape de terminal, y la creación de enlaces sobre los que se puede hacer clic automáticamente al ver los archivos log para un pod.",
      },
   ],
   id: "CVE-2017-7534",
   lastModified: "2024-11-21T03:32:06.147",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-04-11T19:29:00.213",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103754",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1443003",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103754",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1443003",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-24 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Impacted products
Vendor Product Version
redhat openshift 1.0
redhat openshift_origin *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*",
                     matchCriteriaId: "6D63189E-7BFC-438B-A583-1901BBC15CF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F4086F4-8220-4036-B579-047F501BD5FD",
                     versionEndIncluding: "1.0.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de redirección en node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos redirigir usuarios  a sitios Web Arbitrarios y llevar a cabo ataques de phishing mediante una URL en el PATH_INFO.",
      },
   ],
   id: "CVE-2012-5647",
   lastModified: "2024-11-21T01:45:02.437",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2013-02-24T21:55:01.003",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.osvdb.org/89430",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/57189",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=888523",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openshift/origin-server/pull/1017",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/89430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/57189",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=888523",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openshift/origin-server/pull/1017",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-01 19:15
Modified
2024-11-21 01:46
Summary
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
Impacted products
Vendor Product Version
redhat openshift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.",
      },
      {
         lang: "es",
         value: "El archivo cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh en OpenShift, no crea apropiadamente los archivos en /tmp.",
      },
   ],
   id: "CVE-2013-0165",
   lastModified: "2024-11-21T01:46:58.640",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 7.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-01T19:15:10.713",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-02-12 01:15
Modified
2024-11-21 02:01
Severity ?
Summary
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
Impacted products
Vendor Product Version
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F691DFE3-627D-42E2-998F-6C613070F02A",
                     versionEndExcluding: "2.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of \"mooo\" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.",
      },
      {
         lang: "es",
         value: "La configuración predeterminada de broker.conf en Red Hat OpenShift Enterprise versiones 2.x anteriores a 2.1, presenta una contraseña de \"mooo\" para una cuenta Mongo, lo que permite a atacantes remotos secuestrar el broker al proporcionar esta contraseña, relacionada con el script openshift.sh en Openshift Extras versiones anteriores a 20130920. NOTA: esto puede solaparse a CVE-2013-4253 y CVE-2013-4281.",
      },
   ],
   id: "CVE-2014-0234",
   lastModified: "2024-11-21T02:01:43.420",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-12T01:15:10.453",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://openwall.com/lists/oss-security/2014/06/05/19",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/67657",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1097008",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/openshift-extras/blob/master/README.md",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://rhn.redhat.com/errata/RHSA-2014-0487.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://openwall.com/lists/oss-security/2014/06/05/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/67657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1097008",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/openshift-extras/blob/master/README.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://rhn.redhat.com/errata/RHSA-2014-0487.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-1188",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-07-05 13:29
Modified
2024-11-21 03:42
Summary
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.
Impacted products
Vendor Product Version
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2468A2E6-AAB4-4C14-BC48-BCAAB0797639",
                     versionEndExcluding: "3.10.9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.",
      },
      {
         lang: "es",
         value: "En atomic-openshift en versiones anteriores a la 3.10.9 una configuración network-policy maliciosa puede provocar que Openshift Routing se cierre inesperadamente al emplear el plugin ovs-networkpolicy. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en un cluster de Openshift 3.9 o 3.7.",
      },
   ],
   id: "CVE-2018-10885",
   lastModified: "2024-11-21T03:42:13.520",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-07-05T13:29:00.507",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/104688",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/104688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-05-17 14:08
Modified
2024-11-21 02:50
Summary
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift 3.1
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59",
                     versionEndIncluding: "2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508",
                     versionEndIncluding: "1.651.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso a lectura obtener información sensible de instalación de plugin aprovechando la falta de comprobaciones de permisos en dispositivos XML/JSON API no especificados.",
      },
   ],
   id: "CVE-2016-3723",
   lastModified: "2024-11-21T02:50:34.690",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-05-17T14:08:07.983",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-17 00:15
Modified
2024-11-21 08:08
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C57E2C04-308A-42DE-B945-9CAD07C04128",
                     versionEndIncluding: "21.0.7.6",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF74B5C0-FD77-43F9-8476-ABC00BEB21D0",
                     versionEndIncluding: "23.0.6",
                     versionStartIncluding: "23.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6288FF16-4A1E-4CB5-9774-43B11A9B4628",
                     versionEndIncluding: "21.0.7.6",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "477F2A15-C146-464B-8E41-B7BAEEE54604",
                     versionEndIncluding: "21.0.7.6",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F1B94FF-5A9A-46A0-B504-B22ABA675D22",
                     versionEndIncluding: "23.0.6",
                     versionStartIncluding: "23.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields.  IBM X-Force ID:  259380.",
      },
   ],
   id: "CVE-2023-35901",
   lastModified: "2024-11-21T08:08:57.287",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 2.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 1.4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-17T00:15:09.547",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259380",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7012317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259380",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7012317",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-04-30 19:29
Modified
2024-11-21 03:59
Summary
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1227Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1229Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1231Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1233Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1235Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1237Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1239Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1241Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1243Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:0036Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1562246Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1227Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1229Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1231Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1233Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1235Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1237Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1239Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1241Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1243Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0036Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1562246Issue Tracking, Patch, Vendor Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "84C890EC-229B-458B-AEF7-EA03C6248A25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "E1056A33-690E-4120-821F-52B9705CB84B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0FB4CEB9-3106-41D7-BBAA-FA92D2698FA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "4B196A82-385B-492A-8927-723CB8690CCC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2D9724B7-D99B-4376-B1B5-5CE5F336D767",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2C73555F-B229-4946-B27B-E0FADA31625F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "A8F8362B-DA49-439F-ADA1-B5BA443F91F7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un error en la función source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validación incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios.",
      },
   ],
   id: "CVE-2018-1102",
   lastModified: "2024-11-21T03:59:11.153",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-04-30T19:29:00.217",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1227",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1229",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1231",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1233",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1235",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1237",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1239",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1241",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1243",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0036",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1227",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1229",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1231",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1233",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1235",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1237",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1239",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1241",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1243",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0036",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-16 20:59
Modified
2024-11-21 02:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "99D411C8-56FB-4F1A-9822-C9D3153B365A",
                     versionEndIncluding: "1.596.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "26836BE3-EB42-4460-81A7-5249801BA67D",
                     versionEndIncluding: "1.605",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.606 y LTS en versiones anteriores a 1.596.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1813.",
      },
   ],
   id: "CVE-2015-1812",
   lastModified: "2024-11-21T02:26:11.817",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-10-16T20:59:09.777",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 2.0
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 no restringe adecuadamente el acceso a tokens de la API lo que podría permitir a administradores remotos obtener privilegios y ejecutar secuencias de comandos mediante el uso de un token de API de otro usuario.",
      },
   ],
   id: "CVE-2015-5323",
   lastModified: "2024-11-21T02:32:47.697",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-25T20:59:14.730",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-08 19:15
Modified
2024-11-21 04:27
Summary
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.
Impacted products
Vendor Product Version
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "109EBD2A-8A2B-4E06-8103-06A029FEEE15",
                     versionEndIncluding: "4.3",
                     versionStartIncluding: "4.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en las compilaciones de OpenShift, versiones 4.1 hasta 4.3. Las compilaciones que extraen el origen de una imagen de contenedor, omiten la comprobación del nombre del host TLS. Un atacante puede tomar ventaja de este fallo iniciando un ataque de tipo man-in-the-middle e inyectando contenido malicioso.",
      },
   ],
   id: "CVE-2019-14845",
   lastModified: "2024-11-21T04:27:29.183",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.9,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.1,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-08T19:15:10.340",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2019:4101",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2019:4237",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:4101",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2019:4237",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-494",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-494",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-10-06 14:15
Modified
2024-11-21 08:23
Summary
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:23.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC075F8A-E9D9-4D69-B478-6AB8D2D3C790",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:23.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AACEC45-6187-40E2-8F0C-CFB019253E74",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects.  IBM X-Force ID:  247527.",
      },
      {
         lang: "es",
         value: "IBM Robotic Process Automation 23.0.9 es vulnerable a la escalada de privilegios que afecta la propiedad de los proyectos. ID de IBM X-Force: 247527.",
      },
   ],
   id: "CVE-2023-43058",
   lastModified: "2024-11-21T08:23:39.570",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-06T14:15:12.197",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7047017",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7047017",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-05-17 14:08
Modified
2024-11-21 02:50
Summary
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Impacted products
Vendor Product Version
redhat openshift 3.1
redhat openshift 3.2
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508",
                     versionEndIncluding: "1.651.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59",
                     versionEndIncluding: "2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno.",
      },
   ],
   id: "CVE-2016-3721",
   lastModified: "2024-11-21T02:50:34.390",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2016-05-17T14:08:05.593",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2024/05/02/3",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/05/02/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-17",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 2.0
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes eludir las restricciones slave-to-master destinadas al acceso aprovechando un esclavo JNLP. NOTA: esta vulnerabilidad existe a causa de una solución incompleta para CVE-2014-3665.",
      },
   ],
   id: "CVE-2015-5325",
   lastModified: "2024-11-21T02:32:47.910",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-25T20:59:17.107",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-08-01 16:29
Modified
2024-11-21 02:59
Summary
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "93E3194E-7082-4E21-867B-FB4ECF482A07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C10044B3-FBB1-4031-9060-D3A2915B164C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA3ADA26-2B9E-4ABA-A224-910BD75CCE00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.",
      },
      {
         lang: "es",
         value: "S ha encontrado un error de validación de entradas en la forma en la que OpenShift 3 gestiona peticiones para imágenes. Un usuario, con una copia del manifiesto asociado con una imagen, puede extraer una imagen incluso aunque normalmente no cuente con acceso a la misma. Esto resulta en la divulgación de información contenida en la imagen.",
      },
   ],
   id: "CVE-2016-8651",
   lastModified: "2024-11-21T02:59:46.030",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "ADJACENT_NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 2.7,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:A/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.1,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.1,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.6,
            impactScore: 1.4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.1,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-08-01T16:29:00.273",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/94935",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:2915",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/94935",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:2915",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-26 21:18
Modified
2024-11-21 07:36
Summary
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
Impacted products
Vendor Product Version
redhat openshift 4.11
redhat openshift 4.12



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "275413B5-6C5D-4125-9396-0DAE614887E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6EE29F1-AE5C-4B2D-9C28-68D10F2DFCB1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify.",
      },
      {
         lang: "es",
         value: "Se encontró un fallo en github.com/openshift/apiserver-library-go, utilizado en OpenShift 4.12 y 4.11. Dicho fallo puede permitir a los usuarios con pocos privilegios configurar el perfil seccomp para los pods que controlan en \"unconfined\". De forma predeterminada, el perfil seccomp utilizado en la restricción de contexto (restricted-v2 Security Context Constraint, SCC)  es \"runtime/default\", lo que permite a los usuarios deshabilitar seccomp para los pods que pueden crear y modificar.",
      },
   ],
   id: "CVE-2023-0229",
   lastModified: "2024-11-21T07:36:47.110",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-26T21:18:06.900",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160349",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160349",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-16 20:59
Modified
2024-11-21 02:26
Severity ?
Summary
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "87068B16-A915-42BE-AFF0-9B23EF1FD2A7",
                     versionEndIncluding: "1.580.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB5428DD-A289-4554-8874-2EEB47DD72E9",
                     versionEndIncluding: "1.599",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.",
      },
      {
         lang: "es",
         value: "La clase HudsonPrivateSecurityRealm en Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 no restringe el acceso a nombres reservados cuando usan la configuración \"base de datos de usuario propia Jenkins\", lo que permite a atacantes remotos obtener privilegios creando un nombre reservado.",
      },
   ],
   id: "CVE-2015-1810",
   lastModified: "2024-11-21T02:26:11.570",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-10-16T20:59:08.717",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-16 20:59
Modified
2024-11-21 02:26
Severity ?
Summary
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "87068B16-A915-42BE-AFF0-9B23EF1FD2A7",
                     versionEndIncluding: "1.580.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB5428DD-A289-4554-8874-2EEB47DD72E9",
                     versionEndIncluding: "1.599",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 permite a usuarios remotos autenticados con ciertos permisos para leer archivos arbitrarios a través de un enlace simbólico, relacionado con los objetos de construcción.",
      },
   ],
   id: "CVE-2015-1807",
   lastModified: "2024-11-21T02:26:11.230",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-10-16T20:59:06.433",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-05 15:15
Modified
2024-11-21 01:46
Summary
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
Impacted products
Vendor Product Version
redhat openshift 1.0
redhat openshift 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS",
      },
      {
         lang: "es",
         value: "Un cartucho haproxy de OpenShift: un /tmp predecible en el enlace de conexión set-proxy que podría facilitar una DoS.",
      },
   ],
   id: "CVE-2013-0163",
   lastModified: "2024-11-21T01:46:58.413",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-05T15:15:11.000",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2013-0163",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2013-0163",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-668",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-05-11 20:29
Modified
2024-11-21 03:59
Summary
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/104260Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1809Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:3768Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1257Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104260Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1809Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3768Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1257Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
redhat openshift -
oracle agile_product_lifecycle_management 9.3.3
oracle agile_product_lifecycle_management 9.3.4
oracle agile_product_lifecycle_management 9.3.5
oracle agile_product_lifecycle_management 9.3.6
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle big_data_discovery 1.6.0
oracle communications_converged_application_server *
oracle communications_diameter_signaling_router *
oracle communications_performance_intelligence_center *
oracle communications_services_gatekeeper *
oracle communications_unified_inventory_management 7.3.2
oracle communications_unified_inventory_management 7.3.4
oracle communications_unified_inventory_management 7.3.5
oracle communications_unified_inventory_management 7.4.0
oracle endeca_information_discovery_integrator 3.1.0
oracle endeca_information_discovery_integrator 3.2.0
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle enterprise_manager_for_mysql_database 13.2
oracle enterprise_manager_ops_center 12.3.3
oracle flexcube_private_banking 2.0.0.0
oracle flexcube_private_banking 2.2.0.1
oracle flexcube_private_banking 12.0.1.0
oracle flexcube_private_banking 12.0.3.0
oracle flexcube_private_banking 12.1.0.0
oracle goldengate_for_big_data 12.2.0.1
oracle goldengate_for_big_data 12.3.1.1
oracle goldengate_for_big_data 12.3.2.1
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle hospitality_guest_access 4.2.0
oracle hospitality_guest_access 4.2.1
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2
oracle insurance_calculation_engine 10.2.1
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_open_commerce_platform 5.3.0
oracle retail_open_commerce_platform 6.0.0
oracle retail_open_commerce_platform 6.0.1
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_predictive_application_server 14.0
oracle retail_predictive_application_server 14.1
oracle retail_predictive_application_server 15.0
oracle retail_predictive_application_server 16.0
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle tape_library_acsls 8.4
oracle utilities_network_management_system 1.12.0.3
oracle weblogic_server 10.3.6.0.0
oracle weblogic_server 12.1.3.0.0
oracle weblogic_server 12.2.1.3.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6EAA87A1-BA40-4A91-B042-3EFD799C3FA2",
                     versionEndExcluding: "4.3.17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48D8AB57-AD2F-406F-9FBA-CF74BFAF90EF",
                     versionEndExcluding: "5.0.6",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8C893E4-1D3A-4687-BE5A-D26FFEBCCC78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "18260EE8-9BC0-4BA1-9642-90FE052E8B18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0BB81C3-29FD-4AE0-8D46-456FAF135F6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "4305ED0E-30CC-4AEA-8988-3D1EC93A0BB2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "17EA8B91-7634-4636-B647-1049BA7CA088",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F17843-32EA-4C31-B65C-F424447BEF7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "00280604-1DC1-4974-BF73-216C5D76FFA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
                     versionEndExcluding: "7.0.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
                     versionEndExcluding: "8.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "468931C8-C76A-4E47-BF00-185D85F719C5",
                     versionEndExcluding: "10.2.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
                     versionEndExcluding: "6.1.0.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B65CD29-C729-42AC-925E-014BA19581E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E856B4A-6AE7-4317-921A-35B4D2048652",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "98F3E643-4B65-4668-BB11-C61ED54D5A53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CDCE0E90-495E-4437-8529-3C36441FB69D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "51C25F23-6800-48A2-881C-C2A2C3FA045C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADEA6A93-BD78-47DC-B3C3-6D27239C6647",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5104F0A-CD23-4A6E-AD59-B6F5A949B006",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "350DFE94-C24A-40FE-98F8-246D5B7F9D83",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "499A382A-8183-4080-8D48-0E00D5E44EE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C24CC1-850E-4BB2-9B50-ABE61984451E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A609003-8687-40B4-8AC3-06A1534ADE30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A699D02-296B-411E-9658-5893240605D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A3DC116-2844-47A1-BEC2-D0675DD97148",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "641D134E-6C51-4DB8-8554-F6B5222EF479",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB6321F8-7A0A-4DB8-9889-3527023C652A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "25F8E604-8180-4728-AD2D-7FF034E3E65A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9652104A-119D-4327-A937-8BED23C23861",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CBFA960-D242-43ED-8D4C-A60F01B70740",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0513B305-97EF-4609-A82E-D0CDFF9925BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DE15D64-6F49-4F43-8079-0C7827384C86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07630491-0624-4C5C-A858-C5D3CDCD1B68",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC9CA11F-F718-43E5-ADB9-6C348C75E37A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "21973CDD-D16E-4321-9F8E-67F4264D7C21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "909A7F73-0164-471B-8EBD-1F70072E9809",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "70D4467D-6968-4557-AF61-AFD42B2B48D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE188B12-D28E-490C-9948-F5305A7D55BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.",
      },
      {
         lang: "es",
         value: "Spring Framework, en versiones 5.0.x anteriores a la 5.0.6, versiones 4.3.x anteriores a la 4.3.17 y versiones antiguas no soportadas, permite que las aplicaciones expongan STOMP sobre los endpoints WebSocket con un simple broker STOP dentro de la memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede crear un mensaje para el broker que puede conducir a un ataque de denegación de servicio (DoS) de expresión regular.",
      },
   ],
   id: "CVE-2018-1257",
   lastModified: "2024-11-21T03:59:28.767",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-05-11T20:29:00.213",
   references: [
      {
         source: "security_alert@emc.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/104260",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1809",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3768",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://pivotal.io/security/cve-2018-1257",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
      },
      {
         source: "security_alert@emc.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/104260",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:1809",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:3768",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://pivotal.io/security/cve-2018-1257",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
      },
   ],
   sourceIdentifier: "security_alert@emc.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-05-17 14:08
Modified
2024-11-21 02:50
Summary
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift 3.1
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508",
                     versionEndIncluding: "1.651.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59",
                     versionEndIncluding: "2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados desencadenar actualizaciones de metadatos provenientes de portales de actualización aprovechando la falta de comprobación de permisos. NOTA: este problema puede darse en combinación con el envenenamiento de la caché DNS para provocar una denegación de servicio (interrupción de servicio).",
      },
   ],
   id: "CVE-2016-3725",
   lastModified: "2024-11-21T02:50:34.957",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-05-17T14:08:09.780",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-19 17:15
Modified
2024-11-21 01:45
Summary
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
Impacted products
Vendor Product Version
phusion passenger 4.0.0
phusion passenger 4.0.0
redhat openshift 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:4.0.0:beta1:*:*:*:ruby:*:*",
                     matchCriteriaId: "B8D22A17-F554-44FE-82EF-408BC8940C18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:4.0.0:beta2:*:*:*:ruby:*:*",
                     matchCriteriaId: "0F2D0D37-F5E6-43A9-8D8C-2A8B8224C9C9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.",
      },
      {
         lang: "es",
         value: "RubyGems passenger versión 4.0.0 betas 1 y 2, permite a atacantes remotos eliminar archivos arbitrarios durante el proceso de inicio.",
      },
   ],
   id: "CVE-2012-6135",
   lastModified: "2024-11-21T01:45:53.623",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-19T17:15:11.237",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/03/02/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2012-6135",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.securityfocus.com/bid/58259",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/03/02/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2012-6135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.securityfocus.com/bid/58259",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-07-30 20:15
Modified
2024-11-21 06:22
Summary
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1978621Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1978621Exploit, Issue Tracking, Patch, Third Party Advisory
Impacted products
Vendor Product Version
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "204FB913-E9B7-448F-8557-4100BF2ADDA9",
                     versionEndExcluding: "4.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.",
      },
      {
         lang: "es",
         value: "Se encontró en OpenShift, anterior a versión 4.8, que el certificado generado para la CA de servicio en el clúster, incluía incorrectamente certificados adicionales. La CA de servicio se monta automáticamente en todos los pods, permitiéndoles conectarse de forma segura a los servicios confiables del clúster que presentan certificados firmados por la CA de servicio confiable. Una inclusión incorrecta de CAs adicionales en este certificado podría permitir a un atacante que comprometiera cualquiera de las CAs adicionales hacerse pasar por un servicio confiable dentro del clúster",
      },
   ],
   id: "CVE-2021-3636",
   lastModified: "2024-11-21T06:22:02.467",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "ADJACENT_NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.1,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.6,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 2.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-07-30T20:15:07.687",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-06-14 15:29
Modified
2024-11-21 04:43
Summary
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
Impacted products
Vendor Product Version
ibm cloud_private *
ibm cloud_private *
redhat openshift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_private:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9394AFCC-A7FA-414D-B6AD-B62ECD9863B3",
                     versionEndIncluding: "3.0.1",
                     versionStartIncluding: "1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_private:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCDA100F-86AF-4BBF-B7CA-5C68170BD58E",
                     versionEndIncluding: "2.3.1",
                     versionStartIncluding: "2.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.",
      },
      {
         lang: "es",
         value: "IBM MQ Advanced Cloud Pak (IBM Cloud Private versión 1.0.0 hasta 3.0.1) almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leída por un usuario local. ID de IBM X-Force: 159465.",
      },
   ],
   id: "CVE-2019-4239",
   lastModified: "2024-11-21T04:43:21.863",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 6.2,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.5,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-06-14T15:29:00.277",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-522",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-04-07 23:59
Modified
2024-11-21 02:42
Summary
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift 3.1
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C",
                     versionEndIncluding: "1.649",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "4203742F-66F7-4877-ABF8-EB304E114191",
                     versionEndIncluding: "1.642.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.",
      },
      {
         lang: "es",
         value: "Múltiples terminales API no especificadas en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permiten a usuarios remotos autenticados ejecutar código arbitrario a través de datos serializados en un archivo XML, relacionado con XStream y groovy.util.Expando.",
      },
   ],
   id: "CVE-2016-0792",
   lastModified: "2024-11-21T02:42:23.547",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-07T23:59:03.957",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.exploit-db.com/exploits/42394/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.exploit-db.com/exploits/43375/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.exploit-db.com/exploits/42394/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.exploit-db.com/exploits/43375/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-06 18:59
Modified
2024-11-21 02:32
Severity ?
Summary
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
Impacted products
Vendor Product Version
redhat openshift 3.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en Kubernetes, tal como se utiliza en Red Hat OpenShift Enterprise 3.0, permite a atacantes escribir a archivos arbitrarios a través de un nombre de tipo objeto manipulado, que no es manejado correctamente antes de pasarlo a etcd.",
      },
   ],
   id: "CVE-2015-5305",
   lastModified: "2024-11-21T02:32:45.480",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-06T18:59:00.110",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:1945",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273969",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:1945",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273969",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 06:36
Summary
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F788739F-0B28-4751-9A4E-E0C5B7F79613",
                     versionEndExcluding: "4.6.52",
                     versionStartIncluding: "4.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C2659CC-7CA5-49B2-901D-DE3E1693C3E3",
                     versionEndExcluding: "4.7.40",
                     versionStartIncluding: "4.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE4321F9-4224-47EF-9853-9C891EFB86DD",
                     versionEndExcluding: "4.8.24",
                     versionStartIncluding: "4.8.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.",
      },
      {
         lang: "es",
         value: "Se ha detectado que la corrección original para log4j CVE-2021-44228 y CVE-2021-45046 en los contenedores hive de medición de OpenShift estaba incompleta, ya que no fueron eliminados todos los archivos JndiLookup.class. Esta CVE sólo es aplicada a imágenes de contenedores hive de OpenShift Metering, enviadas en OpenShift versiones 4.8, 4.7 y 4.6.",
      },
   ],
   id: "CVE-2021-4125",
   lastModified: "2024-11-21T06:36:57.310",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-24T16:15:09.483",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-4125",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-44228",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-45046",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033121",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/kube-reporting/hive/pull/71",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/kube-reporting/hive/pull/72",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/kube-reporting/hive/pull/73",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-4125",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-44228",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2021-45046",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033121",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/kube-reporting/hive/pull/71",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/kube-reporting/hive/pull/72",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/kube-reporting/hive/pull/73",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 17:59
Modified
2024-11-21 02:47
Summary
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
Impacted products
Vendor Product Version
redhat openshift_origin -
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "01B75475-8415-46F8-A5B8-323527336611",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permiten a usuarios remotos autenticados ejecutar comandos con privilegios de root cambiando la contraseña de root en una imagen builder sti.",
      },
   ],
   id: "CVE-2016-2160",
   lastModified: "2024-11-21T02:47:55.857",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T17:59:03.250",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1064",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316127",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openshift/origin/pull/7864",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1064",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316127",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openshift/origin/pull/7864",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-02 20:15
Modified
2024-11-21 04:34
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift *
redhat openshift *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E99FF97F-2A6C-4589-996B-FACCAFAE56E3",
                     versionEndExcluding: "3.11.188-4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F64F6AE-D8DF-490B-991F-F90D705945F5",
                     versionEndExcluding: "4.1.37",
                     versionStartIncluding: "4.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A6C41B-575B-486E-AC21-429F507E1447",
                     versionEndExcluding: "4.2.21",
                     versionStartIncluding: "4.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "15747A3D-8D4B-42B6-A210-C9E533067A7B",
                     versionEndExcluding: "4.3.5",
                     versionStartIncluding: "4.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
      },
      {
         lang: "es",
         value: "Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mariadb-apb, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4. Un atacante con acceso al contenedor podría utilizar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios.",
      },
   ],
   id: "CVE-2019-19346",
   lastModified: "2024-11-21T04:34:37.370",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-02T20:15:15.317",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-266",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-10-19 18:15
Modified
2024-11-21 01:55
Summary
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
Impacted products
Vendor Product Version
redhat openshift 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:-:*:*:*",
                     matchCriteriaId: "8AFA9951-AB69-4B63-9459-957A683484FA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The deployment script in the unsupported \"OpenShift Extras\" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.",
      },
      {
         lang: "es",
         value: "El script de despliegue en el conjunto de scripts complementarios \"OpenShift Extras\" no soportados, en Red Hat Openshift versión 1, instala una clave pública por defecto en el archivo authorized_keys del usuario root",
      },
   ],
   id: "CVE-2013-4253",
   lastModified: "2024-11-21T01:55:13.233",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-19T18:15:11.150",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2014/06/05/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2014/06/05/19",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-377",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-668",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-09-04 16:15
Modified
2024-11-21 04:46
Summary
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
Impacted products
Vendor Product Version
f5 container_ingress_service 1.9.0
redhat openshift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:f5:container_ingress_service:1.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7C34CCD-152B-4D8B-A89C-A6607A61A7CF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.",
      },
      {
         lang: "es",
         value: "En la versión 1.9.0, si el registro DEBUG está habilitado, F5 Container Ingress Service (CIS) para archivos de registro de Kubernetes y Red Hat OpenShift (k8s-bigip-ctlr) pueden contener secretos de BIG-IP, tales como Claves Privadas de SSL y Frases de Contraseña de la Clave Privada proporcionadas como entradas para una Declaración AS3.",
      },
   ],
   id: "CVE-2019-6648",
   lastModified: "2024-11-21T04:46:52.770",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 1.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-09-04T16:15:11.060",
   references: [
      {
         source: "f5sirt@f5.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.f5.com/csp/article/K74327432",
      },
      {
         source: "f5sirt@f5.com",
         url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.f5.com/csp/article/K74327432",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS",
      },
   ],
   sourceIdentifier: "f5sirt@f5.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.
Impacted products
Vendor Product Version
redhat openshift *
jenkins jenkins *
jenkins jenkins *
redhat openshift 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 no verifica adecuadamente el secreto compartido utilizado en conexiones esclavo JNLP, lo que permite a atacantes remotos conectar como esclavos y obtener información sensible o posiblemente obtener acceso administrativo aprovechando el conocimiento del nombre de un esclavo.",
      },
   ],
   id: "CVE-2015-5320",
   lastModified: "2024-11-21T02:32:47.353",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-25T20:59:11.447",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-20 14:15
Modified
2024-11-21 02:43
Summary
swagger-ui has XSS in key names
Impacted products
Vendor Product Version
smartbear swagger-ui -
redhat jboss_fuse 6.3
redhat openshift 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:smartbear:swagger-ui:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8195A94-B057-43E4-9AD4-59B7CA47B97D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D071664D-9B31-45EB-A5DD-237EB3F36E63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "swagger-ui has XSS in key names",
      },
      {
         lang: "es",
         value: "swagger-ui presenta una vulnerabilidad de tipo XSS en nombres claves.",
      },
   ],
   id: "CVE-2016-1000229",
   lastModified: "2024-11-21T02:43:01.303",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-20T14:15:11.633",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/97580",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2017:0868",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/97580",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2017:0868",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-05 18:15
Modified
2024-11-21 07:23
Summary
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB4AA531-9AC9-417B-B732-6FEBFEB0F363",
                     versionEndExcluding: "21.0.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3912ED0-7480-4FCC-A645-700F2E0C3394",
                     versionEndExcluding: "21.0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.\n\n",
      },
      {
         lang: "es",
         value: "IBM Robotic Process Automation 20.12 a 21.0.6 podría permitir que un atacante con acceso físico al sistema obtenga información altamente confidencial de la memoria del sistema. ID de IBM X-Force: 238053.",
      },
   ],
   id: "CVE-2022-41740",
   lastModified: "2024-11-21T07:23:46.190",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "PHYSICAL",
               availabilityImpact: "NONE",
               baseScore: 4.6,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.9,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "PHYSICAL",
               availabilityImpact: "NONE",
               baseScore: 4.6,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-05T18:15:08.717",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6852657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6852657",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-312",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-05-05 17:06
Modified
2024-11-21 02:01
Severity ?
Summary
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.
Impacted products
Vendor Product Version
redhat openshift 1.2.7
redhat openshift 2.0.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.2.7:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "2FB9CBA2-3134-420A-8C6E-D899FBE58F0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "AB204392-8CE0-4B3B-9399-F6B83EB9006F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.",
      },
      {
         lang: "es",
         value: "openshift-origin-broker-util, utilizado en Red Hat OpenShift Enterprise 1.2.7 y 2.0.5, utiliza permisos de lectura universal para el archivo de configuración de mcollective client.cfg, lo que permite a usuarios locales obtener credenciales y otra información sensible mediante la lectura del archivo.",
      },
   ],
   id: "CVE-2014-0164",
   lastModified: "2024-11-21T02:01:31.070",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-05-05T17:06:05.607",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0460.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0461.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0460.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0461.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-04-07 23:59
Modified
2024-11-21 02:42
Summary
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift 3.1
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "4203742F-66F7-4877-ABF8-EB304E114191",
                     versionEndIncluding: "1.642.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C",
                     versionEndIncluding: "1.649",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 no utiliza un algoritmo de tiempo constante para verificar tokens API, lo que hace más fácil para atacantes remotos determinar tokens API a través de una aproximación por fuerza bruta.",
      },
   ],
   id: "CVE-2016-0790",
   lastModified: "2024-11-21T02:42:23.273",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-07T23:59:01.927",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
            {
               lang: "en",
               value: "CWE-254",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-15 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Impacted products
Vendor Product Version
redhat openshift *
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "D2155ABA-1B6A-4A9E-8493-D10B82367F5A",
                     versionEndExcluding: "1.565.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7776A17-C1CB-4CD3-A9B4-5D60DF9651F6",
                     versionEndExcluding: "1.583",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de XSS in Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.",
      },
   ],
   id: "CVE-2014-3681",
   lastModified: "2024-11-21T02:08:38.480",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-15T14:55:07.760",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147766",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147766",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-08-24 14:59
Modified
2024-11-21 02:32
Severity ?
Summary
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
Impacted products
Vendor Product Version
redhat openshift 3.0.0.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0.0.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "ED7B0E8D-42EE-4353-AE46-77C267F7D2D2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en Red Hat OpenShift Enterprise 3.0.0.0 no verifica correctamente los permisos lo cual permite a usuarios remotos autenticados con permisos de creación ejecutar arbitrariamente comandos shell con permisos root sobre pods creados a través de vectores no especificados.",
      },
   ],
   id: "CVE-2015-5222",
   lastModified: "2024-11-21T02:32:35.487",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 8.5,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-08-24T14:59:07.557",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:1650",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2015:1650",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-04-20 17:59
Modified
2024-11-21 02:54
Summary
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
Impacted products
Vendor Product Version
redhat openshift 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 2 no incluye el indicador HTTPOnly en el encabezado Set-Cookie para la cookie GEARID, lo que hace más fácil para el atacante remoto obtener información potencialmente sensible a través del acceso con secuencias de comandos a los cookies.",
      },
   ],
   id: "CVE-2016-5409",
   lastModified: "2024-11-21T02:54:15.597",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-04-20T17:59:00.383",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/97988",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1366461",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/97988",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1366461",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift 2.0
redhat openshift *



{
   cisaActionDue: "2023-06-02",
   cisaExploitAdd: "2023-05-12",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Jenkins User Interface (UI) Information Disclosure Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.",
      },
      {
         lang: "es",
         value: "Las páginas Fingerprints en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 podrían permitir a atacantes remotos obtener trabajo sensible y construir la información de nombre a través de una petición directa.",
      },
   ],
   id: "CVE-2015-5317",
   lastModified: "2024-11-21T02:32:47.013",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-25T20:59:07.680",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Undergoing Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-05-27 20:15
Modified
2024-11-21 05:11
Summary
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.
Impacted products
Vendor Product Version
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB125B9C-10F1-449D-9583-B7AA7D70A943",
                     versionEndExcluding: "4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.",
      },
      {
         lang: "es",
         value: "Se encontró un fallo en la consola web de OpenShift, donde el token de acceso es guardado en el almacenamiento local del navegador. Un atacante puede usar este fallo para obtener el token de acceso por medio de un acceso físico o un ataque de tipo XSS en el navegador de la víctima. Este fallo afecta a openshift/console versiones anteriores a openshift/console-4",
      },
   ],
   id: "CVE-2020-1761",
   lastModified: "2024-11-21T05:11:19.867",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-05-27T20:15:08.030",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-358",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-08-07 17:29
Modified
2024-11-21 02:36
Summary
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
Impacted products
Vendor Product Version
kubernetes kubernetes -
redhat openshift 3.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "14C32308-314D-4E0D-B15F-6A68DF21E9F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "62C4B3B6-7452-49AF-8981-737FE929FF97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.",
      },
      {
         lang: "es",
         value: "Kubernetes en OpenShift3 permite que atacantes remotos autenticados empleen las imágenes privadas de otros usuarios si conocen el nombre de dicha imagen.",
      },
   ],
   id: "CVE-2015-7561",
   lastModified: "2024-11-21T02:36:59.270",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.1,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.6,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-08-07T17:29:00.410",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291963",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/kubernetes/kubernetes/pull/18909",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291963",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/kubernetes/kubernetes/pull/18909",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-10-10 14:15
Modified
2024-12-20 17:40
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/10/13/4Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/10/13/9Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/10/18/4Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/10/18/8Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/10/19/6Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/10/20/8Mailing List
cve@mitre.orghttps://access.redhat.com/security/cve/cve-2023-44487Vendor Advisory
cve@mitre.orghttps://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/Press/Media Coverage, Third Party Advisory
cve@mitre.orghttps://aws.amazon.com/security/security-bulletins/AWS-2023-011/Third Party Advisory
cve@mitre.orghttps://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/Technical Description
cve@mitre.orghttps://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/Third Party Advisory
cve@mitre.orghttps://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/Vendor Advisory
cve@mitre.orghttps://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attackPress/Media Coverage, Third Party Advisory
cve@mitre.orghttps://blog.vespa.ai/cve-2023-44487/Vendor Advisory
cve@mitre.orghttps://bugzilla.proxmox.com/show_bug.cgi?id=4988Issue Tracking
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=2242803Issue Tracking
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1216123Issue Tracking
cve@mitre.orghttps://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9Mailing List, Patch
cve@mitre.orghttps://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/Technical Description
cve@mitre.orghttps://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attackTechnical Description
cve@mitre.orghttps://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125Vendor Advisory
cve@mitre.orghttps://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715Third Party Advisory
cve@mitre.orghttps://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cveTechnical Description, Third Party Advisory
cve@mitre.orghttps://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764Vendor Advisory
cve@mitre.orghttps://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088Issue Tracking
cve@mitre.orghttps://github.com/Azure/AKS/issues/3947Issue Tracking
cve@mitre.orghttps://github.com/Kong/kong/discussions/11741Issue Tracking
cve@mitre.orghttps://github.com/advisories/GHSA-qppj-fm5r-hxr3Vendor Advisory
cve@mitre.orghttps://github.com/advisories/GHSA-vx74-f528-fxqgVendor Advisory
cve@mitre.orghttps://github.com/advisories/GHSA-xpw8-rcwv-8f8pPatch, Vendor Advisory
cve@mitre.orghttps://github.com/akka/akka-http/issues/4323Issue Tracking
cve@mitre.orghttps://github.com/alibaba/tengine/issues/1872Issue Tracking
cve@mitre.orghttps://github.com/apache/apisix/issues/10320Issue Tracking
cve@mitre.orghttps://github.com/apache/httpd-site/pull/10Issue Tracking
cve@mitre.orghttps://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113Product
cve@mitre.orghttps://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2Product, Third Party Advisory
cve@mitre.orghttps://github.com/apache/trafficserver/pull/10564Issue Tracking, Patch
cve@mitre.orghttps://github.com/arkrwn/PoC/tree/main/CVE-2023-44487Vendor Advisory
cve@mitre.orghttps://github.com/bcdannyboy/CVE-2023-44487Third Party Advisory
cve@mitre.orghttps://github.com/caddyserver/caddy/issues/5877Issue Tracking
cve@mitre.orghttps://github.com/caddyserver/caddy/releases/tag/v2.7.5Release Notes
cve@mitre.orghttps://github.com/dotnet/announcements/issues/277Issue Tracking, Mitigation
cve@mitre.orghttps://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73Product, Release Notes
cve@mitre.orghttps://github.com/eclipse/jetty.project/issues/10679Issue Tracking
cve@mitre.orghttps://github.com/envoyproxy/envoy/pull/30055Issue Tracking, Patch
cve@mitre.orghttps://github.com/etcd-io/etcd/issues/16740Issue Tracking, Patch
cve@mitre.orghttps://github.com/facebook/proxygen/pull/466Issue Tracking, Patch
cve@mitre.orghttps://github.com/golang/go/issues/63417Issue Tracking
cve@mitre.orghttps://github.com/grpc/grpc-go/pull/6703Issue Tracking, Patch
cve@mitre.orghttps://github.com/h2o/h2o/pull/3291Issue Tracking
cve@mitre.orghttps://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqfVendor Advisory
cve@mitre.orghttps://github.com/haproxy/haproxy/issues/2312Issue Tracking
cve@mitre.orghttps://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244Product
cve@mitre.orghttps://github.com/junkurihara/rust-rpxy/issues/97Issue Tracking
cve@mitre.orghttps://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1Patch
cve@mitre.orghttps://github.com/kazu-yamamoto/http2/issues/93Issue Tracking
cve@mitre.orghttps://github.com/kubernetes/kubernetes/pull/121120Patch
cve@mitre.orghttps://github.com/line/armeria/pull/5232Issue Tracking, Patch
cve@mitre.orghttps://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632Patch
cve@mitre.orghttps://github.com/micrictor/http2-rst-streamExploit, Third Party Advisory
cve@mitre.orghttps://github.com/microsoft/CBL-Mariner/pull/6381Issue Tracking
cve@mitre.orghttps://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61Patch
cve@mitre.orghttps://github.com/nghttp2/nghttp2/pull/1961Issue Tracking, Patch
cve@mitre.orghttps://github.com/nghttp2/nghttp2/releases/tag/v1.57.0Release Notes
cve@mitre.orghttps://github.com/ninenines/cowboy/issues/1615Issue Tracking
cve@mitre.orghttps://github.com/nodejs/node/pull/50121Issue Tracking
cve@mitre.orghttps://github.com/openresty/openresty/issues/930Issue Tracking
cve@mitre.orghttps://github.com/opensearch-project/data-prepper/issues/3474Issue Tracking, Patch
cve@mitre.orghttps://github.com/oqtane/oqtane.framework/discussions/3367Issue Tracking
cve@mitre.orghttps://github.com/projectcontour/contour/pull/5826Issue Tracking, Patch
cve@mitre.orghttps://github.com/tempesta-tech/tempesta/issues/1986Issue Tracking
cve@mitre.orghttps://github.com/varnishcache/varnish-cache/issues/3996Issue Tracking
cve@mitre.orghttps://groups.google.com/g/golang-announce/c/iNNxDTCjZvoMailing List, Release Notes
cve@mitre.orghttps://istio.io/latest/news/security/istio-security-2023-004/Vendor Advisory
cve@mitre.orghttps://linkerd.io/2023/10/12/linkerd-cve-2023-44487/Vendor Advisory
cve@mitre.orghttps://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87qMailing List
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/10/msg00020.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/10/msg00023.htmlMailing List
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/10/msg00024.htmlMailing List
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/10/msg00045.htmlMailing List
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/10/msg00047.htmlMailing List
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/11/msg00001.htmlMailing List
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/11/msg00012.htmlMailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/Mailing List
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.htmlMailing List, Patch
cve@mitre.orghttps://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.htmlThird Party Advisory
cve@mitre.orghttps://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/Patch, Vendor Advisory
cve@mitre.orghttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487Patch, Vendor Advisory
cve@mitre.orghttps://my.f5.com/manage/s/article/K000137106Vendor Advisory
cve@mitre.orghttps://netty.io/news/2023/10/10/4-1-100-Final.htmlRelease Notes
cve@mitre.orghttps://news.ycombinator.com/item?id=37830987Issue Tracking
cve@mitre.orghttps://news.ycombinator.com/item?id=37830998Issue Tracking
cve@mitre.orghttps://news.ycombinator.com/item?id=37831062Issue Tracking
cve@mitre.orghttps://news.ycombinator.com/item?id=37837043Issue Tracking
cve@mitre.orghttps://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/Third Party Advisory
cve@mitre.orghttps://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffectedThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202311-09Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20231016-0001/Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20240426-0007/Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20240621-0006/Exploit, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20240621-0007/Third Party Advisory
cve@mitre.orghttps://security.paloaltonetworks.com/CVE-2023-44487Vendor Advisory
cve@mitre.orghttps://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14Release Notes
cve@mitre.orghttps://ubuntu.com/security/CVE-2023-44487Vendor Advisory
cve@mitre.orghttps://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/Third Party Advisory
cve@mitre.orghttps://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487Third Party Advisory, US Government Resource
cve@mitre.orghttps://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-eventPress/Media Coverage, Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5521Mailing List
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5522Mailing List
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5540Mailing List
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5549Mailing List
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5558Mailing List
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5570Third Party Advisory
cve@mitre.orghttps://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487Third Party Advisory
cve@mitre.orghttps://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/Vendor Advisory
cve@mitre.orghttps://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/Mitigation
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2023/10/10/6Mailing List, Third Party Advisory
cve@mitre.orghttps://www.phoronix.com/news/HTTP2-Rapid-Reset-AttackPress/Media Coverage
cve@mitre.orghttps://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/10/13/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/10/13/9Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/10/18/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/10/18/8Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/10/19/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/10/20/8Mailing List
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2023-44487Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://aws.amazon.com/security/security-bulletins/AWS-2023-011/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/Technical Description, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attackPress/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.vespa.ai/cve-2023-44487/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.proxmox.com/show_bug.cgi?id=4988Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2242803Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1216123Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/Technical Description, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attackTechnical Description, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cveTechnical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/Azure/AKS/issues/3947Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/Kong/kong/discussions/11741Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/advisories/GHSA-qppj-fm5r-hxr3Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/advisories/GHSA-vx74-f528-fxqgMitigation, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/advisories/GHSA-xpw8-rcwv-8f8pPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/akka/akka-http/issues/4323Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/alibaba/tengine/issues/1872Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/apache/apisix/issues/10320Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/apache/httpd-site/pull/10Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113Product
af854a3a-2127-422b-91ae-364da2661108https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2Product
af854a3a-2127-422b-91ae-364da2661108https://github.com/apache/trafficserver/pull/10564Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/bcdannyboy/CVE-2023-44487Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/caddyserver/caddy/issues/5877Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/caddyserver/caddy/releases/tag/v2.7.5Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/dotnet/announcements/issues/277Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/eclipse/jetty.project/issues/10679Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/envoyproxy/envoy/pull/30055Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/etcd-io/etcd/issues/16740Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/facebook/proxygen/pull/466Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/golang/go/issues/63417Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/grpc/grpc-go/pull/6703Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/h2o/h2o/pull/3291Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/haproxy/haproxy/issues/2312Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244Product
af854a3a-2127-422b-91ae-364da2661108https://github.com/junkurihara/rust-rpxy/issues/97Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/kazu-yamamoto/http2/issues/93Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/kubernetes/kubernetes/pull/121120Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/line/armeria/pull/5232Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/micrictor/http2-rst-streamExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/microsoft/CBL-Mariner/pull/6381Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/nghttp2/nghttp2/pull/1961Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/ninenines/cowboy/issues/1615Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/nodejs/node/pull/50121Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/openresty/openresty/issues/930Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/opensearch-project/data-prepper/issues/3474Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/oqtane/oqtane.framework/discussions/3367Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/projectcontour/contour/pull/5826Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/tempesta-tech/tempesta/issues/1986Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/varnishcache/varnish-cache/issues/3996Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://groups.google.com/g/golang-announce/c/iNNxDTCjZvoMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://istio.io/latest/news/security/istio-security-2023-004/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87qMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/10/msg00020.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/10/msg00023.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/10/msg00024.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/10/msg00045.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/10/msg00047.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/11/msg00001.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/11/msg00012.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.htmlMailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://my.f5.com/manage/s/article/K000137106Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://netty.io/news/2023/10/10/4-1-100-Final.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=37830987Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=37830998Issue Tracking, Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=37831062Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=37837043Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffectedThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202311-09Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20231016-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240426-0007/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240621-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240621-0007/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.paloaltonetworks.com/CVE-2023-44487Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14Release Notes
af854a3a-2127-422b-91ae-364da2661108https://ubuntu.com/security/CVE-2023-44487Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-eventPress/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5521Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5522Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5540Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5549Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5558Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5570Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2023/10/10/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.phoronix.com/news/HTTP2-Rapid-Reset-AttackPress/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-causeThird Party Advisory
Impacted products
Vendor Product Version
ietf http 2.0
nghttp2 nghttp2 *
netty netty *
envoyproxy envoy 1.24.10
envoyproxy envoy 1.25.9
envoyproxy envoy 1.26.4
envoyproxy envoy 1.27.0
eclipse jetty *
eclipse jetty *
eclipse jetty *
eclipse jetty *
caddyserver caddy *
golang go *
golang go *
golang http2 *
golang networking *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.1.0
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_application_visibility_and_reporting 17.1.0
f5 big-ip_carrier-grade_nat *
f5 big-ip_carrier-grade_nat *
f5 big-ip_carrier-grade_nat *
f5 big-ip_carrier-grade_nat *
f5 big-ip_carrier-grade_nat 17.1.0
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_ddos_hybrid_defender 17.1.0
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller 17.1.0
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_next 20.0.1
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_ssl_orchestrator *
f5 big-ip_ssl_orchestrator *
f5 big-ip_ssl_orchestrator *
f5 big-ip_ssl_orchestrator 17.1.0
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator 17.1.0
f5 big-ip_websafe *
f5 big-ip_websafe *
f5 big-ip_websafe *
f5 big-ip_websafe *
f5 big-ip_websafe 17.1.0
f5 nginx *
f5 nginx_ingress_controller *
f5 nginx_ingress_controller *
f5 nginx_plus *
f5 nginx_plus r29
f5 nginx_plus r30
apache tomcat *
apache tomcat *
apache tomcat *
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apache tomcat 11.0.0
apple swiftnio_http\/2 *
grpc grpc *
grpc grpc *
grpc grpc *
grpc grpc 1.57.0
microsoft .net *
microsoft .net *
microsoft asp.net_core *
microsoft asp.net_core *
microsoft azure_kubernetes_service *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft windows_10_1607 *
microsoft windows_10_1607 *
microsoft windows_10_1809 *
microsoft windows_10_21h2 *
microsoft windows_10_22h2 *
microsoft windows_11_21h2 *
microsoft windows_11_22h2 *
microsoft windows_server_2016 -
microsoft windows_server_2019 -
microsoft windows_server_2022 -
nodejs node.js *
nodejs node.js *
microsoft cbl-mariner *
dena h2o *
facebook proxygen *
apache apisix *
apache traffic_server *
apache traffic_server *
amazon opensearch_data_prepper *
debian debian_linux 10.0
debian debian_linux 11.0
debian debian_linux 12.0
kazu-yamamoto http2 *
istio istio *
istio istio *
istio istio *
varnish_cache_project varnish_cache *
traefik traefik *
traefik traefik 3.0.0
traefik traefik 3.0.0
traefik traefik 3.0.0
projectcontour contour *
linkerd linkerd *
linkerd linkerd 2.13.0
linkerd linkerd 2.13.1
linkerd linkerd 2.14.0
linkerd linkerd 2.14.1
linecorp armeria *
redhat 3scale_api_management_platform 2.0
redhat advanced_cluster_management_for_kubernetes 2.0
redhat advanced_cluster_security 3.0
redhat advanced_cluster_security 4.0
redhat ansible_automation_platform 2.0
redhat build_of_optaplanner 8.0
redhat build_of_quarkus -
redhat ceph_storage 5.0
redhat cert-manager_operator_for_red_hat_openshift -
redhat certification_for_red_hat_enterprise_linux 8.0
redhat certification_for_red_hat_enterprise_linux 9.0
redhat cost_management -
redhat cryostat 2.0
redhat decision_manager 7.0
redhat fence_agents_remediation_operator -
redhat integration_camel_for_spring_boot -
redhat integration_camel_k -
redhat integration_service_registry -
redhat jboss_a-mq 7
redhat jboss_a-mq_streams -
redhat jboss_core_services -
redhat jboss_data_grid 7.0.0
redhat jboss_enterprise_application_platform 6.0.0
redhat jboss_enterprise_application_platform 7.0.0
redhat jboss_fuse 6.0.0
redhat jboss_fuse 7.0.0
redhat logging_subsystem_for_red_hat_openshift -
redhat machine_deletion_remediation_operator -
redhat migration_toolkit_for_applications 6.0
redhat migration_toolkit_for_containers -
redhat migration_toolkit_for_virtualization -
redhat network_observability_operator -
redhat node_healthcheck_operator -
redhat node_maintenance_operator -
redhat openshift -
redhat openshift_api_for_data_protection -
redhat openshift_container_platform 4.0
redhat openshift_container_platform_assisted_installer -
redhat openshift_data_science -
redhat openshift_dev_spaces -
redhat openshift_developer_tools_and_services -
redhat openshift_distributed_tracing -
redhat openshift_gitops -
redhat openshift_pipelines -
redhat openshift_sandboxed_containers -
redhat openshift_secondary_scheduler_operator -
redhat openshift_serverless -
redhat openshift_service_mesh 2.0
redhat openshift_virtualization 4
redhat openstack_platform 16.1
redhat openstack_platform 16.2
redhat openstack_platform 17.1
redhat process_automation 7.0
redhat quay 3.0.0
redhat run_once_duration_override_operator -
redhat satellite 6.0
redhat self_node_remediation_operator -
redhat service_interconnect 1.0
redhat single_sign-on 7.0
redhat support_for_spring_boot -
redhat web_terminal -
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat service_telemetry_framework 1.5
redhat enterprise_linux 8.0
fedoraproject fedora 37
fedoraproject fedora 38
netapp astra_control_center -
netapp oncommand_insight -
akka http_server *
konghq kong_gateway *
jenkins jenkins *
jenkins jenkins *
apache solr *
openresty openresty *
cisco connected_mobile_experiences *
cisco crosswork_data_gateway *
cisco crosswork_data_gateway 5.0
cisco crosswork_zero_touch_provisioning *
cisco data_center_network_manager -
cisco enterprise_chat_and_email -
cisco expressway *
cisco firepower_threat_defense *
cisco iot_field_network_director *
cisco prime_access_registrar *
cisco prime_cable_provisioning *
cisco prime_infrastructure *
cisco prime_network_registrar *
cisco secure_dynamic_attributes_connector *
cisco secure_malware_analytics *
cisco telepresence_video_communication_server *
cisco ultra_cloud_core_-_policy_control_function *
cisco ultra_cloud_core_-_policy_control_function 2024.01.0
cisco ultra_cloud_core_-_serving_gateway_function *
cisco ultra_cloud_core_-_session_management_function *
cisco unified_attendant_console_advanced -
cisco unified_contact_center_domain_manager -
cisco unified_contact_center_enterprise -
cisco unified_contact_center_enterprise_-_live_data_server *
cisco unified_contact_center_management_portal -
cisco fog_director *
cisco ios_xe *
cisco ios_xr *
cisco secure_web_appliance_firmware *
cisco secure_web_appliance -
cisco nx-os *
cisco nx-os *
cisco nexus_3016 -
cisco nexus_3016q -
cisco nexus_3048 -
cisco nexus_3064 -
cisco nexus_3064-32t -
cisco nexus_3064-t -
cisco nexus_3064-x -
cisco nexus_3064t -
cisco nexus_3064x -
cisco nexus_3100 -
cisco nexus_3100-v -
cisco nexus_3100-z -
cisco nexus_3100v -
cisco nexus_31108pc-v -
cisco nexus_31108pv-v -
cisco nexus_31108tc-v -
cisco nexus_31128pq -
cisco nexus_3132c-z -
cisco nexus_3132q -
cisco nexus_3132q-v -
cisco nexus_3132q-x -
cisco nexus_3132q-x\/3132q-xl -
cisco nexus_3132q-xl -
cisco nexus_3164q -
cisco nexus_3172 -
cisco nexus_3172pq -
cisco nexus_3172pq-xl -
cisco nexus_3172pq\/pq-xl -
cisco nexus_3172tq -
cisco nexus_3172tq-32t -
cisco nexus_3172tq-xl -
cisco nexus_3200 -
cisco nexus_3232 -
cisco nexus_3232c -
cisco nexus_3232c_ -
cisco nexus_3264c-e -
cisco nexus_3264q -
cisco nexus_3400 -
cisco nexus_3408-s -
cisco nexus_34180yc -
cisco nexus_34200yc-sm -
cisco nexus_3432d-s -
cisco nexus_3464c -
cisco nexus_3500 -
cisco nexus_3524 -
cisco nexus_3524-x -
cisco nexus_3524-x\/xl -
cisco nexus_3524-xl -
cisco nexus_3548 -
cisco nexus_3548-x -
cisco nexus_3548-x\/xl -
cisco nexus_3548-xl -
cisco nexus_3600 -
cisco nexus_36180yc-r -
cisco nexus_3636c-r -
cisco nx-os *
cisco nx-os *
cisco nexus_9000v -
cisco nexus_9200 -
cisco nexus_9200yc -
cisco nexus_92160yc-x -
cisco nexus_92160yc_switch -
cisco nexus_9221c -
cisco nexus_92300yc -
cisco nexus_92300yc_switch -
cisco nexus_92304qc -
cisco nexus_92304qc_switch -
cisco nexus_9232e -
cisco nexus_92348gc-x -
cisco nexus_9236c -
cisco nexus_9236c_switch -
cisco nexus_9272q -
cisco nexus_9272q_switch -
cisco nexus_9300 -
cisco nexus_93108tc-ex -
cisco nexus_93108tc-ex-24 -
cisco nexus_93108tc-ex_switch -
cisco nexus_93108tc-fx -
cisco nexus_93108tc-fx-24 -
cisco nexus_93108tc-fx3h -
cisco nexus_93108tc-fx3p -
cisco nexus_93120tx -
cisco nexus_93120tx_switch -
cisco nexus_93128 -
cisco nexus_93128tx -
cisco nexus_93128tx_switch -
cisco nexus_9316d-gx -
cisco nexus_93180lc-ex -
cisco nexus_93180lc-ex_switch -
cisco nexus_93180tc-ex -
cisco nexus_93180yc-ex -
cisco nexus_93180yc-ex-24 -
cisco nexus_93180yc-ex_switch -
cisco nexus_93180yc-fx -
cisco nexus_93180yc-fx-24 -
cisco nexus_93180yc-fx3 -
cisco nexus_93180yc-fx3h -
cisco nexus_93180yc-fx3s -
cisco nexus_93216tc-fx2 -
cisco nexus_93240tc-fx2 -
cisco nexus_93240yc-fx2 -
cisco nexus_9332c -
cisco nexus_9332d-gx2b -
cisco nexus_9332d-h2r -
cisco nexus_9332pq -
cisco nexus_9332pq_switch -
cisco nexus_93360yc-fx2 -
cisco nexus_9336c-fx2 -
cisco nexus_9336c-fx2-e -
cisco nexus_9336pq -
cisco nexus_9336pq_aci -
cisco nexus_9336pq_aci_spine -
cisco nexus_9336pq_aci_spine_switch -
cisco nexus_9348d-gx2a -
cisco nexus_9348gc-fx3 -
cisco nexus_9348gc-fxp -
cisco nexus_93600cd-gx -
cisco nexus_9364c -
cisco nexus_9364c-gx -
cisco nexus_9364d-gx2a -
cisco nexus_9372px -
cisco nexus_9372px-e -
cisco nexus_9372px-e_switch -
cisco nexus_9372px_switch -
cisco nexus_9372tx -
cisco nexus_9372tx-e -
cisco nexus_9372tx-e_switch -
cisco nexus_9372tx_switch -
cisco nexus_9396px -
cisco nexus_9396px_switch -
cisco nexus_9396tx -
cisco nexus_9396tx_switch -
cisco nexus_9408 -
cisco nexus_9432pq -
cisco nexus_9500 -
cisco nexus_9500_16-slot -
cisco nexus_9500_4-slot -
cisco nexus_9500_8-slot -
cisco nexus_9500_supervisor_a -
cisco nexus_9500_supervisor_a\+ -
cisco nexus_9500_supervisor_b -
cisco nexus_9500_supervisor_b\+ -
cisco nexus_9500r -
cisco nexus_9504 -
cisco nexus_9504_switch -
cisco nexus_9508 -
cisco nexus_9508_switch -
cisco nexus_9516 -
cisco nexus_9516_switch -
cisco nexus_9536pq -
cisco nexus_9636pq -
cisco nexus_9716d-gx -
cisco nexus_9736pq -
cisco nexus_9800 -
cisco nexus_9804 -
cisco nexus_9808 -



{
   cisaActionDue: "2023-10-31",
   cisaExploitAdd: "2023-10-10",
   cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "HTTP/2 Rapid Reset Attack Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5200E35-222B-42E0-83E0-5B702684D992",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3BDC297-F023-4E87-8518-B84CCF9DD6A8",
                     versionEndExcluding: "1.57.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D12D5257-7ED2-400F-9EF7-40E0D3650C2B",
                     versionEndExcluding: "4.1.100",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B058776-B5B7-4079-B0AF-23F40926DCEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D565975-EFD9-467C-B6E3-1866A4EF17A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D487271-1B5E-4F16-B0CB-A7B8908935C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4A6F189-6C43-462D-85C9-B0EBDA8A4683",
                     versionEndExcluding: "9.4.53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C993C920-85C0-4181-A95E-5D965A670738",
                     versionEndExcluding: "10.0.17",
                     versionStartIncluding: "10.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08E79A8E-E12C-498F-AF4F-1AAA7135661E",
                     versionEndExcluding: "11.0.17",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F138D800-9A3B-4C76-8A3C-4793083A1517",
                     versionEndExcluding: "12.0.2",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6341DDDA-AD27-4087-9D59-0A212F0037B4",
                     versionEndExcluding: "2.7.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "328120E4-C031-44B4-9BE5-03B0CDAA066F",
                     versionEndExcluding: "1.20.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A",
                     versionEndExcluding: "1.21.3",
                     versionStartIncluding: "1.21.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*",
                     matchCriteriaId: "D7D2F801-6F65-4705-BCB9-D057EA54A707",
                     versionEndExcluding: "0.17.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*",
                     matchCriteriaId: "801F25DA-F38C-4452-8E90-235A3B1A5FF0",
                     versionEndExcluding: "0.17.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D93F04AD-DF14-48AB-9F13-8B2E491CF42E",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7522C760-7E07-406F-BF50-5656D5723C4F",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A7F605E-EB10-40FB-98D6-7E3A95E310BC",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "783E62F2-F867-48F1-B123-D1227C970674",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6603ED6A-3366-4572-AFCD-B3D4B1EC7606",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "88978E38-81D3-4EFE-8525-A300B101FA69",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0510296F-92D7-4388-AE3A-0D9799C2FC4D",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7698D6C-B1F7-43C1-BBA6-88E956356B3D",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "05E452AA-A520-4CBE-8767-147772B69194",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "596FC5D5-7329-4E39-841E-CAE937C02219",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3C7A168-F370-441E-8790-73014BCEC39F",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF16FD01-7704-40AB-ACB2-80A883804D22",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1769D69A-CB59-46B1-89B3-FB97DC6DEB9B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9167FEC1-2C37-4946-9657-B4E69301FB24",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B4B3442-E0C0-48CD-87AD-060E15C9801E",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "20662BB0-4C3D-4CF0-B068-3555C65DD06C",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "59203EBF-C52A-45A1-B8DF-00E17E3EFB51",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8F39403-C259-4D6F-9E9A-53671017EEDB",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "220F2D38-FA82-45EF-B957-7678C9FEDBC1",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C698C1C-A3DD-46E2-B05A-12F2604E7F85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "922AA845-530A-4B4B-9976-4CBC30C8A324",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F938EB43-8373-47EB-B269-C6DF058A9244",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1771493E-ACAA-477F-8AB4-25DB12F6AD6E",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "87670A74-34FE-45DF-A725-25B804C845B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7E422F6-C4C2-43AC-B137-0997B5739030",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC3F710F-DBCB-4976-9719-CF063DA22377",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "67DB21AE-DF53-442D-B492-C4ED9A20B105",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C9FCBCB-9CE0-49E7-85C8-69E71D211912",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "112DFA85-90AD-478D-BD70-8C7C0C074F1B",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "21D51D9F-2840-4DEA-A007-D20111A1745C",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7BC1D037-74D2-4F92-89AD-C90F6CBF440B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FBCE2D1-9D93-415D-AB2C-2060307C305A",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8070B469-8CC4-4D2F-97D7-12D0ABB963C1",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A326597E-725D-45DE-BEF7-2ED92137B253",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B235A78-649B-46C5-B24B-AB485A884654",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "08B25AAB-A98C-4F89-9131-29E3A8C0ED23",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "98D2CE1E-DED0-470A-AA78-C78EF769C38E",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC36311E-BB00-4750-85C8-51F5A2604F07",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A65D357E-4B40-42EC-9AAA-2B6CEF78C401",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABBD10E8-6054-408F-9687-B9BF6375CA09",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6018B01-048C-43BB-A78D-66910ED60CA9",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "83794B04-87E2-4CA9-81F5-BB820D0F5395",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9EC2237-117F-43BD-ADEC-516CF72E04EF",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "29563719-1AF2-4BB8-8CCA-A0869F87795D",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D24815DD-579A-46D1-B9F2-3BB2C56BC54D",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A6E7035-3299-474F-8F67-945EA9A059D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0360F76D-E75E-4B05-A294-B47012323ED9",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A4607BF-41AC-4E84-A110-74E085FF0445",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "441CC945-7CA3-49C0-AE10-94725301E31D",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "969C4F14-F6D6-46D6-B348-FC1463877680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "41AD5040-1250-45F5-AB63-63F333D49BCC",
                     versionEndIncluding: "1.8.2",
                     versionStartIncluding: "1.5.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8257AA59-C14D-4EC1-B22C-DFBB92CBC297",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFF5007E-761C-4697-8D34-C064DF0ABE8D",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "910441D3-90EF-4375-B007-D51120A60AB2",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "667EB77B-DA13-4BA4-9371-EE3F3A109F38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A6F9699-A485-4614-8F38-5A556D31617E",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A90F547-97A2-41EC-9FDF-25F869F0FA38",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76E1B82-F1DC-4366-B388-DBDF16C586A0",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "660137F4-15A1-42D1-BBAC-99A1D5BB398B",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C446827A-1F71-4FAD-9422-580642D26AD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D47B7691-A95B-45C0-BAB4-27E047F3C379",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CD1637D-0E42-4928-867A-BA0FDB6E8462",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A599F90-F66B-4DF0-AD7D-D234F328BD59",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D1B2000-C3FE-4B4C-885A-A5076EB164E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A",
                     versionEndIncluding: "13.1.5",
                     versionStartIncluding: "13.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F",
                     versionEndIncluding: "14.1.5",
                     versionStartIncluding: "14.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6",
                     versionEndIncluding: "15.1.10",
                     versionStartIncluding: "15.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F",
                     versionEndIncluding: "16.1.4",
                     versionStartIncluding: "16.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8AB23AE6-245E-43D6-B832-933F8259F937",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1188B4A9-2684-413C-83D1-E91C75AE0FCF",
                     versionEndIncluding: "1.25.2",
                     versionStartIncluding: "1.9.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3337609D-5291-4A52-BC6A-6A8D4E60EB20",
                     versionEndIncluding: "2.4.2",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CF0ABD9-EB28-4966-8C31-EED7AFBF1527",
                     versionEndIncluding: "3.3.0",
                     versionStartIncluding: "3.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F291CB34-47A4-425A-A200-087CC295AEC8",
                     versionEndExcluding: "r29",
                     versionStartIncluding: "r25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*",
                     matchCriteriaId: "5892B558-EC3A-43FF-A1D5-B2D9F70796F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
                     matchCriteriaId: "96BF2B19-52C7-4051-BA58-CAE6F912B72F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B",
                     versionEndIncluding: "8.5.93",
                     versionStartIncluding: "8.5.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34",
                     versionEndIncluding: "9.0.80",
                     versionStartIncluding: "9.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0765CC3D-AB1A-4147-8900-EF4C105321F2",
                     versionEndIncluding: "10.1.13",
                     versionStartIncluding: "10.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
                     matchCriteriaId: "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
                     matchCriteriaId: "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "2AAD52CE-94F5-4F98-A027-9A7E68818CB6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "03A171AF-2EC8-4422-912C-547CDB58CAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "49350A6E-5E1D-45B2-A874-3B8601B3ADCC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "5F50942F-DF54-46C0-8371-9A476DD3EEA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "98792138-DD56-42DF-9612-3BDC65EEC117",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*",
                     matchCriteriaId: "08190072-3880-4EF5-B642-BA053090D95B",
                     versionEndExcluding: "1.28.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
                     matchCriteriaId: "5F4CDEA9-CB47-4881-B096-DA896E2364F3",
                     versionEndExcluding: "1.56.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*",
                     matchCriteriaId: "E65AF7BC-7DAE-408A-8485-FBED22815F75",
                     versionEndIncluding: "1.59.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
                     matchCriteriaId: "DD868DDF-C889-4F36-B5E6-68B6D9EA48CC",
                     versionEndExcluding: "1.58.3",
                     versionStartIncluding: "1.58.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*",
                     matchCriteriaId: "FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4496821E-BD55-4F31-AD9C-A3D66CBBD6BD",
                     versionEndExcluding: "6.0.23",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DF7ECF6-178D-433C-AA21-BAE9EF248F37",
                     versionEndExcluding: "7.0.12",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C3418F4-B8BF-4666-BB39-C188AB01F45C",
                     versionEndExcluding: "6.0.23",
                     versionStartIncluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA",
                     versionEndExcluding: "7.0.12",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314",
                     versionEndExcluding: "2023-10-08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "16A8F269-E07E-402F-BFD5-60F3988A5EAF",
                     versionEndExcluding: "17.2.20",
                     versionStartIncluding: "17.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8",
                     versionEndExcluding: "17.4.12",
                     versionStartIncluding: "17.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA5834D4-F52F-41C0-AA11-C974FFEEA063",
                     versionEndExcluding: "17.6.8",
                     versionStartIncluding: "17.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2166106F-ACD6-4C7B-B0CC-977B83CC5F73",
                     versionEndExcluding: "17.7.5",
                     versionStartIncluding: "17.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
                     matchCriteriaId: "4CD49C41-6D90-47D3-AB4F-4A74169D3A8F",
                     versionEndExcluding: "10.0.14393.6351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                     matchCriteriaId: "BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1",
                     versionEndExcluding: "10.0.14393.6351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E500D59C-6597-45E9-A57B-BE26C0C231D3",
                     versionEndExcluding: "10.0.17763.4974",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F9A643-90C6-489C-98A0-D2739CE72F86",
                     versionEndExcluding: "10.0.19044.3570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1814619C-ED07-49E0-A50A-E28D824D43BC",
                     versionEndExcluding: "10.0.19045.3570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "100A27D3-87B0-4E72-83F6-7605E3F35E63",
                     versionEndExcluding: "10.0.22000.2538",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C6A36795-0238-45C9-ABE6-3DCCF751915B",
                     versionEndExcluding: "10.0.22621.2428",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "C61F0294-5C7E-4DB2-8905-B85D0782F35F",
                     versionEndExcluding: "18.18.2",
                     versionStartIncluding: "18.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "69843DE4-4721-4F0A-A9B7-0F6DF5AAA388",
                     versionEndExcluding: "20.8.1",
                     versionStartIncluding: "20.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B25279EF-C406-4133-99ED-0492703E0A4E",
                     versionEndExcluding: "2023-10-11",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5",
                     versionEndExcluding: "2023-10-10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C",
                     versionEndExcluding: "2023.10.16.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDEB508E-0EBD-4450-9074-983DDF568AB4",
                     versionEndExcluding: "3.6.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "93A1A748-6C71-4191-8A16-A93E94E2CDE4",
                     versionEndExcluding: "8.1.9",
                     versionStartIncluding: "8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A",
                     versionEndExcluding: "9.2.3",
                     versionStartIncluding: "9.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F70360D-6214-46BA-AF82-6AB01E13E4E9",
                     versionEndExcluding: "2.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2DA759E-1AF8-49D3-A3FC-1B426C13CA82",
                     versionEndExcluding: "4.2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF",
                     versionEndExcluding: "1.17.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0C8E760-C8D2-483A-BBD4-6A6D292A3874",
                     versionEndExcluding: "1.18.3",
                     versionStartIncluding: "1.18.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7",
                     versionEndExcluding: "1.19.1",
                     versionStartIncluding: "1.19.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "050AE218-3871-44D6-94DA-12D84C2093CB",
                     versionEndExcluding: "2023-10-10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B36BFFB0-C0EC-4926-A1DB-0B711C846A68",
                     versionEndExcluding: "2.10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "376EAF9B-E994-4268-9704-0A45EA30270F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "F3D08335-C291-4623-B80C-3B14C4D1FA32",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*",
                     matchCriteriaId: "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*",
                     matchCriteriaId: "FC4C66B1-42C0-495D-AE63-2889DE0BED84",
                     versionEndExcluding: "2023-10-11",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*",
                     matchCriteriaId: "8633E263-F066-4DD8-A734-90207207A873",
                     versionEndIncluding: "2.12.5",
                     versionStartIncluding: "2.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*",
                     matchCriteriaId: "34A23BD9-A0F4-4D85-8011-EAC93C29B4E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*",
                     matchCriteriaId: "27ED3533-A795-422F-B923-68BE071DC00D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*",
                     matchCriteriaId: "45F7E352-3208-4188-A5B1-906E00DF9896",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*",
                     matchCriteriaId: "DF89A8AD-66FE-439A-B732-CAAB304D765B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A400C637-AF18-4BEE-B57C-145261B65DEC",
                     versionEndExcluding: "1.26.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "653A5B08-0D02-4362-A8B1-D00B24C6C6F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0FD736A-8730-446A-BA3A-7B608DB62B0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4C504B6-3902-46E2-82B7-48AEC9CDD48D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D54F5AE-61EC-4434-9D5F-9394A3979894",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E37E1B3-6F68-4502-85D6-68333643BDFF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D5A7736-A403-4617-8790-18E46CB74DA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F13B03-69BF-4A8B-A0A0-7F47FD857461",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9393119E-F018-463F-9548-60436F104195",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC45EE1E-2365-42D4-9D55-92FA24E5ED3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E567CD9F-5A43-4D25-B911-B5D0440698F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "68146098-58F8-417E-B165-5182527117C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB4D6790-63E5-4043-B8BE-B489D649061D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "78698F40-0777-4990-822D-02E1B5D0E2C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B87C8AD3-8878-4546-86C2-BF411876648C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF03BDE8-602D-4DEE-BA5B-5B20FDF47741",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*",
                     matchCriteriaId: "A58966CB-36AF-4E64-AB39-BE3A0753E155",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "585BC540-073B-425B-B664-5EA4C00AFED6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "72A54BDA-311C-413B-8E4D-388AD65A170A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A305F012-544E-4245-9D69-1C8CD37748B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF93A27E-AA2B-4C2E-9B8D-FE7267847326",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B12A3A8-6456-481A-A0C9-524543FCC149",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C2E7E3C-A507-4AB2-97E5-4944D8775CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E22EBF9-AA0D-4712-9D69-DD97679CE835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "941B114C-FBD7-42FF-B1D8-4EA30E99102C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "339CFB34-A795-49F9-BF6D-A00F3A1A4F63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D044DBE-6F5A-4C53-828E-7B1A570CACFF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*",
                     matchCriteriaId: "65203CA1-5225-4E55-A187-6454C091F532",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7BF8EFFB-5686-4F28-A68F-1A8854E098CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DA9B2E2-958B-478D-87D6-E5CDDCD44315",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "97321212-0E07-4CC2-A917-7B5F61AB9A5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF390236-3259-4C8F-891C-62ACC4386CD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0AAA300-691A-4957-8B69-F6888CC971B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "45937289-2D64-47CB-A750-5B4F0D4664A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B129311C-EB4B-4041-B85C-44D5E53FCAA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1AB54DB-3FB4-41CB-88ED-1400FD22AB85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "77675CB7-67D7-44E9-B7FF-D224B3341AA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C877879-B84B-471C-80CF-0656521CA8AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E315FC5C-FF19-43C9-A58A-CF2A5FF13824",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "20A6B40D-F991-4712-8E30-5FE008505CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1987BDA-0113-4603-B9BE-76647EB043F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "848C92A9-0677-442B-8D52-A448F2019903",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F564701-EDC1-43CF-BB9F-287D6992C6CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "12B0CF2B-D1E1-4E20-846E-6F0D873499A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8885C2C-7FB8-40CA-BCB9-B48C50BF2499",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A903C3AD-2D25-45B5-BF4A-A5BEB2286627",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC5EBD2A-32A3-46D5-B155-B44DCB7F6902",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2792650-851F-4820-B003-06A4BEA092D7",
                     versionEndExcluding: "10.5.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F6B63B9-F4C9-4A3F-9310-E0918E1070D1",
                     versionEndExcluding: "3.4.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "E6FF5F80-A991-43D4-B49F-D843E2BC5798",
                     versionEndIncluding: "2.414.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "54D25DA9-12D0-4F14-83E6-C69D0293AAB9",
                     versionEndIncluding: "2.427",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E1AFFB9-C717-4727-B0C9-5A0C281710E2",
                     versionEndExcluding: "9.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "25C85001-E0AB-4B01-8EE7-1D9C77CD956E",
                     versionEndExcluding: "1.21.4.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F98F9D27-6659-413F-8F29-4FDB0882AAC5",
                     versionEndExcluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C98BF315-C563-47C2-BAD1-63347A3D1008",
                     versionEndExcluding: "4.1.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "705CBA49-21C9-4400-B7B9-71CDF9F97D8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA2BE0F1-DD16-4876-8EBA-F187BD38B159",
                     versionEndExcluding: "6.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "796B6C58-2140-4105-A2A1-69865A194A75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEA99DC6-EA03-469F-A8BE-7F96FDF0B333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6560DBF4-AFE6-4672-95DE-74A0B8F4170A",
                     versionEndExcluding: "x14.3.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "84785919-796D-41E5-B652-6B5765C81D4A",
                     versionEndExcluding: "7.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E",
                     versionEndExcluding: "4.11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD",
                     versionEndExcluding: "9.3.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FE2F959-1084-48D1-B1F1-8182FC9862DD",
                     versionEndExcluding: "7.2.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F",
                     versionEndExcluding: "3.10.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BB6B48E-EA36-40A0-96D0-AF909BEC1147",
                     versionEndExcluding: "11.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CBED844-7F94-498C-836D-8593381A9657",
                     versionEndExcluding: "2.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510",
                     versionEndExcluding: "2.19.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "358FA1DC-63D3-49F6-AC07-9E277DD0D9DA",
                     versionEndExcluding: "x14.3.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFF2D182-7599-4B81-B56B-F44EDA1384C0",
                     versionEndExcluding: "2024.01.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4868BCCA-24DE-4F24-A8AF-B3A545C0396E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A",
                     versionEndExcluding: "2024.02.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEC75F99-C7F0-47EB-9032-C9D3A42EBA20",
                     versionEndExcluding: "2024.02.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6638F4E-16F7-447D-B755-52640BCB1C61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC34F742-530E-4AB4-8AFC-D1E088E256B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E22AD683-345B-4E16-BB9E-E9B1783E09AD",
                     versionEndExcluding: "12.6.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2955BEE9-F567-4006-B96D-92E10FF84DB4",
                     versionEndExcluding: "1.22",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "67502878-DB20-4410-ABA0-A1C5705064CD",
                     versionEndExcluding: "17.15.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "177DED2D-8089-4494-BDD9-7F84FC06CD5B",
                     versionEndExcluding: "7.11.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54A29FD3-4128-4333-8445-A7DD04A6ECF6",
                     versionEndExcluding: "15.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "67074526-9933-46B3-9FE3-A0BE73C5E8A7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9",
                     versionEndExcluding: "10.2\\(7\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88",
                     versionEndExcluding: "10.3\\(5\\)",
                     versionStartIncluding: "10.3\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "528ED62B-D739-4E06-AC64-B506FD73BBAB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C10D85-88AC-4A79-8866-BED88A0F8DF8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "09AC2BAD-F536-48D0-A2F0-D4E290519EB6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F4E8EE4-031D-47D3-A12E-EE5F792172EE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8FF2EC4-0C09-4C00-9956-A2A4A894F63D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D14D4B4E-120E-4607-A4F1-447C7BF3052E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "15702ACB-29F3-412D-8805-E107E0729E35",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E930332-CDDD-48D5-93BC-C22D693BBFA2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "29B34855-D8D2-4114-80D2-A4D159C62458",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4226DA0-9371-401C-8247-E6E636A116C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7664666F-BCE4-4799-AEEA-3A73E6AD33F4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3DBBFE9-835C-4411-8492-6006E74BAC65",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3293438-3D18-45A2-B093-2C3F65783336",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C97C29EE-9426-4BBE-8D84-AB5FF748703D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E142C18F-9FB5-4D96-866A-141D7D16CAF7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F43B770-D96C-44EA-BC12-9F39FC4317B9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7817F4E6-B2DA-4F06-95A4-AF329F594C02",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CED628B5-97A8-4B26-AA40-BEC854982157",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7BB9DD73-E31D-4921-A6D6-E14E04703588",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EFC116A-627F-4E05-B631-651D161217C8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4532F513-0543-4960-9877-01F23CA7BA1B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B43502B-FD53-465A-B60F-6A359C6ACD99",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "32A532C0-B0E3-484A-B356-88970E7D0248",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C84D24C-2256-42AF-898A-221EBE9FE1E4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "652A2849-668D-4156-88FB-C19844A59F33",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D008CA1C-6F5A-40EA-BB12-A9D84D5AF700",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "24FBE87B-8A4F-43A8-98A3-4A7D9C630937",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ACD09AC-8B28-4ACB-967B-AB3D450BC137",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43913A0E-50D5-47DD-94D8-DD3391633619",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D397349-CCC6-479B-9273-FB1FFF4F34F2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC7286A7-780F-4A45-940A-4AD5C9D0F201",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA52D5C1-13D8-4D23-B022-954CCEF491F1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F7AF8D7-431B-43CE-840F-CC0817D159C0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8E1073F-D374-4311-8F12-AD8C72FAA293",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F80A72-AD54-4699-B8AE-82715F0B58E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E505C0B1-2119-4C6A-BF96-C282C633D169",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "088C0323-683A-44F5-8D42-FF6EC85D080E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "74CB4002-7636-4382-B33E-FBA060A13C34",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "915EF8F6-6039-4DD0-B875-30D911752B74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "10CEBF73-3EE0-459A-86C5-F8F6243FE27C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "97217080-455C-48E4-8CE1-6D5B9485864F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "57572E4A-78D5-4D1A-938B-F05F01759612",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9",
                     versionEndExcluding: "10.2\\(7\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88",
                     versionEndExcluding: "10.3\\(5\\)",
                     versionStartIncluding: "10.3\\(1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "532CE4B0-A3C9-4613-AAAF-727817D06FB4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "24CA1A59-2681-4507-AC74-53BD481099B9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4283E433-7F8C-4410-B565-471415445811",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFB9FDE8-8533-4F65-BF32-4066D042B2F7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F80AB6FB-32FD-43D7-A9F1-80FA47696210",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AA5389A-8AD1-476E-983A-54DF573C30F5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5B2E4C1-2627-4B9D-8E92-4B483F647651",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1B1A8F1-45B1-4E64-A254-7191FA93CB6D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83DA8BFA-D7A2-476C-A6F5-CAE610033BC2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "557ED31C-C26A-4FAE-8B14-D06B49F7F08B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "11411BFD-3F4D-4309-AB35-A3629A360FB0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB2FFD26-8255-4351-8594-29D2AEFC06EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E663DE91-C86D-48DC-B771-FA72A8DF7A7C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E10975-B47E-4F4D-8096-AEC7B7733612",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A90184B3-C82F-4CE5-B2AD-97D5E4690871",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "40E40F42-632A-47DF-BE33-DC25B826310B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "16C64136-89C2-443C-AF7B-BED81D3DE25A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBEF7F26-BB47-44BD-872E-130820557C23",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "182000E0-8204-4D8B-B7DE-B191AFE12E28",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDC208BC-7E19-48C6-A20E-A79A51B7362C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "102F91CD-DFB6-43D4-AE5B-DA157A696230",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E952A96A-0F48-4357-B7DD-1127D8827650",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "084D0191-563B-4FF0-B589-F35DA118E1C6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7DB6FC5-762A-4F16-AE8C-69330EFCF640",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F70D81F1-8B12-4474-9060-B4934D8A3873",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5394DE31-3863-4CA9-B7B1-E5227183100D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "968390BC-B430-4903-B614-13104BFAE635",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7349D69B-D8FA-4462-AA28-69DD18A652D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE4BB834-2C00-4384-A78E-AF3BCDDC58AF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CE49B45-F2E9-491D-9C29-1B46E9CE14E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BFAD21E-59EE-4CCE-8F1E-621D2EA50905",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "91231DC6-2773-4238-8C14-A346F213B5E5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DF88547-BAF4-47B0-9F60-80A30297FCEB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "02C3CE6D-BD54-48B1-A188-8E53DA001424",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "498991F7-39D6-428C-8C7D-DD8DC72A0346",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "113772B6-E9D2-4094-9468-3F4E1A87D07D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7B90D36-5124-4669-8462-4EAF35B0F53D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C45A38D6-BED6-4FEF-AD87-A1E813695DE0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1FC2B1F-232E-4754-8076-CC82F3648730",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F1127D2-12C0-454F-91EF-5EE334070D06",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D6EB963-E0F2-4A02-8765-AB2064BE19E9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "785FD17C-F32E-4042-9DDE-A89B3AAE0334",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEAAF99B-5406-4722-81FB-A91CBAC2DF41",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73DC1E93-561E-490C-AE0E-B02BAB9A7C8E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CF467E2-4567-426E-8F48-39669E0F514C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "63842B25-8C32-4988-BBBD-61E9CB09B4F3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "68EA1FEF-B6B6-49FE-A0A4-5387F76303F8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "40D6DB7F-C025-4971-9615-73393ED61078",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4364ADB9-8162-451D-806A-B98924E6B2CF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53BCB42-ED61-4FCF-8068-CB467631C63C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "737C724A-B6CD-4FF7-96E0-EBBF645D660E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7067AEC7-DFC8-4437-9338-C5165D9A8F36",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "49E0371B-FDE2-473C-AA59-47E1269D050F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "489D11EC-5A18-4F32-BC7C-AC1FCEC27222",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "71D4CF15-B293-4403-A1A9-96AD3933BAEF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBCC1515-2DBE-4DF2-8E83-29A869170F36",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7282AAFF-ED18-4992-AC12-D953C35EC328",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA022E77-6557-4A33-9A3A-D028E2DB669A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "360409CC-4172-4878-A76B-EA1C1F8C7A79",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8D5D5E2-B40B-475D-9EF3-8441016E37E9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "63BE0266-1C00-4D6A-AD96-7F82532ABAA7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73F59A4B-AE92-4533-8EDC-D1DD850309FF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "492A2C86-DD38-466B-9965-77629A73814F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FB7AA46-4018-4925-963E-719E1037F759",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "31B9D1E4-10B9-4B6F-B848-D93ABF6486D6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB270C45-756E-400A-979F-D07D750C881A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E8A085C-2DBA-4269-AB01-B16019FBB4DA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A79DD582-AF68-44F1-B640-766B46EF2BE2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B04484DA-AA59-4833-916E-6A8C96D34F0D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D07B5399-44C7-468D-9D57-BB5B5E26CE50",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B76FB64F-16F0-4B0B-B304-B46258D434BA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E02DC82-0D26-436F-BA64-73C958932B0A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E128053-834B-4DD5-A517-D14B4FC2B56F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "163743A1-09E7-4EC5-8ECA-79E4B9CE173B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE340E4C-DC48-4FC8-921B-EE304DB5AE0A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C367BBE0-D71F-4CB5-B50E-72B033E73FE1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85E1D224-4751-4233-A127-A041068C804A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD31B075-01B1-429E-83F4-B999356A0EB9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3284D16F-3275-4F8D-8AE4-D413DE19C4FA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
      },
      {
         lang: "es",
         value: "El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023.",
      },
   ],
   id: "CVE-2023-44487",
   lastModified: "2024-12-20T17:40:52.067",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2023-10-10T14:15:10.883",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/13/4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/13/9",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/18/4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/18/8",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/19/6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/20/8",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2023-44487",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Technical Description",
         ],
         url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://blog.vespa.ai/cve-2023-44487/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Technical Description",
         ],
         url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Technical Description",
         ],
         url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/Azure/AKS/issues/3947",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/Kong/kong/discussions/11741",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://github.com/advisories/GHSA-vx74-f528-fxqg",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/akka/akka-http/issues/4323",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/alibaba/tengine/issues/1872",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/apache/apisix/issues/10320",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/apache/httpd-site/pull/10",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
            "Third Party Advisory",
         ],
         url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/apache/trafficserver/pull/10564",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/bcdannyboy/CVE-2023-44487",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/caddyserver/caddy/issues/5877",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Mitigation",
         ],
         url: "https://github.com/dotnet/announcements/issues/277",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
            "Release Notes",
         ],
         url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/eclipse/jetty.project/issues/10679",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/envoyproxy/envoy/pull/30055",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/etcd-io/etcd/issues/16740",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/facebook/proxygen/pull/466",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/golang/go/issues/63417",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/grpc/grpc-go/pull/6703",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/h2o/h2o/pull/3291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/haproxy/haproxy/issues/2312",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/junkurihara/rust-rpxy/issues/97",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/kazu-yamamoto/http2/issues/93",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/kubernetes/kubernetes/pull/121120",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/line/armeria/pull/5232",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/micrictor/http2-rst-stream",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/microsoft/CBL-Mariner/pull/6381",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/nghttp2/nghttp2/pull/1961",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/ninenines/cowboy/issues/1615",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/nodejs/node/pull/50121",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/openresty/openresty/issues/930",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/opensearch-project/data-prepper/issues/3474",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/oqtane/oqtane.framework/discussions/3367",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/projectcontour/contour/pull/5826",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/tempesta-tech/tempesta/issues/1986",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/varnishcache/varnish-cache/issues/3996",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Release Notes",
         ],
         url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://istio.io/latest/news/security/istio-security-2023-004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://my.f5.com/manage/s/article/K000137106",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://netty.io/news/2023/10/10/4-1-100-Final.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=37830987",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=37830998",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=37831062",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=37837043",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202311-09",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20231016-0001/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240426-0007/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240621-0007/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://security.paloaltonetworks.com/CVE-2023-44487",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://ubuntu.com/security/CVE-2023-44487",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.debian.org/security/2023/dsa-5521",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.debian.org/security/2023/dsa-5522",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.debian.org/security/2023/dsa-5540",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.debian.org/security/2023/dsa-5549",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.debian.org/security/2023/dsa-5558",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5570",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mitigation",
         ],
         url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2023/10/10/6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/13/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/13/9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/18/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/18/8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/19/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/10/20/8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2023-44487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Vendor Advisory",
         ],
         url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://blog.vespa.ai/cve-2023-44487/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Vendor Advisory",
         ],
         url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Vendor Advisory",
         ],
         url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/Azure/AKS/issues/3947",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/Kong/kong/discussions/11741",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Patch",
         ],
         url: "https://github.com/advisories/GHSA-vx74-f528-fxqg",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/akka/akka-http/issues/4323",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/alibaba/tengine/issues/1872",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/apache/apisix/issues/10320",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/apache/httpd-site/pull/10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/apache/trafficserver/pull/10564",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/bcdannyboy/CVE-2023-44487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://github.com/caddyserver/caddy/issues/5877",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://github.com/dotnet/announcements/issues/277",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/eclipse/jetty.project/issues/10679",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/envoyproxy/envoy/pull/30055",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/etcd-io/etcd/issues/16740",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/facebook/proxygen/pull/466",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/golang/go/issues/63417",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/grpc/grpc-go/pull/6703",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/h2o/h2o/pull/3291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/haproxy/haproxy/issues/2312",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/junkurihara/rust-rpxy/issues/97",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/kazu-yamamoto/http2/issues/93",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/kubernetes/kubernetes/pull/121120",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/line/armeria/pull/5232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/micrictor/http2-rst-stream",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/microsoft/CBL-Mariner/pull/6381",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/nghttp2/nghttp2/pull/1961",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/ninenines/cowboy/issues/1615",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/nodejs/node/pull/50121",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/openresty/openresty/issues/930",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/opensearch-project/data-prepper/issues/3474",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/oqtane/oqtane.framework/discussions/3367",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/projectcontour/contour/pull/5826",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/tempesta-tech/tempesta/issues/1986",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/varnishcache/varnish-cache/issues/3996",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://istio.io/latest/news/security/istio-security-2023-004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://my.f5.com/manage/s/article/K000137106",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://netty.io/news/2023/10/10/4-1-100-Final.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=37830987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Press/Media Coverage",
         ],
         url: "https://news.ycombinator.com/item?id=37830998",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=37831062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=37837043",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202311-09",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20231016-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240426-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240621-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://security.paloaltonetworks.com/CVE-2023-44487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://ubuntu.com/security/CVE-2023-44487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5521",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5522",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5540",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5549",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5558",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5570",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2023/10/10/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-18 16:15
Modified
2024-11-21 04:34
Summary
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.
Impacted products
Vendor Product Version
redhat openshift 4.0
redhat openshift 4.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1936DEA-6470-48CA-9FE1-B16448554ACE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.",
      },
      {
         lang: "es",
         value: "Durante la instalación de un clúster de OpenShift versión 4, la herramienta de línea de comando \"openshift-install\" crea un directorio \"auth\", con los archivos \"kubeconfig\" y \"kubeadmin-password\". Ambos archivos contienen credenciales usadas para autenticarse en el servidor de la API OpenShift, y se les asignaron permisos world-readable inapropiadamente. ose-installer como es incluido en Openshift versión 4.2 es vulnerable.",
      },
   ],
   id: "CVE-2019-19335",
   lastModified: "2024-11-21T04:34:35.973",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 0.8,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-18T16:15:11.677",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-16 20:59
Modified
2024-11-21 02:26
Severity ?
Summary
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "87068B16-A915-42BE-AFF0-9B23EF1FD2A7",
                     versionEndIncluding: "1.580.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB5428DD-A289-4554-8874-2EEB47DD72E9",
                     versionEndIncluding: "1.599",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.",
      },
      {
         lang: "es",
         value: "La secuencia de comandos del filtro de combinación Groovy en Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 permite a usuarios remotos autenticados con permisos de configuración de trabajo obtener privilegios y ejecutar código arbitrario en el maestro a través de vectores no especificados.",
      },
   ],
   id: "CVE-2015-1806",
   lastModified: "2024-11-21T02:26:11.113",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-10-16T20:59:04.527",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-02-03 18:59
Modified
2024-11-21 02:36
Summary
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 2.0
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCFC646A-BA70-404D-9DE1-EE758455546E",
                     versionEndIncluding: "1.639",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de CSRF en Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que tienen un impacto no especificado a través de vectores relacionados con el método HTTP GET.",
      },
   ],
   id: "CVE-2015-7537",
   lastModified: "2024-11-21T02:36:56.310",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-02-03T18:59:02.007",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-04-11 21:59
Modified
2024-11-21 02:36
Summary
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
Impacted products
Vendor Product Version
kubernetes kubernetes *
redhat openshift 3.0
redhat openshift 3.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:kubernetes:kubernetes:*:alpha.4:*:*:*:*:*:*",
                     matchCriteriaId: "EE0A7C28-C2DF-4AFE-9F81-BA38AC6ADA9B",
                     versionEndIncluding: "1.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.",
      },
      {
         lang: "es",
         value: "Kubernetes en versiones anteriores a 1.2.0-alpha.5 permite a atacantes remotos leer logs de pod arbitrarios a través de un nombre de contenedor.",
      },
   ],
   id: "CVE-2015-7528",
   lastModified: "2024-11-21T02:36:55.863",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-11T21:59:09.337",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2615.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2015:2544",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/kubernetes/kubernetes/pull/17886",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openshift/origin/pull/6113",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2615.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2015:2544",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/kubernetes/kubernetes/pull/17886",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openshift/origin/pull/6113",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-11 16:15
Modified
2024-11-21 02:01
Summary
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
Impacted products
Vendor Product Version
redhat openshift 1.0
redhat openshift 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.",
      },
      {
         lang: "es",
         value: "OpenShift presenta fallos de inyección de comandos de shell debido a que los datos no saneados son pasados a los comandos de shell.",
      },
   ],
   id: "CVE-2014-0163",
   lastModified: "2024-11-21T02:01:30.963",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-11T16:15:10.417",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2014-0163",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2014-0163",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-04-07 23:59
Modified
2024-11-21 02:42
Severity ?
Summary
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
Impacted products
Vendor Product Version
jenkins jenkins 1.642.1
jenkins jenkins *
redhat openshift 3.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:1.642.1:*:*:*:lts:*:*:*",
                     matchCriteriaId: "8B87EA57-C12B-4329-B969-2867803D0BA0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C",
                     versionEndIncluding: "1.649",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.",
      },
      {
         lang: "es",
         value: "El módulo remoting en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permite a atacantes remotos ejecutar código arbitrario abriendo un listener JRMP.",
      },
   ],
   id: "CVE-2016-0788",
   lastModified: "2024-11-21T02:42:23.037",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-07T23:59:00.083",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-20 15:15
Modified
2024-11-21 05:11
Summary
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 3.11



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "56FBB37B-F320-4355-B695-08251CCBE6EF",
                     versionEndExcluding: "4.3",
                     versionStartIncluding: "4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
      },
      {
         lang: "es",
         value: "Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en openshift/mediawiki. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios.",
      },
   ],
   id: "CVE-2020-1709",
   lastModified: "2024-11-21T05:11:12.993",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-20T15:15:13.717",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 17:59
Modified
2024-11-21 02:50
Summary
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
Impacted products
Vendor Product Version
redhat openshift 3.1
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 3.2 y 3.1 no valida correctamente el origen de una petición cuando el acceso anónimo está concedido para una API service/proxy o pod/proxy para un pod específico, lo que permite a atacantes remotos acceder a credenciales de la API en el explorador web localStorage a través de un token de acceso en el parámetro query.",
      },
   ],
   id: "CVE-2016-3703",
   lastModified: "2024-11-21T02:50:32.157",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.6,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T17:59:04.703",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1094",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1095",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1095",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-19 01:15
Modified
2024-11-21 08:08
Summary
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A7E8F79-818A-48A9-85EF-C288C9B498CD",
                     versionEndIncluding: "21.0.7.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AD41BDB-D7C2-408F-A62E-B0B232D1B5AA",
                     versionEndIncluding: "23.0.5",
                     versionStartIncluding: "23.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "826E2455-8E66-44DE-8247-6941587E9031",
                     versionEndIncluding: "21.0.7.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4401320-D4FC-4BB4-B282-870E5B5C3AAD",
                     versionEndIncluding: "23.0.5",
                     versionStartIncluding: "23.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E487A1C-74C8-4AEF-A0CF-2088EB4AE7AE",
                     versionEndIncluding: "21.0.7.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA019BF9-1C55-4719-8124-C5620E8BB20B",
                     versionEndIncluding: "23.0.5",
                     versionStartIncluding: "23.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level.  IBM X-Force ID:  259368.",
      },
   ],
   id: "CVE-2023-35900",
   lastModified: "2024-11-21T08:08:57.160",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-19T01:15:10.747",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259368",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7010895",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259368",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7010895",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-15 15:15
Modified
2024-11-21 02:01
Summary
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
Impacted products
Vendor Product Version
redhat openshift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution",
      },
      {
         lang: "es",
         value: "OpenShift: el script de instalación tiene una vulnerabilidad de creación de archivos temporales que puede resultar en la ejecución de código arbitrario",
      },
   ],
   id: "CVE-2014-0023",
   lastModified: "2024-11-21T02:01:11.917",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-15T15:15:11.873",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2014-0023",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2014-0023",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-668",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-16 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B",
                     versionEndIncluding: "1.565.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C",
                     versionEndIncluding: "1.582",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/READ obtener el valor por defecto para el campo password de un trabajo parametrizado leyendo el DOM.",
      },
   ],
   id: "CVE-2014-3680",
   lastModified: "2024-11-21T02:08:38.370",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-16T19:55:08.190",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-16 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B",
                     versionEndIncluding: "1.565.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C",
                     versionEndIncluding: "1.582",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/CONFIGURE eludir las restricciones destinadas y crear o destruir trabajos arbitrarios a través de vectores no especificados.",
      },
   ],
   id: "CVE-2014-3663",
   lastModified: "2024-11-21T02:08:36.277",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-16T19:55:08.017",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-01-08 19:29
Modified
2024-11-21 01:55
Summary
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
Impacted products
Vendor Product Version
redhat openshift 1.0
redhat openshift 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.",
      },
      {
         lang: "es",
         value: "(1) oo-analytics-export y (2) oo-analytics-import en el paquete openshift-origin-broker-util en Red Hat OpenShift Enterprise 1 y 2 permiten que los usuarios locales provoquen un impacto sin especificar mediante un ataque symlink en un archivo no especificado en /tmp.",
      },
   ],
   id: "CVE-2013-4364",
   lastModified: "2024-11-21T01:55:25.813",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-01-08T19:29:00.190",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1009734",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1009734",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-09-10 14:29
Modified
2024-11-21 02:57
Summary
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
Impacted products
Vendor Product Version
kubernetes kubernetes -
redhat openshift 3.1
redhat openshift 3.2
redhat openshift 3.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "14C32308-314D-4E0D-B15F-6A68DF21E9F9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "84C890EC-229B-458B-AEF7-EA03C6248A25",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.",
      },
      {
         lang: "es",
         value: "Se ha descubierto que Kubernetes, tal y como se emplea en Openshift Enterprise 3, no valida los campos de nombre del host del certificado intermediario de cliente X.509. Un atacante podría emplear este error para omitir los requisitos de autenticación mediante el uso de un certificado X.509 especialmente manipulado",
      },
   ],
   id: "CVE-2016-7075",
   lastModified: "2024-11-21T02:57:24.557",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-09-10T14:29:00.800",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:2064",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/kubernetes/kubernetes/issues/34517",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:2064",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/kubernetes/kubernetes/issues/34517",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-295",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-24 21:55
Modified
2024-11-21 01:45
Severity ?
Summary
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Impacted products
Vendor Product Version
redhat openshift 1.0
redhat openshift_origin *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*",
                     matchCriteriaId: "6D63189E-7BFC-438B-A583-1901BBC15CF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F4086F4-8220-4036-B579-047F501BD5FD",
                     versionEndIncluding: "1.0.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.",
      },
      {
         lang: "es",
         value: "node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos ejecutar comandos arbitrarios mediante un uuid falsificado en el PATH_INFO.",
      },
   ],
   id: "CVE-2012-5646",
   lastModified: "2024-11-21T01:45:02.310",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-02-24T21:55:00.957",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.osvdb.org/89431",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/57189",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=888518",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openshift/origin-server/pull/1017",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/89431",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/57189",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=888518",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openshift/origin-server/pull/1017",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 17:59
Modified
2024-11-21 02:50
Summary
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
Impacted products
Vendor Product Version
redhat openshift 3.2
redhat openshift_origin -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "01B75475-8415-46F8-A5B8-323527336611",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the \"OPENSHIFT_[namespace]_SERVERID\" cookie.",
      },
      {
         lang: "es",
         value: "HAproxy en Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permite a usuarios locales obtener la dirección IP interna de un pod leyendo la cookie \"OPENSHIFT_[namespace]_SERVERID\".",
      },
   ],
   id: "CVE-2016-3711",
   lastModified: "2024-11-21T02:50:33.090",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 3.3,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T17:59:06.737",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1064",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openshift/origin/pull/8334",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1064",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openshift/origin/pull/8334",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-05 18:15
Modified
2024-11-21 07:26
Summary
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB4AA531-9AC9-417B-B732-6FEBFEB0F363",
                     versionEndExcluding: "21.0.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CD1565F-23A8-4EB0-A3C6-A528C8CA2444",
                     versionEndExcluding: "21.0.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3912ED0-7480-4FCC-A645-700F2E0C3394",
                     versionEndExcluding: "21.0.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects.  IBM X-Force ID:  238678.",
      },
      {
         lang: "es",
         value: "IBM Robotic Process Automation 20.12 a 21.0.6 es vulnerable a la exposición del nombre y el correo electrónico del creador/modificador de objetos a nivel de plataforma. ID de IBM X-Force: 238678.",
      },
   ],
   id: "CVE-2022-43573",
   lastModified: "2024-11-21T07:26:48.887",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.1,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 1.4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-05T18:15:08.807",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238678",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6852655",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238678",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6852655",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-04-26 03:15
Modified
2024-11-21 07:13
Summary
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.
Impacted products
Vendor Product Version
ibm cloud_pak_for_data 4.5
ibm cloud_pak_for_data 4.6
redhat openshift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_data:4.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DBAEB61-F9C1-40D9-9952-13DC12622ED3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_data:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F462804-1CB4-406E-A14A-FD6EF173A5D5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.\n\n",
      },
   ],
   id: "CVE-2022-36769",
   lastModified: "2024-11-21T07:13:40.033",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-26T03:15:08.663",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6980959",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6980959",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-77",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-434",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-09-01 21:15
Modified
2024-11-21 07:00
Summary
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.
Impacted products
Vendor Product Version
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "06161168-9C83-4BA0-9451-7433AD38C43A",
                     versionStartIncluding: "4.9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.",
      },
      {
         lang: "es",
         value: "Se ha encontrado un filtrado de credenciales en OpenShift Container Platform. La clave privada del certificado del clúster externo es almacenada de forma incorrecta en el ConfigMaps oauth-serving-cert, y era accesible para cualquier usuario o cuenta de servicio autenticada de OpenShift. Un usuario malicioso podría aprovechar este fallo al leer el ConfigMap de oauth-serving-cert en el espacio de nombres openshift-config-managed, comprometiendo cualquier tráfico web asegurado con ese certificado",
      },
   ],
   id: "CVE-2022-2403",
   lastModified: "2024-11-21T07:00:55.253",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-09-01T21:15:09.497",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2022-2403",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101959",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2022-2403",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101959",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-497",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-668",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-24 22:55
Modified
2024-11-21 01:46
Severity ?
Summary
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift_origin 1.0.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:-:enterprise:*:*:*:*:*",
                     matchCriteriaId: "7D4E1F6B-34CD-4926-88A3-E440846BF387",
                     versionEndIncluding: "1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D94C104-7375-4D23-97F7-E9B861A70E1C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.",
      },
      {
         lang: "es",
         value: "La función \"lockwrap\" en port-proxy/bin/openshift-port-proxy-cfg en Red Hat OpenShift Origin anterior a v1.1 permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp.",
      },
   ],
   id: "CVE-2013-0164",
   lastModified: "2024-11-21T01:46:58.533",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 3.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-02-24T22:55:01.300",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=893307",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openshift/origin-server/pull/1136",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=893307",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openshift/origin-server/pull/1136",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-02-08 00:55
Modified
2024-11-21 02:05
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C95E20C-E8E5-4177-B6CC-C7AAB9874B3F",
                     versionEndIncluding: "1.3.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A25DABC8-9172-45BA-929A-09787D8C83B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D277410-4FC8-4A41-AA03-264545655F26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "1186EF88-A330-4053-A373-8246126769D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9CDB3F9E-9B3C-4A59-A7F5-9009502953E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "08278232-6FB5-4C56-95E7-5EA381D838BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "32D2DCB7-7D13-4E62-B0B4-133196CE887B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5EA9387-77FF-4764-9E3E-80132C6F93F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEA98F4C-7E6E-470F-B1AE-9FBA1FB3FE16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C7307B1-1C05-4644-8CEC-4256E08D3513",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A05848DC-A88C-4287-90A3-2ADE07A94D60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "51F0A114-122D-4ECA-B70E-CF9D04E6B215",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6B5C2BE-AC6A-4793-881C-5EDD290B3762",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DE8972F-6679-4735-83FD-2F4A0770C9AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "771CCAFF-D346-4276-BA20-6D5F2311356A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE7C02A2-2591-4DA0-8373-595379E77C06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A68C7E5F-A832-41F4-B9D4-F9B09524ABD4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades de XSS en ZeroClipboard.swf en ZeroClipboard anterior a 1.3.2, mantenido por Jon Rohan y James M. Greene, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con ciertos parámetros de consulta SWF (también conocido como loaderInfo.parameters).",
      },
   ],
   id: "CVE-2014-1869",
   lastModified: "2024-11-21T02:05:10.740",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2014-02-08T00:55:06.207",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/56821",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/65484",
      },
      {
         source: "cve@mitre.org",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/zeroclipboard/zeroclipboard/pull/335",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2",
      },
      {
         source: "cve@mitre.org",
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/56821",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/65484",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/zeroclipboard/zeroclipboard/pull/335",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-07-06 16:15
Modified
2024-11-21 06:22
Summary
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Impacted products
Vendor Product Version
gnu grub2 *
redhat developer_tools 1.0
redhat openshift 3.0
redhat enterprise_linux 8.0
redhat enterprise_linux 8.1
redhat enterprise_linux 8.4
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_for_power_little_endian_eus 9.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_tus 8.6
redhat openshift_container_platform 4.6
redhat openshift_container_platform 4.9
redhat openshift_container_platform 4.10
redhat enterprise_linux 8.0
redhat codeready_linux_builder -
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 9.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B798FFCB-4972-436F-ADB4-8DA325089773",
                     versionEndExcluding: "2.12",
                     versionStartIncluding: "2.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "60937D60-6B78-400F-8D30-7FCF328659A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "62C4B3B6-7452-49AF-8981-737FE929FF97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF30E57A-97EA-4A44-8404-6AE4F058B44D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DAD1E4A-B22F-432C-97C8-D91D286535F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B62E762-2878-455A-93C9-A5DB430D7BB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "81609549-25CE-4C8A-9DE3-170D23704208",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CD81C46-328B-412D-AF4E-68A2AD2F1A73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",
      },
      {
         lang: "es",
         value: "Una imagen JPEG diseñada puede conllevar que el lector de JPEG desborde su puntero de datos, permitiendo que los datos controlados por el usuario sean escritos en la pila. Para que sea realizado con éxito, el atacante necesita llevar a cabo un triaje sobre la disposición de la pila y llevar a cabo una imagen con un formato y carga útil maliciosos. Esta vulnerabilidad puede conllevar a una corrupción de datos y la eventual ejecución de código o la omisión del arranque seguro. Este fallo afecta a grub2 versiones anteriores a grub-2.12",
      },
   ],
   id: "CVE-2021-3697",
   lastModified: "2024-11-21T06:22:10.820",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-06T16:15:08.320",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-12",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-10-17 16:15
Modified
2024-11-21 03:32
Summary
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance.
Impacted products
Vendor Product Version
redhat openshift 3.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called \"MyProject\", and then later deletes it another user can then create a project called \"MyProject\" and access the metrics stored from the original \"MyProject\" instance.",
      },
      {
         lang: "es",
         value: "Se presenta una vulnerabilidad de comprobación de entrada en Openshift Enterprise debido a un mapeo 1:1 de inquilinos en Hawkular Metrics y proyectos/espacios de nombres en OpenShift. Si un usuario crea un proyecto llamado \"MyProject\", y más tarde lo elimina, otro usuario puede crear un proyecto llamado \"MyProject\" y acceder a las métricas almacenadas de la instancia original \"MyProject\"",
      },
   ],
   id: "CVE-2017-7517",
   lastModified: "2024-11-21T03:32:03.550",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-17T16:15:14.710",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2017-7517",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1470414",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2017-7517",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1470414",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-02-03 18:59
Modified
2024-11-21 02:36
Summary
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift 2.0
redhat openshift 3.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCFC646A-BA70-404D-9DE1-EE758455546E",
                     versionEndIncluding: "1.639",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.",
      },
      {
         lang: "es",
         value: "The Plugins Manager in Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 no verifica sumas de comprobación para archivos de plugin referenciados en datos del sitio de actualización, lo que facilita a atacantes man-in-the-middle ejecutar código arbitrario a través de un plugin manipulado.",
      },
   ],
   id: "CVE-2015-7539",
   lastModified: "2024-11-21T02:36:56.530",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.6,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-02-03T18:59:03.900",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-345",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-09 14:29
Modified
2024-11-21 03:59
Summary
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.
Impacted products
Vendor Product Version
redhat openshift 3.7



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2D9724B7-D99B-4376-B1B5-5CE5F336D767",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 3.7 es vulnerable a un reemplazo del control de acceso para los sistemas de archivos de red de contenedor. Un atacante podría reemplazar UserId y GroupId en GlusterFS y NFS para leer y escribir cualquier dato en el sistema de archivos de red.",
      },
   ],
   id: "CVE-2018-1069",
   lastModified: "2024-11-21T03:59:06.897",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:A/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-09T14:29:00.217",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103364",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mitigation",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1552987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103364",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mitigation",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1552987",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-02-11 19:29
Modified
2024-11-21 04:45
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://packetstormsecurity.com/files/163339/Docker-Container-Escape.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/03/23/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/10/24/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/10/29/3Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/01/31/6
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/02/01/1
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/02/02/3
cve@mitre.orghttp://www.securityfocus.com/bid/106976Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0303Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0304Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0401Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0408Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0975Third Party Advisory
cve@mitre.orghttps://access.redhat.com/security/cve/cve-2019-5736Third Party Advisory
cve@mitre.orghttps://access.redhat.com/security/vulnerabilities/runcescapeThird Party Advisory
cve@mitre.orghttps://aws.amazon.com/security/security-bulletins/AWS-2019-002/Third Party Advisory
cve@mitre.orghttps://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/Patch, Third Party Advisory, Vendor Advisory
cve@mitre.orghttps://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/Patch, Third Party Advisory, Vendor Advisory
cve@mitre.orghttps://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.htmlExploit, Mitigation, Third Party Advisory
cve@mitre.orghttps://brauner.github.io/2019/02/12/privileged-containers.htmlExploit, Technical Description, Third Party Advisory
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1121967Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runcThird Party Advisory
cve@mitre.orghttps://github.com/Frichetten/CVE-2019-5736-PoCExploit, Third Party Advisory
cve@mitre.orghttps://github.com/docker/docker-ce/releases/tag/v18.09.2Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558bPatch, Third Party Advisory
cve@mitre.orghttps://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40dPatch, Third Party Advisory
cve@mitre.orghttps://github.com/q3k/cve-2019-5736-pocExploit, Third Party Advisory
cve@mitre.orghttps://github.com/rancher/runc-cveThird Party Advisory
cve@mitre.orghttps://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
cve@mitre.orghttps://security.gentoo.org/glsa/202003-21Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190307-0008/Third Party Advisory
cve@mitre.orghttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944Third Party Advisory
cve@mitre.orghttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_usPermissions Required
cve@mitre.orghttps://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003Exploit, Patch, Third Party Advisory
cve@mitre.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runcThird Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4048-1/Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/46359/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.exploit-db.com/exploits/46369/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2019/02/11/2Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://www.synology.com/security/advisory/Synology_SA_19_06Third Party Advisory
cve@mitre.orghttps://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/163339/Docker-Container-Escape.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/03/23/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/10/24/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/10/29/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/01/31/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/02/01/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/02/02/3
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106976Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0303Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0304Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0401Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2019-5736Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/vulnerabilities/runcescapeThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://aws.amazon.com/security/security-bulletins/AWS-2019-002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.htmlExploit, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://brauner.github.io/2019/02/12/privileged-containers.htmlExploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1121967Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runcThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Frichetten/CVE-2019-5736-PoCExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/docker/docker-ce/releases/tag/v18.09.2Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558bPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40dPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/q3k/cve-2019-5736-pocExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/rancher/runc-cveThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-21Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190307-0008/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_usPermissions Required
af854a3a-2127-422b-91ae-364da2661108https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runcThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4048-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/46359/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/46369/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2019/02/11/2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/security/advisory/Synology_SA_19_06Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A367C4FA-18DF-402F-B120-254B35F73BD1",
                     versionEndExcluding: "18.09.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5",
                     versionEndIncluding: "0.1.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "949172CC-EBB5-47F6-B987-207C802EED0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*",
                     matchCriteriaId: "093326B1-448C-4E3B-886D-CAC8B6813BFF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*",
                     matchCriteriaId: "F672C421-789D-4F21-B483-DA3EB251BA1D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "48FAFDE5-1E73-4874-8F2E-3C74B1955096",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9955945-7509-4542-BF83-B7BA0B4D8D05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "55349BC5-90EC-4954-8CEB-3C37D34742C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C2EB454-D0C9-47FC-B727-1D61A8811967",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AF77BB2-6F7A-408A-9F54-60F1F53B3709",
                     versionEndExcluding: "3.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "41FF9E5A-7BD1-477E-9875-8525FD87B13F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA0695E0-954A-4533-9D93-58257E9EA6D5",
                     versionEndExcluding: "1.4.3",
                     versionStartIncluding: "1.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51B8DF0-FCE4-42A7-A582-0476226C6188",
                     versionEndExcluding: "1.5.3",
                     versionStartIncluding: "1.5.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "01878119-E05A-469B-B49D-5D19082CED28",
                     versionEndExcluding: "1.6.2",
                     versionStartIncluding: "1.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AB1BB7C-46A1-4676-9D15-D75EC1E4594C",
                     versionEndExcluding: "1.7.2",
                     versionStartIncluding: "1.7.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "632B24FA-F2D6-42B0-87C7-7F142E15EFC7",
                     versionEndExcluding: "2.2.0-1.13.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AD20FA7-737F-47C0-B2AC-735438253AA9",
                     versionEndExcluding: "1.10.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E5AE03E-3AC4-4439-9D0D-45E097B2552C",
                     versionEndExcluding: "1.11.9",
                     versionStartIncluding: "1.10.11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2F3078E-08E0-4C76-A7A3-A93B953BEDD5",
                     versionEndExcluding: "1.12.1",
                     versionStartIncluding: "1.11.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DCFB2E7-D769-4365-9B99-952907563749",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*",
                     matchCriteriaId: "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*",
                     matchCriteriaId: "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "82C0FD9D-6117-40DE-9386-7327867F9615",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
      },
      {
         lang: "es",
         value: "runc, hasta la versión 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, así, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gestión incorrecta del descriptor de archivos; esto está relacionado con /proc/self/exe.",
      },
   ],
   id: "CVE-2019-5736",
   lastModified: "2024-11-21T04:45:24.603",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-02-11T19:29:00.297",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/03/23/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/06/28/2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/07/06/3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/07/06/4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/10/24/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/10/29/3",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2024/01/31/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2024/02/01/1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2024/02/02/3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106976",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0303",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0304",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0401",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0408",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0975",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2019-5736",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/vulnerabilities/runcescape",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://brauner.github.io/2019/02/12/privileged-containers.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Frichetten/CVE-2019-5736-PoC",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/q3k/cve-2019-5736-poc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/rancher/runc-cve",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-21",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190307-0008/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Permissions Required",
         ],
         url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4048-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46359/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46369/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2019/02/11/2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_19_06",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/03/23/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/06/28/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/07/06/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/07/06/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/10/24/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/10/29/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/01/31/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/02/01/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/02/02/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106976",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0304",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0401",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0408",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0975",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2019-5736",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/vulnerabilities/runcescape",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://brauner.github.io/2019/02/12/privileged-containers.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Frichetten/CVE-2019-5736-PoC",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/q3k/cve-2019-5736-poc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/rancher/runc-cve",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-21",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190307-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4048-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46359/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46369/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2019/02/11/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_19_06",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-09-26 01:29
Modified
2024-11-21 02:22
Summary
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
Impacted products
Vendor Product Version
redhat openshift 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.",
      },
      {
         lang: "es",
         value: "selinux-policy tal y como está incluido en Red Hat OpenShift 2 permite que los atacantes obtengan información de la lista de procesos mediante un ataque de escalado de privilegios.",
      },
   ],
   id: "CVE-2015-0238",
   lastModified: "2024-11-21T02:22:37.517",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 3.3,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-09-26T01:29:00.380",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2015-0238",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1184739",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2015-0238",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1184739",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-06-19 16:29
Modified
2024-11-21 03:04
Summary
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:enterprise_virtualization_server:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFF9DC60-E34F-4C00-B8E2-E18DD34EACB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:libffi_project:libffi:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F474529-750F-4D6B-B2F5-3722B26C27EC",
                     versionEndExcluding: "3.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "80B456D2-0880-4A30-94A0-DA40634642FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:peopletools:8.57:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6F1E1EF-B5D0-4984-A628-AB3A56DD67A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.",
      },
      {
         lang: "es",
         value: "libffi solicita una pila ejecutable que permite que los atacantes desencadenen con más facilidad la ejecución de código arbitrario sobrescribiendo la pila. Se debe tener en cuenta que libffi es empleado por otras bibliotecas. Antes se dijo que esto afecta a la versión 3.2.1 de libffi, pero parece ser incorrecto. libffi en versiones anteriores a la 3.1 en sistemas x86 de 32 bits era vulnerable y se cree que upstream ha solucionado este problema en la versión 3.1.",
      },
   ],
   id: "CVE-2017-1000376",
   lastModified: "2024-11-21T03:04:35.167",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-06-19T16:29:00.577",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2017/dsa-3889",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2017-1000376",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2017/dsa-3889",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2017-1000376",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-22 22:15
Modified
2024-11-21 08:14
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC8BCB15-DD67-4718-9F68-ED2FA305AFEF",
                     versionEndIncluding: "21.0.7.1",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4566224-2998-4D20-9874-1572E283B06D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:23.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9D9A7903-4609-4E30-96DE-C18472700A8A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory.  IBM X-Force ID:  262481.\n\n",
      },
   ],
   id: "CVE-2023-38734",
   lastModified: "2024-11-21T08:14:08.457",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.6,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.7,
            impactScore: 5.9,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-22T22:15:08.570",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262481",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7028227",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262481",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7028227",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:42
Summary
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "55349BC5-90EC-4954-8CEB-3C37D34742C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AA943DD-23CD-48FD-A33B-9E4DC7AE9D80",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "28C5BBDA-B4F3-40A2-9F0A-75CF4C276769",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "6684D268-7B46-4672-8C9B-8719F2DC701F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C19A2957-C915-4376-A4B5-87F4039BFD93",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.",
      },
      {
         lang: "es",
         value: "Se presenta una vulnerabilidad en el mecanismo garbage collection de atomic-openshift. Un atacante capaz de suplantar el UUID de un objeto válido de otro espacio de nombres es capaz de eliminar elementos secundarios de esos objetos. Versiones 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 y 4.1 están afectadas.",
      },
   ],
   id: "CVE-2019-3884",
   lastModified: "2024-11-21T04:42:47.677",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 3.6,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
               version: "3.0",
            },
            exploitabilityScore: 1,
            impactScore: 2.5,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-08-01T14:15:13.190",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-290",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-16 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
Impacted products
Vendor Product Version
redhat openshift *
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C",
                     versionEndIncluding: "1.582",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B",
                     versionEndIncluding: "1.565.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado para el canal de CLI.",
      },
   ],
   id: "CVE-2014-3666",
   lastModified: "2024-11-21T02:08:36.630",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-16T19:55:08.050",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 17:59
Modified
2024-11-21 02:47
Summary
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
Impacted products
Vendor Product Version
redhat openshift 3.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 3.1 utiliza permisos de lectura para todos en el archivo de configuración /etc/origin/master/master-config.yaml, lo que permite a usuarios locales obtener credenciales del Active Directory leyendo el archivo.",
      },
   ],
   id: "CVE-2016-2142",
   lastModified: "2024-11-21T02:47:53.840",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T17:59:00.127",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1038",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1038",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-10 16:15
Modified
2024-11-21 07:53
Summary
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_data:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "91FB8BA8-11F7-42C3-9BBB-2980142B40FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:watson_cp4d_data_stores:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D13ADA7D-F9F2-4D8B-85D3-1AF6D6CD8221",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service.  IBM X-Force ID:  248924.",
      },
   ],
   id: "CVE-2023-27540",
   lastModified: "2024-11-21T07:53:07.683",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-10T16:15:49.943",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248924",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7009883",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248924",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7009883",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-03 14:15
Modified
2024-11-21 01:51
Summary
OpenShift cartridge allows remote URL retrieval
Impacted products
Vendor Product Version
redhat openshift 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenShift cartridge allows remote URL retrieval",
      },
      {
         lang: "es",
         value: "El cartucho de OpenShift permite la recuperación remota de la URL.",
      },
   ],
   id: "CVE-2013-2103",
   lastModified: "2024-11-21T01:51:02.360",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-03T14:15:09.967",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2013-2103",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2013-2103",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 2.0
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos listar el contenido de directorio y leer archivos arbitrarios en los recursos de servlet Jenkins servlet a través de secuencias de salto de directorio en una petición de jnlpJars/.",
      },
   ],
   id: "CVE-2015-5322",
   lastModified: "2024-11-21T02:32:47.580",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-25T20:59:13.510",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-09-30 17:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE236FAA-CBC7-49D6-934B-55CA67F0AE95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F15C8979-996E-44AE-BDF9-98BA5F1B3C41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "96168F0A-20FD-4F59-A4AC-0430276583AD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.",
      },
      {
         lang: "es",
         value: "IBM Cloud Pak for Security (CP4S) versiones 1.7.0.0, 1.7.1.0, 1.7.2.0 y 1.8.0.0, podría permitir a un atacante llevar a cabo acciones no autorizadas debido a controles de autenticación inapropiados o ausentes. IBM X-Force ID: 199282",
      },
   ],
   id: "CVE-2021-20578",
   lastModified: "2024-11-21T05:46:48.433",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.5,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-09-30T17:15:07.723",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6493729",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6493729",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-16 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Impacted products
Vendor Product Version
redhat openshift *
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C",
                     versionEndIncluding: "1.582",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B",
                     versionEndIncluding: "1.565.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 no previene adecuadamente la descarga de plugins, lo que permite a usuarios remotos autenticados con el permiso Overall/READ obtener información sensible leyendo el código del plugin.",
      },
   ],
   id: "CVE-2014-3667",
   lastModified: "2024-11-21T02:08:36.740",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-16T19:55:08.097",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-13 13:15
Modified
2024-11-21 02:01
Severity ?
Summary
mcollective has a default password set at install
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:puppet:marionette_collective:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD29A508-E9F1-4D6F-ACD6-795F20F8DE2F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*",
                     matchCriteriaId: "6D63189E-7BFC-438B-A583-1901BBC15CF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "mcollective has a default password set at install",
      },
      {
         lang: "es",
         value: "mcollective presenta una contraseña predeterminada establecida en la instalación.",
      },
   ],
   id: "CVE-2014-0175",
   lastModified: "2024-11-21T02:01:33.783",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-13T13:15:10.820",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2014-0175",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2014-0175",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2014-0175",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2014-0175",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-798",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-16 20:59
Modified
2024-11-21 02:26
Severity ?
Summary
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "87068B16-A915-42BE-AFF0-9B23EF1FD2A7",
                     versionEndIncluding: "1.580.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB5428DD-A289-4554-8874-2EEB47DD72E9",
                     versionEndIncluding: "1.599",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 permite a usuarios remotos autenticados provocar una denegación de servicio (plug-in indebido e instalación de herramienta) a través del centro de datos actualizado manipulado.",
      },
   ],
   id: "CVE-2015-1808",
   lastModified: "2024-11-21T02:26:11.347",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 3.5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-10-16T20:59:07.637",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-02-01 18:15
Modified
2024-11-21 07:27
Summary
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4BF8AF2-0047-4E43-AEDF-0D4D54446876",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "37215CD7-7390-4BCD-AA3A-E1B233875147",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B9B1A13B-7F98-44A6-9933-A0052E93D7F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9816F05C-8D57-48AD-9E64-907CDB24D612",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C7B481C-86B1-44B0-AB68-48C1739B0DB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACA125F0-42C5-40E2-A63D-FDE0444A7D32",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "984C0CFE-21D0-498B-B326-A3AB50C8602B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B61BDF7-D688-49CC-9D96-A625BBF95E5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583.",
      },
   ],
   id: "CVE-2022-43922",
   lastModified: "2024-11-21T07:27:21.977",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-02-01T18:15:10.453",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6857807",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6857807",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-326",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-07-06 16:15
Modified
2024-11-21 06:22
Summary
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Impacted products
Vendor Product Version
gnu grub2 *
fedoraproject fedora 36
redhat developer_tools 1.0
redhat openshift 3.0
redhat enterprise_linux 8.0
redhat enterprise_linux 8.1
redhat enterprise_linux 8.4
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_for_power_little_endian_eus 9.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_tus 8.6
redhat openshift_container_platform 4.6
redhat openshift_container_platform 4.9
redhat openshift_container_platform 4.10
redhat enterprise_linux 8.0
redhat codeready_linux_builder -
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 9.0
netapp ontap_select_deploy_administration_utility -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B798FFCB-4972-436F-ADB4-8DA325089773",
                     versionEndExcluding: "2.12",
                     versionStartIncluding: "2.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "60937D60-6B78-400F-8D30-7FCF328659A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "62C4B3B6-7452-49AF-8981-737FE929FF97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF30E57A-97EA-4A44-8404-6AE4F058B44D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DAD1E4A-B22F-432C-97C8-D91D286535F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B62E762-2878-455A-93C9-A5DB430D7BB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "81609549-25CE-4C8A-9DE3-170D23704208",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CD81C46-328B-412D-AF4E-68A2AD2F1A73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.",
      },
      {
         lang: "es",
         value: "Una imagen PNG en escala de grises de 16 bits diseñada puede conllevar a una escritura fuera de límites en el área de la pila. Un atacante puede aprovecharse de ello para causar corrupción de datos de la pila o, eventualmente, la ejecución de código arbitrario y omitir las protecciones de arranque seguro. Este problema presenta una alta complejidad para ser explotado, ya que un atacante necesita llevar a cabo algún tipo de triage sobre la disposición de la pila para conseguir resultados significativos, además los valores escritos en la memoria son repetidos tres veces seguidas dificultando la producción de cargas útiles válidas. Este fallo afecta a grub2 versiones anteriores a grub-2.12",
      },
   ],
   id: "CVE-2021-3695",
   lastModified: "2024-11-21T06:22:10.483",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 4.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 3.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-06T16:15:08.210",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-12",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-02-19 15:15
Modified
2024-11-21 01:46
Summary
Nokogiri before 1.5.4 is vulnerable to XXE attacks



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB203B5A-2979-4C08-8E90-EEA32EE5ACB0",
                     versionEndExcluding: "1.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7098B44F-56BF-42E3-8831-48D0A8E99EE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1802FDB8-C919-4D5E-A8AD-4C5B72525090",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "31EC146C-A6F6-4C0D-AF87-685286262DAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack_foreman:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C77E4AD2-8BB5-427E-90BA-CB43B3684179",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "848C92A9-0677-442B-8D52-A448F2019903",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0E2C740-099C-427F-846D-951A2A1BF07E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C60FA8B1-1802-4522-A088-22171DCF7A93",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Nokogiri before 1.5.4 is vulnerable to XXE attacks",
      },
      {
         lang: "es",
         value: "Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE.",
      },
   ],
   id: "CVE-2012-6685",
   lastModified: "2024-11-21T01:46:40.347",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-19T15:15:11.723",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/sparklemotion/nokogiri/issues/693",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/sparklemotion/nokogiri/issues/693",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-776",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift *
redhat openshift 2.0
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 utiliza un salt de acceso público para generar tokens de protección CSRF, lo que hace que sea más fácil para atacantes remotos eludir el mecanismo de protección CSRF a través de un ataque de fuerza bruta.",
      },
   ],
   id: "CVE-2015-5318",
   lastModified: "2024-11-21T02:32:47.127",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-11-25T20:59:09.103",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-09-18 14:59
Modified
2024-11-21 02:32
Severity ?
Summary
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
Impacted products
Vendor Product Version
redhat openshift 2.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "A4287FC6-3313-49B1-9F2D-87309354F51D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en rubygem-openshift-origin-console en Red Hat OpenShift 2.2, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de una petición manipulada solicitada al Broker.",
      },
   ],
   id: "CVE-2015-5274",
   lastModified: "2024-11-21T02:32:41.687",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-09-18T14:59:01.333",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2015-1808.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2015-1808.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-77",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-17 21:15
Modified
2024-11-21 07:36
Summary
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
Impacted products
Vendor Product Version
redhat openshift 4.11



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "275413B5-6C5D-4125-9396-0DAE614887E8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.",
      },
      {
         lang: "es",
         value: "Se informó del ataque de cumpleaños contra la falla de cifrado de bloques de 64 bits (CVE-2016-2183) para el puerto de controles de estado (9979) en el componente etcd grpc-proxy. Aunque el CVE-2016-2183 se corrigió en los componentes de etcd, para permitir comprobaciones periódicas de estado de kubelet, fue necesario abrir un nuevo puerto (9979) en etcd grpc-proxy, por lo que este puerto podría considerarse todavía vulnerables al mismo tipo de vulnerabilidad. Las comprobaciones de estado en etcd grpc-proxy no contienen datos confidenciales (solo datos de métricas), por lo que el impacto potencial relacionado con esta vulnerabilidad es mínimo. Se asignó el CVE-2023-0296 a este problema para rastrear la solución permanente en el componente etcd.",
      },
   ],
   id: "CVE-2023-0296",
   lastModified: "2024-11-21T07:36:55.047",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-17T21:15:15.273",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161287",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161287",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-09-30 17:15
Modified
2024-11-21 06:01
Summary
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE236FAA-CBC7-49D6-934B-55CA67F0AE95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F15C8979-996E-44AE-BDF9-98BA5F1B3C41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "96168F0A-20FD-4F59-A4AC-0430276583AD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.",
      },
      {
         lang: "es",
         value: "IBM Cloud Pak for Security (CP4S) versiones 1.7.0.0, 1.7.1.0, 1.7.2.0 y 1.8.0.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 207320",
      },
   ],
   id: "CVE-2021-29894",
   lastModified: "2024-11-21T06:01:57.890",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-09-30T17:15:07.780",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6493729",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6493729",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2024-11-21 06:36
Summary
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.
Impacted products
Vendor Product Version
redhat openshift 4.9



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "0189F456-4CE5-4E94-83F9-9EC636C72F18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.",
      },
      {
         lang: "es",
         value: "La versión de OpenShift 4.9.6, incluía cuatro correcciones de CVE para el paquete haproxy, sin embargo faltaba el parche para CVE-2021-39242. Este problema solo afecta a Red Hat OpenShift versión 4.9",
      },
   ],
   id: "CVE-2021-4047",
   lastModified: "2024-11-21T06:36:47.670",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-04-11T20:15:16.437",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027881",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027881",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-11-13 21:32
Modified
2024-11-21 02:08
Severity ?
Summary
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B6B266CF-DDC0-421D-A36D-F123241E69B3",
                     versionEndIncluding: "2.1.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.1:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "7405F776-4F1C-467A-AC66-5AABBE43411B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.2:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "437AB2B0-0175-4E48-A1A5-6723C97F3253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.3:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "BA5E9EB2-607B-43A7-A75F-CA171529B9E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.4:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "582D97B4-ADBC-485D-B00F-AD9F3566F711",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "AB204392-8CE0-4B3B-9399-F6B83EB9006F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "7D84F1EB-5654-4B52-92E3-5DA10F97CA39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "A463CF4B-2010-4AB5-9275-020BF53B5FA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C6C0F050-48C7-4AFB-9DB3-A60C7E3501C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "459F1262-B8B0-475E-A7F2-0913FEE6F715",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "732EE887-EB12-492F-A4E4-3F441BB92C8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "34ACA7BA-8DB2-4645-9FF1-DB88195FFD2C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "A87A0BC7-F7D0-4090-992A-C26942FD82DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "81360600-BF69-4078-A6E6-EE6606391924",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise anterior a 2.2 no restringe debidamente el acceso a gears, lo que permite a atacantes remotos acceder a los recursos de red de gears arbitrarios a través de vectores no especificados.",
      },
   ],
   id: "CVE-2014-3674",
   lastModified: "2024-11-21T02:08:37.697",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-11-13T21:32:03.560",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-05-08 18:29
Modified
2024-11-21 03:23
Summary
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift 2.0
redhat openshift 3.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F1F48E96-6C2B-4773-98A4-BFF626A0811F",
                     versionEndExcluding: "2.32.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4595374-F7F2-43D5-BB78-37E8377B1E45",
                     versionEndExcluding: "2.44",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a la 2.44, 2.32.2 es vulnerable a una exposición de información en la API interna que permite el acceso a los nombres de los elementos que no deberían ser visibles (SECURITY-380). Esto solo afecta a los usuarios anónimos (otros usuarios tienen acceso legítimo) que podrían obtener una lista de los elementos mediante un UnprotectedRootAction.",
      },
   ],
   id: "CVE-2017-2611",
   lastModified: "2024-11-21T03:23:49.673",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-05-08T18:29:00.310",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95956",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://jenkins.io/security/advisory/2017-02-01/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/95956",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://jenkins.io/security/advisory/2017-02-01/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-358",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-11-16 11:59
Modified
2024-11-21 02:01
Severity ?
Summary
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
Impacted products
Vendor Product Version
redhat openshift 2.0
redhat openshift 2.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 2.0 y 2.1 y OpenShift Origin permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de meta-caracteres de shell en el nombre del directorio referenciado por un cartucho (cartridge), usando el fichero : URI scheme.",
      },
   ],
   id: "CVE-2014-0233",
   lastModified: "2024-11-21T02:01:43.313",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-11-16T11:59:01.603",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0529.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0530.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1096955",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0529.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0530.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1096955",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-04-07 23:59
Modified
2024-11-21 02:42
Severity ?
Summary
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
Impacted products
Vendor Product Version
redhat openshift 3.1
jenkins jenkins *
jenkins jenkins 1.642.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C",
                     versionEndIncluding: "1.649",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:1.642.1:*:*:*:lts:*:*:*",
                     matchCriteriaId: "8B87EA57-C12B-4329-B969-2867803D0BA0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 no utiliza un algoritmo de tiempo constante para verificar tokens CSRF, lo que hace más fácil para atacantes remotos eludir el mecanismo de protección CSRF a través de una aproximación por fuerza bruta.",
      },
   ],
   id: "CVE-2016-0791",
   lastModified: "2024-11-21T02:42:23.403",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-07T23:59:02.863",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-16 20:59
Modified
2024-11-21 02:26
Severity ?
Summary
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
Impacted products
Vendor Product Version
jenkins jenkins 1.596.1
redhat openshift *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:1.596.1:*:*:*:lts:*:*:*",
                     matchCriteriaId: "1A0564DB-E5C6-459E-B9A0-557A81F92BC0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "26836BE3-EB42-4460-81A7-5249801BA67D",
                     versionEndIncluding: "1.605",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.",
      },
      {
         lang: "es",
         value: "El servicio de emisión de token de API en Jenkins en versiones anteriores a 1.606 y LTS en versiones anteriores a 1.596.2 permite a atacantes remotos obtener privilegios a través de un \"cambio forzado de token de API\" involucrando a usuarios anónimos.",
      },
   ],
   id: "CVE-2015-1814",
   lastModified: "2024-11-21T02:26:12.077",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-10-16T20:59:11.747",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-19 16:15
Modified
2024-11-21 06:01
Summary
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.
Impacted products
Vendor Product Version
ibm security_risk_manager_on_cp4s 1.7.0.0
redhat openshift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:security_risk_manager_on_cp4s:1.7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EDEBA6A-AD58-4068-A879-DCDE46DDE0A2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.",
      },
      {
         lang: "es",
         value: "IBM Security Risk Manager on CP4S versión 1.7.0.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. IBM X-Force ID: 207828",
      },
   ],
   id: "CVE-2021-29912",
   lastModified: "2024-11-21T06:01:58.893",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-19T16:15:07.683",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6505283",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6505283",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift *
redhat openshift 2.0
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de XSS en la página de vista general de esclavos en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través del mensaje de estado del esclavo fuera de línea.",
      },
   ],
   id: "CVE-2015-5326",
   lastModified: "2024-11-21T02:32:48.030",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-11-25T20:59:18.217",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-04-07 23:59
Modified
2024-11-21 02:42
Summary
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift 3.1
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "4203742F-66F7-4877-ABF8-EB304E114191",
                     versionEndIncluding: "1.642.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C",
                     versionEndIncluding: "1.649",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección CRLF en la documentación de comando de la CLI en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de vectores no especificados.",
      },
   ],
   id: "CVE-2016-0789",
   lastModified: "2024-11-21T02:42:23.153",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-04-07T23:59:01.050",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0711",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-06-27 19:15
Modified
2024-11-21 07:45
Summary
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5BAAF00-D394-4243-807A-A6D41125EC4B",
                     versionEndIncluding: "21.0.7.3",
                     versionStartIncluding: "21.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F513AA2B-F457-408B-8D5F-EBE657439000",
                     versionEndIncluding: "23.0.3",
                     versionStartIncluding: "23.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges.  IBM X-Force ID:  244074.\n\n",
      },
   ],
   id: "CVE-2023-22593",
   lastModified: "2024-11-21T07:45:01.570",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.4,
            impactScore: 2.5,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-06-27T19:15:09.187",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7006001",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7006001",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-30 22:15
Modified
2024-11-21 01:47
Summary
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
Impacted products
Vendor Product Version
redhat openshift 1.2
redhat enterprise_linux 6.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "DC920653-E8B1-4D46-B8C4-DC847DD1DDB0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.",
      },
      {
         lang: "es",
         value: "Se encontró un problema de tipo CSRF en OpenShift Enterprise versión 1.2. La consola web está utilizando \"Basic authentication\" y la API REST no posee un mecanismo de protección contra ataques de tipo CSRF. Esto puede permitir a un atacante obtener la credencial y el encabezado Autorization:  cuando se solicita la API REST por medio del navegador web.",
      },
   ],
   id: "CVE-2013-0196",
   lastModified: "2024-11-21T01:47:02.533",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-30T22:15:11.213",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2013-0196",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2013-0196",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-13 13:15
Modified
2024-11-21 05:11
Summary
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6E54096-5D45-4CB2-AC9A-DDB55BF2B94C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1936DEA-6470-48CA-9FE1-B16448554ACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*",
                     matchCriteriaId: "70108B60-8817-40B4-8412-796A592E4E5E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "26BB96DD-5842-4227-8B10-984C536A5FFB",
                     versionEndExcluding: "14.2.21",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.",
      },
      {
         lang: "es",
         value: "Se detectó una vulnerabilidad en Red Hat Ceph Storage versión 4 y Red Hat Openshift Container Storage versión 4.2 donde, se detectó una vulnerabilidad de reutilización de nonce en el modo seguro del protocolo de messenger v2, que puede permitir a un atacante falsificar etiquetas de autenticación y potencialmente manipular los datos al aprovechar la reutilización de un nonce en una sesión. Los mensajes cifrados usando un valor nonce reutilizado, son susceptibles de serios ataques de confidencialidad e integridad.",
      },
   ],
   id: "CVE-2020-1759",
   lastModified: "2024-11-21T05:11:19.593",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.2,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-13T13:15:13.480",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202105-39",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202105-39",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-323",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-330",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-10-01 17:55
Modified
2024-11-21 01:38
Severity ?
Summary
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "129BE399-B405-4DF1-987B-6DA24172FC19",
                     versionEndIncluding: "1.8.22",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D6A915B-43FF-4FFA-98FA-968403825D43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "767790C2-2C72-45C0-A4EF-F21EAAAD1698",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBAB2571-F73A-4843-A494-1D10A214862D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "57847827-F148-42C9-9180-3D5482249CB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "323AC584-E261-445D-9C84-DA34DFDE2D39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A563E3D-2D87-4712-8C90-067ABB9D6810",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B540D22-0BDC-4727-B11E-9667F6E188BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "741E979F-6AD5-4C15-8541-5D5F659E5ED3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "81C93DD3-19B4-431D-A7BD-E86F90F91745",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA2C407B-2C0F-4C46-9F5B-6C63CC887941",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "7865522C-C5D0-4D4B-B090-7B756B36DF4F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "95AE74A8-4A90-4372-8B88-81FF7E6E578B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F6BED14-99EA-4F87-95BB-078D2CEED349",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EC8340E-D33E-4DB6-A08B-E56EA035C133",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "41E7E929-1144-438A-A55D-0B5CE6886C0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3EB522C-6EA5-4CF5-B610-CB9414DD4815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF3220D1-DEFF-46A6-95B3-A40838D4E294",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8DA4D9E-B822-4254-856C-3176A948D718",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.2.2:-:enterprise:*:*:*:*:*",
                     matchCriteriaId: "A7868189-C831-4E7D-9718-B2EFF16FCA3D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.",
      },
      {
         lang: "es",
         value: "RubyGems anteriores a 1.8.23 pueden redirigir conexiones HTTPS a HTTP, lo cual facilita a atacantes remotos observar o modificar una gema durante la instalación a través de un ataque man-in-the-middle.",
      },
   ],
   id: "CVE-2012-2125",
   lastModified: "2024-11-21T01:38:32.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-10-01T17:55:03.257",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/55381",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-1582-1/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/55381",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-1582-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-20 15:15
Modified
2024-11-21 05:11
Summary
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "56FBB37B-F320-4355-B695-08251CCBE6EF",
                     versionEndExcluding: "4.3",
                     versionStartIncluding: "4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en todas las versiones de openshift/postgresql-apb 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/postgresql-apb. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios.",
      },
   ],
   id: "CVE-2020-1707",
   lastModified: "2024-11-21T05:11:12.727",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-20T15:15:13.607",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-16 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C",
                     versionEndIncluding: "1.582",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B",
                     versionEndIncluding: "1.565.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos enumerar nombres de usuarios a través de vectores relacionados con intentos de inicio de sesión.",
      },
   ],
   id: "CVE-2014-3662",
   lastModified: "2024-11-21T02:08:36.150",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-16T19:55:07.970",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-07-06 16:15
Modified
2024-11-21 06:22
Summary
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Impacted products
Vendor Product Version
gnu grub2 *
redhat developer_tools 1.0
redhat openshift 3.0
redhat enterprise_linux 8.0
redhat enterprise_linux 8.1
redhat enterprise_linux 8.4
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_power_little_endian 9.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_for_power_little_endian_eus 9.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_tus 8.6
redhat openshift_container_platform 4.6
redhat openshift_container_platform 4.9
redhat openshift_container_platform 4.10
redhat enterprise_linux 8.0
redhat codeready_linux_builder -
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 9.0
netapp ontap_select_deploy_administration_utility -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B798FFCB-4972-436F-ADB4-8DA325089773",
                     versionEndExcluding: "2.12",
                     versionStartIncluding: "2.00",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "60937D60-6B78-400F-8D30-7FCF328659A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "62C4B3B6-7452-49AF-8981-737FE929FF97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF30E57A-97EA-4A44-8404-6AE4F058B44D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DAD1E4A-B22F-432C-97C8-D91D286535F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B62E762-2878-455A-93C9-A5DB430D7BB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "81609549-25CE-4C8A-9DE3-170D23704208",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CD81C46-328B-412D-AF4E-68A2AD2F1A73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",
      },
      {
         lang: "es",
         value: "Puede producirse una escritura fuera de límites de la pila durante el manejo de las tablas Huffman en el lector PNG. Esto puede conllevar a una corrupción de datos en el espacio de la pila. El impacto en la confidencialidad, integridad y disponibilidad puede considerarse bajo ya que es muy complejo que un atacante controle la codificación y el posicionamiento de las entradas Huffman corruptas para conseguir resultados como la ejecución de código arbitrario y/o la omisión del arranque seguro. Este fallo afecta a grub2 versiones anteriores a grub-2.12",
      },
   ],
   id: "CVE-2021-3696",
   lastModified: "2024-11-21T06:22:10.657",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "LOW",
               baseScore: 4.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 3.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-06T16:15:08.270",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-12",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-12",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-18 17:15
Modified
2024-11-21 04:34
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.
Impacted products
Vendor Product Version
redhat openshift 4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.",
      },
      {
         lang: "es",
         value: "Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el openshift/ocp-release-operator-sdk. Un atacante con acceso al contenedor podría usar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios. Este CVE es específico para el openshift/ansible-operator-container como es incluido en Openshift versión 4.",
      },
   ],
   id: "CVE-2019-19355",
   lastModified: "2024-11-21T04:34:38.397",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-18T17:15:11.837",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-266",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2024-11-21 02:32
Severity ?
Summary
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
References
secalert@redhat.comhttp://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-0489.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2035.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2036.html
secalert@redhat.comhttp://www.debian.org/security/2016/dsa-3524
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/12/08/6
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
secalert@redhat.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
secalert@redhat.comhttps://issues.apache.org/jira/browse/AMQ-6013Vendor Advisory
secalert@redhat.comhttps://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0489.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2035.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2036.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3524
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/12/08/6
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/AMQ-6013Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "436F59B9-507A-4B4E-A9F3-022616866151",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F58D9E69-CBF2-4FB6-B062-ED21F83CBCCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "05D6EC30-88DC-4424-BF86-D9C0DA5E191C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "82ACD6BA-257F-49D0-8944-0991FB038533",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C43FD7A1-FC03-47BC-B6C6-02C0F1466762",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7A8D571-2925-4F61-B3F0-8F4A3776F6EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "47B31CD9-A3BB-427C-A631-2E8168DD1985",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B904806-6796-4947-BDF4-EEA5681147E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6075BF1D-AC7C-46E3-A730-4E9A98856520",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "623530FC-12E9-480B-AFA0-C19FCFFA5D36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5755A41-0DBE-4F54-A1C1-4F65DCC6ACD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "11AADFBF-AC60-4535-892C-BE90BE858172",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC5143E8-B392-4954-9C0D-DD39388B669F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4C0A644-8667-4ABD-8BB3-46289DCD3A93",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "607B6541-973A-4FF5-8106-A30076CA353C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "08310F87-4C45-436F-A707-A22A4ACB1587",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4243B47C-26B9-45BE-B66A-F1534D18A265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26258CBF-39D0-45FD-AC6B-3D9840CB88EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "532FC7B8-31FD-459C-B757-4D17D4E6ED63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "36710BEE-E9B8-4979-BB75-6CEF7836268B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F15DF0DF-FDBD-4196-88DE-023CF90AA0D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E1A027B-EDBB-4305-BCE2-5DA862F9A3A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DA90EA1-64F2-44DD-86A8-E35191C79446",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E7D827D-8180-4605-98CB-03436F916B27",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                     matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
                     matchCriteriaId: "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.",
      },
      {
         lang: "es",
         value: "Apache ActiveMQ 5.x en versiones anteriores a 5.13.0 no restringe las clases que pueden ser serializadas en el broker, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto ObjectMessage Java Message Service (JMS) serializado manipulado.",
      },
   ],
   id: "CVE-2015-5254",
   lastModified: "2024-11-21T02:32:39.307",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-01-08T19:59:00.113",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.debian.org/security/2016/dsa-3524",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2015/12/08/6",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://issues.apache.org/jira/browse/AMQ-6013",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2016/dsa-3524",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/12/08/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://issues.apache.org/jira/browse/AMQ-6013",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-02 20:15
Modified
2024-11-21 04:34
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift *
redhat openshift *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E99FF97F-2A6C-4589-996B-FACCAFAE56E3",
                     versionEndExcluding: "3.11.188-4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F64F6AE-D8DF-490B-991F-F90D705945F5",
                     versionEndExcluding: "4.1.37",
                     versionStartIncluding: "4.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A6C41B-575B-486E-AC21-429F507E1447",
                     versionEndExcluding: "4.2.21",
                     versionStartIncluding: "4.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "15747A3D-8D4B-42B6-A210-C9E533067A7B",
                     versionEndExcluding: "4.3.5",
                     versionStartIncluding: "4.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
      },
      {
         lang: "es",
         value: "Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/apb-base, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4. Un atacante con acceso al contenedor podría utilizar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios.",
      },
   ],
   id: "CVE-2019-19348",
   lastModified: "2024-11-21T04:34:37.547",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-02T20:15:15.393",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-266",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-08 18:15
Modified
2024-11-21 06:01
Summary
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E84CF402-8B95-4C23-8190-3B5CB41179CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC731321-B677-48A2-A53F-13E5180DE3AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8127ABE3-72FD-463D-831A-B99E101A2DF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CC7E88E-07E8-4992-9902-F8403CB67C5C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FD80D64-2837-4158-A036-C3333ECA0D13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C23DD1C6-6BEE-4ABE-ADC0-66B1F467B96C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.",
      },
      {
         lang: "es",
         value: "IBM App Connect Enterprise Certified Container versiones 1.0, 1.1, 1.2, 1.3, 1.4 y 1.5, podría divulgar información confidencial a un usuario local cuando es configurado para usar una clave API de IBM Cloud para conectarse a conectores basados en la nube. IBM X-Force ID: 207630",
      },
   ],
   id: "CVE-2021-29906",
   lastModified: "2024-11-21T06:01:58.530",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 1.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.4,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-08T18:15:07.537",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6497177",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6497177",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-05-17 14:08
Modified
2024-11-21 02:50
Summary
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift 3.1
redhat openshift 3.2
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508",
                     versionEndIncluding: "1.651.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59",
                     versionEndIncluding: "2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades de redirección abierta en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados relacionados con URLs \"scheme-relative\".",
      },
   ],
   evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>",
   id: "CVE-2016-3726",
   lastModified: "2024-11-21T02:50:35.087",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-05-17T14:08:10.687",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-07-16 20:29
Modified
2024-11-21 03:14
Summary
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
Impacted products
Vendor Product Version
redhat openshift -
redhat openshift_container_platform 3.9



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "309CB6F8-F178-454C-BE97-787F78647C28",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as \"oc tag\", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.",
      },
      {
         lang: "es",
         value: "La lista blanca de importación de imágenes de OpenShift falló a la hora de aplicar restricciones correctamente al ejecutar comandos como, por ejemplo, \"oc tag\". Esto podría permitir que un usuario con acceso a OpenShift ejecute imágenes de registros en los que no debería estarle permitido.",
      },
   ],
   id: "CVE-2017-15137",
   lastModified: "2024-11-21T03:14:08.707",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-07-16T20:29:00.223",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHBA-2018:0489",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHBA-2018:0489",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 17:59
Modified
2024-11-21 02:50
Summary
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
Impacted products
Vendor Product Version
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 3.2 no restringe correctamente el acceso a builds STI, lo que permite a usuarios remotos autenticados acceder al socket Docker y obtener privilegios a través de vectores relacionado con build-pod.",
      },
   ],
   id: "CVE-2016-3738",
   lastModified: "2024-11-21T02:50:36.537",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T17:59:07.657",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1094",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-05-17 14:08
Modified
2024-11-21 02:50
Summary
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift 3.1
redhat openshift 3.2
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508",
                     versionEndIncluding: "1.651.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59",
                     versionEndIncluding: "2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a usuarios remotos autenticados con múltiples cuentas provocar una denegación de servicio (sin posibilidad de acceso) editando el \"full name\".",
      },
   ],
   id: "CVE-2016-3722",
   lastModified: "2024-11-21T02:50:34.563",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-05-17T14:08:07.047",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-02 14:15
Modified
2024-11-21 05:27
Summary
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 4.7.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC917AC2-DD18-4DD6-80B4-4A1BE1A62D10",
                     versionEndExcluding: "4.7.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.7.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "5D5A79FB-491F-4030-8F6F-C3691F9D7D58",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.",
      },
      {
         lang: "es",
         value: "Se ha detectado un fallo de modificación no segura en el archivo /etc/kubernetes/kubeconfig en OpenShift. Este fallo permite a un atacante con acceso a un contenedor en ejecución que monta el archivo /etc/kubernetes o que tiene acceso local al nodo, copiar este archivo kubeconfig e intentar añadir su propio nodo al clúster de OpenShift. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad, así como la disponibilidad del sistema. Este fallo afecta a versiones anteriores a openshift4/ose-machine-config-operator v4.7.0-202105111858.p0",
      },
   ],
   id: "CVE-2020-35514",
   lastModified: "2024-11-21T05:27:28.540",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-02T14:15:09.577",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1914714",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1914714",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-266",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-18 19:15
Modified
2024-11-21 07:45
Summary
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD41B712-3818-4AFA-8A03-64E8B51809F0",
                     versionEndExcluding: "21.0.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9758FDC-C224-4EB3-8D42-409F4CBE6442",
                     versionEndExcluding: "21.0.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "034C5D78-A9CB-4A27-A2BF-1E7A1EB1318A",
                     versionEndExcluding: "21.0.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "22EB28CE-7C7F-4290-85FE-5E3EBF905CF0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL.  This could allow an attacker to obtain sensitive information using man in the middle techniques.  IBM X-Force ID:  244109.",
      },
      {
         lang: "es",
         value: "IBM Robotic Process Automation 20.12.0 a 21.0.2 utiliza de forma predeterminada HTTP en algunos comandos RPA cuando el prefijo no se especifica explícitamente en la URL. Esto podría permitir a un atacante obtener información confidencial utilizando técnicas de intermediario. ID de IBM X-Force: 244109.",
      },
   ],
   id: "CVE-2023-22863",
   lastModified: "2024-11-21T07:45:32.963",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-18T19:15:12.803",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244109",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6855837",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244109",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6855837",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-319",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-16 18:15
Modified
2024-11-21 04:55
Summary
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 3.11



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C1B0314-F05F-48C8-ABFD-C38D1EB3A3EE",
                     versionEndIncluding: "4.3.5",
                     versionStartIncluding: "4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad de suplantación de contenido en openshift/console versiones 3.11 y 4.x. Este fallo permite a un atacante crear una URL e inyectar texto arbitrario en la página de error que parece ser de la instancia de OpenShift. Este ataque podría potencialmente convencer a un usuario de que el texto insertado es legítimo",
      },
   ],
   id: "CVE-2020-10715",
   lastModified: "2024-11-21T04:55:54.823",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-16T18:15:12.467",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/origin-web-console/pull/3173",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/origin-web-console/pull/3173",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-06-30 19:15
Modified
2024-11-21 01:55
Severity ?
Summary
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.
Impacted products
Vendor Product Version
redhat openshift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.",
      },
      {
         lang: "es",
         value: "En un nodo de openshift, se presenta un trabajo cron para actualizar los hechos de mcollective que maneja inapropiadamente un archivo temporal. Esto puede conllevar a una pérdida de confidencialidad e integridad",
      },
   ],
   id: "CVE-2013-4561",
   lastModified: "2024-11-21T01:55:50.057",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 6.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 9.1,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-06-30T19:15:08.100",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1029652",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1029652",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-377",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-668",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 08:14
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A47F4B7-E1BE-4D42-95CE-C84D49FCF1E4",
                     versionEndIncluding: "21.0.7",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E11C26C3-7EAB-489D-980A-642997A202D9",
                     versionEndIncluding: "21.0.7",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.\n\n",
      },
      {
         lang: "es",
         value: "El servidor  IBM Robotic Process Automation v21.0.0 a v21.0.7 podría permitir a un usuario autenticado ver información confidencial de los registros de la aplicación. IBM X-Force ID: 262289. ",
      },
   ],
   id: "CVE-2023-38732",
   lastModified: "2024-11-21T08:14:08.157",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-22T19:16:39.373",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262289",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7028221",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7028221",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-02-12 04:15
Modified
2024-11-21 07:23
Summary
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:watson_knowledge_catalog_on_cloud_pak_for_data:4.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "92273847-6C8D-4C54-8016-37912089E537",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.  IBM X-Force ID:  237402.",
      },
   ],
   id: "CVE-2022-41731",
   lastModified: "2024-11-21T07:23:45.080",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4.7,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-02-12T04:15:15.633",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/237402",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6890729",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/237402",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6890729",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-09-21 14:25
Modified
2024-11-21 02:54
Summary
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-1844.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-1850.htmlThird Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/08/09/2Exploit, Technical Description
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/93165
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2016:1852Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2016:1853Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1362601Issue Tracking, Third Party Advisory, VDB Entry
secalert@redhat.comhttps://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4fExploit, Technical Description
secalert@redhat.comhttps://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9Patch
secalert@redhat.comhttps://github.com/libarchive/libarchive/issues/746Exploit, Patch
secalert@redhat.comhttps://security.gentoo.org/glsa/201701-03
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-1844.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-1850.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/08/09/2Exploit, Technical Description
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93165
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:1852Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:1853Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1362601Issue Tracking, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4fExploit, Technical Description
af854a3a-2127-422b-91ae-364da2661108https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/libarchive/libarchive/issues/746Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-03



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                     matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A6EFED3-4FD3-413D-85C2-73F746F346E8",
                     versionEndIncluding: "3.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C84489B-B08C-4854-8A12-D01B6E45CF79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "39A901D6-0874-46A4-92A8-5F72C7A89E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.",
      },
      {
         lang: "es",
         value: "El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado.",
      },
   ],
   id: "CVE-2016-5418",
   lastModified: "2024-11-21T02:54:16.420",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-09-21T14:25:13.457",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Technical Description",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/08/09/2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/93165",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1852",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1853",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Technical Description",
         ],
         url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/libarchive/libarchive/issues/746",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.gentoo.org/glsa/201701-03",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Technical Description",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/08/09/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/93165",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1852",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1853",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Technical Description",
         ],
         url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/libarchive/libarchive/issues/746",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201701-03",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-19",
            },
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-24 16:15
Modified
2024-11-21 04:34
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
redhat openshift 3.11
redhat openshift 4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en openshift/ansible-service-broker como es enviado en Red Hat Openshift versiones 4 y 3.11.&#xa0;Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios",
      },
   ],
   id: "CVE-2019-19350",
   lastModified: "2024-11-21T04:34:37.790",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-24T16:15:14.947",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793283",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793283",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-266",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-11-09 17:29
Modified
2024-11-21 02:36
Severity ?
Summary
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2500.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2501.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2502.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2514.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2516.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2517.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2521.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2522.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2524.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2670.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-2671.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-0040.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-1773.html
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
secalert@redhat.comhttp://www.securityfocus.com/bid/78215Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1034097Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1037052Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1037053Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1037640Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/security/vulnerabilities/2059393Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/solutions/2045023Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1279330Issue Tracking, Third Party Advisory, VDB Entry, Vendor Advisory
secalert@redhat.comhttps://rhn.redhat.com/errata/RHSA-2015-2536.html
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20240216-0010/
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpujul2020.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2500.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2501.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2502.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2514.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2516.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2517.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2521.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2522.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2524.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2670.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-2671.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0040.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-1773.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/78215Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034097Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037052Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037053Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037640Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/vulnerabilities/2059393Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/solutions/2045023Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1279330Issue Tracking, Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2015-2536.html
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240216-0010/
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.html



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:data_grid:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D90858CA-996D-4A07-A57A-5E228BBED442",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33C4404A-CFB7-4B47-9487-F998825C31CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7750C45E-4D02-45D5-A3AA-CF024C20AC8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_data_virtualization:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3257F51A-C847-4251-8B1B-D8DEF11677A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CDDAFDB-E67A-4795-B2C4-C2D31734ABC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9CDC2527-97FE-409D-8DD6-78E085CC73C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA0930C5-C483-414C-879D-029FDE8251C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFB8FED0-E0C6-409C-A2D8-B3999265D545",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E2F2F98-DB90-43F6-8F28-3656207B6188",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A305F012-544E-4245-9D69-1C8CD37748B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B78438D-1321-4BF4-AEB1-DAF60D589530",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_portal:6.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5C01A82-F078-4D08-93D0-6318272D3D8F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6047BC2A-5EDB-458F-BBDB-38C0C3CF4E7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:xpaas:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F58B1F3C-C27D-4387-9164-C3E2E0960A2A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",
      },
      {
         lang: "es",
         value: "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x y 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x y 5.x; Enterprise Application Platform 6.x, 5.x y 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x y Red Hat Subscription Asset Manager 1.3 permiten que atacantes remotos ejecuten comandos arbitrarios mediante un objeto Java serializado manipulado. Esto está relacionado con la librería ACC (Apache Commons Collections).",
      },
   ],
   id: "CVE-2015-7501",
   lastModified: "2024-11-21T02:36:53.193",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-11-09T17:29:00.203",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2500.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2501.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2502.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2514.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2516.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2517.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2521.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2522.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2524.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2670.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2671.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0040.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/78215",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034097",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037052",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037053",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037640",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/vulnerabilities/2059393",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/solutions/2045023",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279330",
      },
      {
         source: "secalert@redhat.com",
         url: "https://rhn.redhat.com/errata/RHSA-2015-2536.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://security.netapp.com/advisory/ntap-20240216-0010/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2500.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2501.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2502.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2514.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2516.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2517.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2521.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2522.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2524.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2670.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-2671.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0040.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/78215",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1034097",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037052",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037053",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1037640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/security/vulnerabilities/2059393",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/solutions/2045023",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279330",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://rhn.redhat.com/errata/RHSA-2015-2536.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240216-0010/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpujul2020.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-502",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-06-08 17:59
Modified
2024-11-21 02:50
Summary
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
Impacted products
Vendor Product Version
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise 3.2, cuando multi-tenant SDN está habilitado y un build está ejecutado en un espacio de nombres que normalmente estaría aislado de pods en otros espacios de nombres, permite a usuarios remotos autenticados acceder a recursos de red en pods restringidos a través de un build s2i con una imagen builder que (1) contiene comandos ONBUILD o (2) no contiene un binario tar.",
      },
   ],
   id: "CVE-2016-3708",
   lastModified: "2024-11-21T02:50:32.740",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "LOW",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 4.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-06-08T17:59:05.750",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1094",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-22 22:15
Modified
2024-11-21 08:14
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDF503DD-23DC-4B22-8873-BE94BF0F1CD1",
                     versionEndIncluding: "21.0.7.3",
                     versionStartIncluding: "21.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F513AA2B-F457-408B-8D5F-EBE657439000",
                     versionEndIncluding: "23.0.3",
                     versionStartIncluding: "23.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs.  IBM X-Force Id:  262293.\n\n",
      },
   ],
   id: "CVE-2023-38733",
   lastModified: "2024-11-21T08:14:08.300",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-22T22:15:08.460",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7028223",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7028223",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-532",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2024-11-21 01:44
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.
Impacted products
Vendor Product Version
redhat openshift 0.0.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:0.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9BE55AD5-7BF6-4B5A-9BDA-3148E0CFC7A1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en la consola de gestión (openshift-console/app/controllers/application_controller.rb) en OpenShift v0.0.5 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios a través de vectores no especificados.",
      },
   ],
   id: "CVE-2012-5622",
   lastModified: "2024-11-21T01:44:59.430",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-12-18T01:55:07.680",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://osvdb.org/88333",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2012-1555.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=883227",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openshift/origin-server/pull/1009",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/88333",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2012-1555.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=883227",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openshift/origin-server/pull/1009",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-05 22:15
Modified
2024-11-21 01:57
Summary
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2013/08/21/17Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2013/08/21/18Mailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/77520Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123Issue Tracking, Third Party Advisory
cve@mitre.orghttps://security-tracker.debian.org/tracker/CVE-2013-5123Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/08/21/17Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/08/21/18Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/77520Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/CVE-2013-5123Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:pypa:pip:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "04BF789D-45CA-4644-9B6A-E4FC6EFCA781",
                     versionEndExcluding: "1.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:virtualenv:virtualenv:12.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FEC46E5-9B27-46E8-B178-11F2A9B2DF92",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "749804DA-4B27-492A-9ABA-6BB562A6B3AC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
      },
      {
         lang: "es",
         value: "El soporte de duplicación (-M, --use-mirrors) en Python Pip versiones anteriores a la versión 1.5, utiliza consultas DNS no seguras y comprobaciones de autenticidad que permiten a atacantes realizar ataques de tipo man-in-the-middle.",
      },
   ],
   id: "CVE-2013-5123",
   lastModified: "2024-11-21T01:57:03.813",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-05T22:15:10.813",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/08/21/17",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/08/21/18",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/77520",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2013-5123",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/08/21/17",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/08/21/18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/77520",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2013-5123",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-01-03 18:54
Modified
2024-11-21 01:51
Severity ?
Summary
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAC9E6F6-1C3C-4270-8360-97C0D1907D0C",
                     versionEndIncluding: "3.0.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "079D1872-7E1B-4A66-9B3C-7FFC842A7BE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD8C8495-4011-4B96-BB78-430B1F508548",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D3426ED-FAD6-47C5-94D3-A8BACFBEF270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CD685C8-82D3-497A-84E9-238D19F15FE7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "40AD3808-45E1-4889-98AF-4267B9DB17A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "36FCE653-AFE2-4291-872E-9CA8772F0CAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EF4B9EF-23CC-46E3-8700-36633924B9CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BAC8504-4F89-49AD-A06F-6A5A5B1DA34E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "522C4CC8-9B97-4E1D-B82B-073D14444909",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9FEA652-5FFF-443F-983B-4FC5A4478F9E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "3907694B-8E1A-4C5B-ABF0-90F023845557",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2AA53B5-4F58-4D38-80D7-42771F2C295C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "4472ABCB-B464-4640-A892-73B4C8CB609F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2AA0F1-AB6F-4583-9AB1-38B7F69CE96D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EDAC43A-BC17-4F1E-BFF6-4C9180817E5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "49FEE58A-FFDD-4E00-94F7-947D32CC1350",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "09AFC97E-37EF-4D68-B947-C8FB43A11245",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2267254-554B-4AF2-A72B-0E346E4657C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:3.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C406BAD-DCF8-4C46-9731-A81EBF387F68",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3C18671-5FB1-4C97-9FDD-6D495A748DF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ECFAD875-6DB0-4D40-9A11-E02DA954B197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1CC46D4-E33E-467C-B5C7-8F371D906A46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2595C046-B304-42F3-8194-C259EFDBCA76",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "E038BCDC-E14F-4D37-981C-BB80853C148C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem.",
      },
      {
         lang: "es",
         value: "Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegación de servicio (prevención de inicio de la aplicación) u obtener privilegios creando un fichero \"config\" temporal en un directorio con un nombre predecible en /tmp/ antes de que sea utilizado por la gema.",
      },
   ],
   id: "CVE-2013-2119",
   lastModified: "2024-11-21T01:51:04.423",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-01-03T18:54:11.350",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-16 20:59
Modified
2024-11-21 02:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "99D411C8-56FB-4F1A-9822-C9D3153B365A",
                     versionEndIncluding: "1.596.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "26836BE3-EB42-4460-81A7-5249801BA67D",
                     versionEndIncluding: "1.605",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.606 y LTS en versiones anteriores a 1.596.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1812.",
      },
   ],
   id: "CVE-2015-1813",
   lastModified: "2024-11-21T02:26:11.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2015-10-16T20:59:10.873",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-06-30 21:15
Modified
2024-11-21 02:01
Summary
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.
Impacted products
Vendor Product Version
redhat openshift-origin-node-util -
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift-origin-node-util:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "39102EAF-760D-4068-BB9B-67D0DD5720F6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9DF1BA10-20C1-4F07-BFBE-803A104C55EC",
                     versionEndIncluding: "2.1.1",
                     versionStartIncluding: "1.0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.",
      },
      {
         lang: "es",
         value: "Se ha reportado que watchman en openshift node-utils crea /var/run/watchman.pid y /var/log/watchman.ouput con permiso de escritura mundial",
      },
   ],
   id: "CVE-2014-0068",
   lastModified: "2024-11-21T02:01:17.590",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-06-30T21:15:10.317",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1064100",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1064100",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-15 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
Impacted products
Vendor Product Version
jenkins jenkins *
redhat openshift *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B",
                     versionEndIncluding: "1.565.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C",
                     versionEndIncluding: "1.582",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Overall/READ leer archivos arbitrarios a través de vectores no especificados",
      },
   ],
   id: "CVE-2014-3664",
   lastModified: "2024-11-21T02:08:36.390",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-15T14:55:07.727",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147765",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973",
      },
      {
         source: "secalert@redhat.com",
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147765",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-18 19:15
Modified
2024-11-21 07:45
Summary
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F474D877-57F4-496D-8E69-769DD42445D1",
                     versionEndExcluding: "21.0.5",
                     versionStartIncluding: "21.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "22EB28CE-7C7F-4290-85FE-5E3EBF905CF0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.\n\n",
      },
      {
         lang: "es",
         value: "IBM Robotic Process Automation para Cloud Pak 21.0.1 a 21.0.4 podría permitir que un usuario local realice acciones no autorizadas debido a una configuración de permisos insuficiente. ID de IBM X-Force: 244073.",
      },
   ],
   id: "CVE-2023-22592",
   lastModified: "2024-11-21T07:45:01.437",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.4,
            impactScore: 2.5,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-18T19:15:12.573",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244073",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6855839",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244073",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6855839",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-732",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:50
Summary
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:devfile:registry-support:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FDBF67C-FADA-4C25-9795-E099C8D0DB56",
                     versionEndExcluding: "0.0.0-20240206",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "97321212-0E07-4CC2-A917-7B5F61AB9A5A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en la función de descompresión del soporte de registro. Este problema puede ser desencadenado por un atacante remoto no autenticado al engañar a un usuario para que abra un archivo .tar especialmente modificado, lo que lleva al proceso de limpieza a seguir rutas relativas para sobrescribir o eliminar archivos fuera del alcance previsto.",
      },
   ],
   id: "CVE-2024-1485",
   lastModified: "2024-11-21T08:50:41.090",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.8,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.3,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.8,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-02-14T00:15:46.783",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-1485",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264106",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/advisories/GHSA-84xv-jfrm-h4gm",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/devfile/registry-support/pull/197",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-1485",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264106",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/advisories/GHSA-84xv-jfrm-h4gm",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/devfile/registry-support/pull/197",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-23",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-06-20 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.2.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "8B150884-E0B1-419B-B085-BFA29FA880FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.1:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "7405F776-4F1C-467A-AC66-5AABBE43411B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.2:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "437AB2B0-0175-4E48-A1A5-6723C97F3253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.3:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "BA5E9EB2-607B-43A7-A75F-CA171529B9E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.4:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "582D97B4-ADBC-485D-B00F-AD9F3566F711",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "AB204392-8CE0-4B3B-9399-F6B83EB9006F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "7D84F1EB-5654-4B52-92E3-5DA10F97CA39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "A463CF4B-2010-4AB5-9275-020BF53B5FA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:1.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7EA05E8-A168-428B-A884-94FDC8FA9718",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "22826952-47F5-4C1B-8A8B-35E089B84C0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:2.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1F656F4-7B39-4318-A231-E01C0B6ABE0C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.",
      },
      {
         lang: "es",
         value: "cartridge_repository.rb en OpenShift Origin and Enterprise 1.2.8 hasta 2.1.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una Url de fuente que termina con una extensión de fichero (1) .tar.gz, (2) .zip, (3) .tgz o (4) .tar en un fichero del manifiesto de cartuchos.",
      },
   ],
   id: "CVE-2014-3496",
   lastModified: "2024-11-21T02:08:13.977",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-06-20T14:55:07.030",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0762.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0763.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0764.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/59298",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110470",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openshift/origin-server/pull/5521",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0762.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0763.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2014-0764.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/59298",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110470",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openshift/origin-server/pull/5521",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-11-25 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.
Impacted products
Vendor Product Version
redhat openshift *
jenkins jenkins *
redhat openshift 2.0
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4",
                     versionEndIncluding: "1.637",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad XXE en el comando create-job en CLI en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos leer archivos arbitrarios a través de una configuración de trabajo manipulado que es cuando se utiliza una \"herramienta XML-aware\", según lo demostrado mediante get-job y update-job.",
      },
   ],
   evaluatorComment: "<a href=\"https://cwe.mitre.org/data/definitions/611.html\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>",
   id: "CVE-2015-5319",
   lastModified: "2024-11-21T02:32:47.240",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-11-25T20:59:10.383",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-04-16 15:29
Modified
2024-11-21 03:01
Summary
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.
Impacted products
Vendor Product Version
redhat openshift 3.2.1.23
redhat openshift 3.3.1.11
redhat openshift 3.4



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2.1.23:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2325EB46-F017-4D89-8436-1BDB75AC4007",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.3.1.11:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "401352A3-D572-4E6D-91DF-3CD131825BE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "E1056A33-690E-4120-821F-52B9705CB84B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.",
      },
      {
         lang: "es",
         value: "openshift, en versiones anteriores a la 3.3.1.11, 3.2.1.23 y 3.4, es vulnerable a un error cuando un volumen fracasa a la hora de desasociarse. Esto provoca que la operación de borrado falle con un error \"VolumeInUse\". Como la operación de borrado se reintenta cada 30 segundos para cada volumen, esto podría conducir a un ataque de denegación de servicio (DoS), ya que el número de peticiones API que se envían al proveedor cloud excede el límite de tasa de la API.",
      },
   ],
   id: "CVE-2016-9592",
   lastModified: "2024-11-21T03:01:28.290",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-04-16T15:29:00.233",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/94991",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/94991",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-460",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-04-24 14:55
Modified
2024-11-21 02:01
Severity ?
Summary
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F1F9383B-8318-4566-9964-3AE3628E15E5",
                     versionEndIncluding: "1.2.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "E20E866B-803E-434D-9FB1-9D53FC07665F",
                     versionEndIncluding: "2.0.5",
                     versionStartIncluding: "2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.",
      },
      {
         lang: "es",
         value: "El openshift-origin-broker en Red Hat OpenShift Enterprise 2.0.5, 1.2.7, y anteriores no maneja adecuadamente las peticiones de autenticación provenientes del plugin de autenticación de usuarios remotos, lo que permite a atacantes remotos evitar la autenticación y suplantar a usuarios arbitrarios a través de las cabeceras X-Remote-User en las peticiones provocando un bypass.",
      },
   ],
   id: "CVE-2014-0188",
   lastModified: "2024-11-21T02:01:35.597",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-04-24T14:55:04.263",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0422.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0423.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1090120",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0422.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-0423.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1090120",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-12-08 16:15
Modified
2024-11-21 07:19
Summary
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.
Impacted products
Vendor Product Version
redhat openshift 4.9



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "0189F456-4CE5-4E94-83F9-9EC636C72F18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in Openshift. A pod with a DNSPolicy of \"ClusterFirst\" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.",
      },
      {
         lang: "es",
         value: "Se encontró un fallo en Openshift. Un pod con una política DNS de \"ClusterFirst\" puede resolver incorrectamente el nombre de host según un servicio proporcionado. Esta falla permite que un atacante proporcione un nombre incorrecto con la política de búsqueda de DNS, lo que afecta la confidencialidad y la disponibilidad.",
      },
   ],
   id: "CVE-2022-3262",
   lastModified: "2024-11-21T07:19:10.177",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-12-08T16:15:13.293",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128858",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128858",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-453",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-1188",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-09-21 13:29
Modified
2024-11-21 03:49
Summary
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4F0D169-E661-44C6-98E7-AA40B01D3706",
                     versionEndIncluding: "1.8.14",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.10:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "384135A7-48E2-470F-91CE-8253F10D8D0D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "309CB6F8-F178-454C-BE97-787F78647C28",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B99A2411-7F6A-457F-A7BF-EB13C630F902",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EB48767-F095-444F-9E05-D9AC345AB803",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un fallo en el descodificador HPACK de HAProxy en versiones anteriores a la 1.8.14 que se utiliza para HTTP/2. Un acceso de lectura fuera de límites en hpack_vallid_idx() resultó en un cierre inesperado remoto y una denegación de servicio (DoS).",
      },
   ],
   id: "CVE-2018-14645",
   lastModified: "2024-11-21T03:49:29.800",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-09-21T13:29:00.453",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHBA-2019:0028",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2882",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3780-1/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHBA-2019:0028",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2018:2882",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3780-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "secalert@redhat.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-02-03 18:59
Modified
2024-11-21 02:36
Summary
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift *
redhat openshift 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A",
                     versionEndIncluding: "1.625.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCFC646A-BA70-404D-9DE1-EE758455546E",
                     versionEndIncluding: "1.639",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores no especificados.",
      },
   ],
   id: "CVE-2015-7538",
   lastModified: "2024-11-21T02:36:56.420",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-02-03T18:59:02.977",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-08-05 15:59
Modified
2024-11-21 02:54
Summary
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
Impacted products
Vendor Product Version
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.",
      },
      {
         lang: "es",
         value: "El servidor API en Kubernetes, como es utilizado en Red Hat OpenShift Enterprise 3.2, en un entorno de múltiples usuarios permite a usuarios remotos autenticados con conocimiento de nombres de otros proyectos obtener información sensible de proyectos y usuarios a través de vectores relacionados con la lista watch-cache.",
      },
   ],
   id: "CVE-2016-5392",
   lastModified: "2024-11-21T02:54:13.557",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 6.8,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-08-05T15:59:08.380",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/91793",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1427",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356195",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/91793",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2016:1427",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356195",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-19 21:15
Modified
2024-11-21 04:18
Summary
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1743073Issue Tracking, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1743073Issue Tracking, Mitigation, Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1936DEA-6470-48CA-9FE1-B16448554ACE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F87326E-0B56-4356-A889-73D026DB1D4B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.",
      },
      {
         lang: "es",
         value: "Se encontró un fallo en atomic-openshift de openshift-4.2, donde el rol de usuario básico RABC en OpenShift Container Platform no protege suficientemente el GlusterFS StorageClass contra filtraciones del restuserkey.&#xa0;Un atacante con permisos de usuario básico puede obtener el valor de restuserkey y usarlo para autenticarse en el servicio REST de GlusterFS, consiguiendo acceso para leer y modificar archivos",
      },
   ],
   id: "CVE-2019-10225",
   lastModified: "2024-11-21T04:18:41.873",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-19T21:15:11.807",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743073",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743073",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-522",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-08-07 10:59
Modified
2024-11-21 02:54
Summary
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
References
cve@mitre.orghttp://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1Exploit, Patch
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
cve@mitre.orghttp://php.net/ChangeLog-5.phpRelease Notes
cve@mitre.orghttp://php.net/ChangeLog-7.phpRelease Notes
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-2598.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-2750.html
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3619Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2016/06/23/4Release Notes
cve@mitre.orghttp://www.ubuntu.com/usn/USN-3030-1
cve@mitre.orghttps://bugs.php.net/bug.php?id=72339Exploit, Patch, Vendor Advisory
cve@mitre.orghttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
cve@mitre.orghttps://libgd.github.io/release-2.2.3.htmlRelease Notes
cve@mitre.orghttps://security.gentoo.org/glsa/201612-09
af854a3a-2127-422b-91ae-364da2661108http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://php.net/ChangeLog-5.phpRelease Notes
af854a3a-2127-422b-91ae-364da2661108http://php.net/ChangeLog-7.phpRelease Notes
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2598.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2750.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3619Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/06/23/4Release Notes
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-3030-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=72339Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
af854a3a-2127-422b-91ae-364da2661108https://libgd.github.io/release-2.2.3.htmlRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201612-09
Impacted products
Vendor Product Version
redhat openshift 2.0
freebsd freebsd 8.3
redhat enterprise_linux 6.0
freebsd freebsd 8.0
redhat enterprise_linux 5
libgd libgd 2.2.2
php php *
php php 5.6.0
php php 5.6.0
php php 5.6.0
php php 5.6.0
php php 5.6.0
php php 5.6.0
php php 5.6.0
php php 5.6.0
php php 5.6.0
php php 5.6.1
php php 5.6.2
php php 5.6.3
php php 5.6.4
php php 5.6.5
php php 5.6.6
php php 5.6.7
php php 5.6.8
php php 5.6.9
php php 5.6.10
php php 5.6.11
php php 5.6.12
php php 5.6.13
php php 5.6.14
php php 5.6.15
php php 5.6.16
php php 5.6.17
php php 5.6.18
php php 5.6.19
php php 5.6.20
php php 5.6.21
php php 5.6.22
php php 7.0.0
php php 7.0.1
php php 7.0.2
php php 7.0.3
php php 7.0.4
php php 7.0.5
php php 7.0.6
php php 7.0.7
freebsd freebsd 10.0
fedoraproject fedora 23
debian debian_linux 8.0
freebsd freebsd 10.1
fedoraproject fedora 24
freebsd freebsd 8.4
freebsd freebsd 9.2
freebsd freebsd 8.2
freebsd freebsd 8.1
freebsd freebsd 9.0
freebsd freebsd 10.2
fedoraproject fedora 22
freebsd freebsd 9.3
redhat enterprise_linux 7.0
freebsd freebsd 10.3
freebsd freebsd 9.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:openshift:2.0:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "22DCCD9B-8D31-4757-A68A-FEF2C1E9E2BE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "30C501A1-FE2D-41E7-A5DB-C61D8701B9B4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CF1F9EF-01AF-4708-AE02-765360AF3D66",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:libgd:libgd:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF216444-68A4-490E-B3A4-9ECA664939BD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "44C85C39-7022-488D-8473-DB55CF456D7E",
                     versionEndIncluding: "5.5.36",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*",
                     matchCriteriaId: "5BF4E8FF-A3EC-43E8-A0C1-FD38AFCB77B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*",
                     matchCriteriaId: "54ADECFC-3C07-43BC-B296-6C25AC7F1C95",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*",
                     matchCriteriaId: "FE192054-2FBB-4388-A52A-422E20DEA2D7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*",
                     matchCriteriaId: "F0195D48-3B42-4AC0-B9C5-436E01C63879",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*",
                     matchCriteriaId: "BF0E5D67-ABC1-41A5-94E1-7DD3CDB51D81",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "319E0573-B1AD-40B6-B4BC-8BE67ED3EFDB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "1A7C00EB-87B7-4EB7-A4AC-8665D8C78467",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*",
                     matchCriteriaId: "21BFCF10-786A-4D1E-9C37-50A1EC6056F1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*",
                     matchCriteriaId: "95A6D6C8-5F46-4897-A0B0-778631E8CE6A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1F13E2D-A8F7-4B74-8D03-7905C81672C9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE18933A-5FE6-41C7-B1B6-DA3E762C3FB6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AE1289F-03A6-4621-B387-5F5ADAC4AE92",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "383697F5-D29E-475A-84F3-46B54A928889",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "786ED182-5D71-4197-9196-12AB5CF05F85",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF90980D-74AD-44AA-A7C5-A0B294CCE4F8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "48D6B69C-8F27-4F4C-B953-67A7F9C2FBA5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53DC0C3-EA19-4465-B65A-BC7CDB10D8BF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "BEA4DFC1-6C0C-42FB-9F47-E3E1AA9E47E0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "D904E21A-4B3B-4D96-850C-0C0315F14E6D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "C7CEF6D7-8966-45E7-BEBB-12055F5898C6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "171C1035-414C-4F3A-90F4-1A8ED26E3346",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "725BBA4E-B3BA-4AFA-A284-E0CDE3EC8FB4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7793408-66A2-4DE7-B5AA-E49E8A2EE043",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "95840EC0-512D-468D-99B0-17E8CFDD6BE0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1078D15-8073-4C04-82C2-3C8111E18B6C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B2E5E0C-8DD7-4CF8-A7E7-28ED0FD8B0C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E6EE9E4-9D6E-4CCC-B116-6020DA6884BE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9A23E37-8B94-440A-8014-389AC5389A19",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD5E20AF-724B-4DBD-9AED-920375666B6B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD008BBB-10C9-48E2-97B8-6B86B54FD48E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "90727984-6853-4348-B3CD-4869788117FD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B90B947-7B54-47F3-9637-2F4AC44079EE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "35848414-BD5D-4164-84DC-61ABBB1C4152",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B1F8402-8551-4F66-A9A7-81D472AB058E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A773E8E-48CD-4D35-A0FD-629BD9334486",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC492340-79AF-4676-A161-079A97EC6F0C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1C2D8FE-C380-4B43-B634-A3DBA4700A71",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EB58393-0C10-413C-8D95-6BAA8BC19A1B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA79CE41-D873-4A4A-A20C-83EB8772E5FA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
                     matchCriteriaId: "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6D63B21-9D2E-4B15-9E60-6181D44B1F55",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
                     matchCriteriaId: "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DB4C0E8-8E50-44B1-BE0C-4C261D9E9730",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C560926-7789-4052-819D-C36C43C9C61E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD5ECA1A-D9B4-4ED7-95EC-684E7AA2B765",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9899C87E-2C09-46AE-BC24-1ACF012784CA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6BD5BFF-260A-4A9E-B0AA-C8B8386B154E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "21EFF723-7B5A-4712-8A6B-56CADAA4BFD5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                     matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "57052F01-8695-4C63-A947-7671375B9312",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E102E760-362C-4DC7-BDED-E2CF9F94ECE7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D78E559A-430D-4D50-8A83-58A37D393471",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.",
      },
      {
         lang: "es",
         value: "Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de dimensiones del pedazo en una imagen manipulada.",
      },
   ],
   evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/122.html\">CWE-122</a>",
   id: "CVE-2016-5766",
   lastModified: "2024-11-21T02:54:58.810",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-08-07T10:59:13.663",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "http://php.net/ChangeLog-5.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "http://php.net/ChangeLog-7.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2016/dsa-3619",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/06/23/4",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/USN-3030-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugs.php.net/bug.php?id=72339",
      },
      {
         source: "cve@mitre.org",
         url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://libgd.github.io/release-2.2.3.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/201612-09",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "http://php.net/ChangeLog-5.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "http://php.net/ChangeLog-7.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2016/dsa-3619",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "http://www.openwall.com/lists/oss-security/2016/06/23/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-3030-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://bugs.php.net/bug.php?id=72339",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://libgd.github.io/release-2.2.3.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201612-09",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-190",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-18 17:15
Modified
2024-11-21 04:34
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.
Impacted products
Vendor Product Version
redhat openshift 3.11
redhat openshift 4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.",
      },
      {
         lang: "es",
         value: "Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/jenkins. Un atacante con acceso al contenedor podría usar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios. Este CVE es específico de openshift/jenkins-slave-base-rhel7-container como es incluido en Openshift versiones 4 y 3.11.",
      },
   ],
   id: "CVE-2019-19351",
   lastModified: "2024-11-21T04:34:37.907",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-18T17:15:11.713",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-266",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-11-13 21:32
Modified
2024-11-21 02:08
Severity ?
Summary
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B6B266CF-DDC0-421D-A36D-F123241E69B3",
                     versionEndIncluding: "2.1.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.1:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "7405F776-4F1C-467A-AC66-5AABBE43411B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.2:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "437AB2B0-0175-4E48-A1A5-6723C97F3253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.3:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "BA5E9EB2-607B-43A7-A75F-CA171529B9E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.4:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "582D97B4-ADBC-485D-B00F-AD9F3566F711",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*",
                     matchCriteriaId: "AB204392-8CE0-4B3B-9399-F6B83EB9006F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "7D84F1EB-5654-4B52-92E3-5DA10F97CA39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "A463CF4B-2010-4AB5-9275-020BF53B5FA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C6C0F050-48C7-4AFB-9DB3-A60C7E3501C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "459F1262-B8B0-475E-A7F2-0913FEE6F715",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "732EE887-EB12-492F-A4E4-3F441BB92C8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "34ACA7BA-8DB2-4645-9FF1-DB88195FFD2C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "A87A0BC7-F7D0-4090-992A-C26942FD82DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.1.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "81360600-BF69-4078-A6E6-EE6606391924",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.",
      },
      {
         lang: "es",
         value: "Red Hat OpenShift Enterprise anterior a 2.2 permite a usuarios locales obtener direcciones IP y otra información para sistemas remotos mediante la lectura de /proc/net/tcp.",
      },
   ],
   id: "CVE-2014-3602",
   lastModified: "2024-11-21T02:08:29.193",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-11-13T21:32:00.187",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-03-24 16:15
Modified
2024-11-21 04:34
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
redhat openshift 4.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor operator-framework/operator-metering como es enviado en Red Hat Openshift versión 4. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios",
      },
   ],
   id: "CVE-2019-19349",
   lastModified: "2024-11-21T04:34:37.670",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-03-24T16:15:14.853",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Product",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793284",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Product",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793284",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-266",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-06-27 19:15
Modified
2024-11-21 07:46
Summary
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5BAAF00-D394-4243-807A-A6D41125EC4B",
                     versionEndIncluding: "21.0.7.3",
                     versionStartIncluding: "21.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F513AA2B-F457-408B-8D5F-EBE657439000",
                     versionEndIncluding: "23.0.3",
                     versionStartIncluding: "23.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster.  IBM X-Force ID:  244500.",
      },
   ],
   id: "CVE-2023-23468",
   lastModified: "2024-11-21T07:46:15.633",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.4,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-06-27T19:15:09.293",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244500",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7005999",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244500",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7005999",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-05-17 14:08
Modified
2024-11-21 02:50
Summary
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins jenkins *
redhat openshift 3.1
redhat openshift 3.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59",
                     versionEndIncluding: "2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508",
                     versionEndIncluding: "1.651.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.",
      },
      {
         lang: "es",
         value: "La URL API computer/(master)/api/xml en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con permiso avanzado de lectura para el nodo maestro obtener información sensible sobre la configuración global a través de vectores no especificados.",
      },
   ],
   id: "CVE-2016-3727",
   lastModified: "2024-11-21T02:50:35.227",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-05-17T14:08:11.717",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:1206",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-10-19 16:15
Modified
2024-11-21 06:18
Summary
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
Impacted products
Vendor Product Version
ibm security_risk_manager_on_cp4s 1.7.2.0
redhat openshift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:security_risk_manager_on_cp4s:1.7.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1234F13E-0179-4713-82F0-F601F64948ED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.",
      },
      {
         lang: "es",
         value: "IBM Security Risk Manager on CP4S versión 1.7.0.0, almacena las credenciales de usuarios en texto sin cifrar que puede ser leído por un usuario privilegiado autenticado. IBM X-Force ID: 209940",
      },
   ],
   id: "CVE-2021-38911",
   lastModified: "2024-11-21T06:18:11.870",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 0.7,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-10-19T16:15:07.737",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6505281",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6505281",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-312",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-28 16:15
Modified
2024-11-21 01:50
Severity ?
Summary
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
Impacted products
Vendor Product Version
redhat openshift 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.",
      },
      {
         lang: "es",
         value: "La función download_from_url en OpenShift Origin, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en la URL de una petición para descargar un carrito.",
      },
   ],
   id: "CVE-2013-2060",
   lastModified: "2024-11-21T01:50:57.300",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-28T16:15:11.527",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/05/07/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/59687",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=960363",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/05/07/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/59687",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=960363",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-10-19 18:15
Modified
2024-11-21 01:55
Summary
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
Impacted products
Vendor Product Version
redhat openshift 1.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:-:*:*:*",
                     matchCriteriaId: "8AFA9951-AB69-4B63-9459-957A683484FA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.",
      },
      {
         lang: "es",
         value: "En Red Hat Openshift versión 1, son aplicados permisos débiles por defecto al archivo /etc/openshift/server_priv.pem en el servidor del broker, lo que podría permitir a usuarios con acceso local al broker leer este archivo",
      },
   ],
   id: "CVE-2013-4281",
   lastModified: "2024-11-21T01:55:16.247",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-19T18:15:11.243",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2014/06/05/19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2014/06/05/19",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-24 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift_origin 1.0.5



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:-:enterprise:*:*:*:*:*",
                     matchCriteriaId: "7D4E1F6B-34CD-4926-88A3-E440846BF387",
                     versionEndIncluding: "1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_origin:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D94C104-7375-4D23-97F7-E9B861A70E1C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.",
      },
      {
         lang: "es",
         value: "RHC-chk.rb en Red Hat OpenShift Origin anterior a v1,1, cuando -d (modo de depuración) se utiliza, muestra la contraseña y otra información confidencial en texto plano, lo que permite a atacantes dependientes del contexto obtener información sensible, como se ha demostrado mediante la inclusión de archivos de registro o reportes de Bugzilla en los canales de ayuda.",
      },
   ],
   id: "CVE-2012-5658",
   lastModified: "2024-11-21T01:45:03.983",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-02-24T22:55:01.033",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=889062",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=889062",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-03-20 15:15
Modified
2024-11-21 04:34
Summary
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
redhat openshift *
redhat openshift 3.11



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "56FBB37B-F320-4355-B695-08251CCBE6EF",
                     versionEndExcluding: "4.3",
                     versionStartIncluding: "4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
      },
      {
         lang: "es",
         value: "Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki-apb 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mediawiki-apb. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios.",
      },
   ],
   id: "CVE-2019-19345",
   lastModified: "2024-11-21T04:34:37.250",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 5.9,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-03-20T15:15:13.293",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-266",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-10-16 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
Impacted products
Vendor Product Version
redhat openshift *
jenkins jenkins *
jenkins jenkins *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
                     versionEndIncluding: "3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C",
                     versionEndIncluding: "1.582",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                     matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B",
                     versionEndIncluding: "1.565.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.",
      },
      {
         lang: "es",
         value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos provocar una denegación de servicio (consumo de hilo) a través de vectores relacionados con un apretón de manos en CLI.",
      },
   ],
   id: "CVE-2014-3661",
   lastModified: "2024-11-21T02:08:36.030",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-10-16T19:55:07.910",
   references: [
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://access.redhat.com/errata/RHSA-2016:0070",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-11 14:15
Modified
2024-11-21 02:00
Summary
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
References
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/04/21/2Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/05/13/1Mailing List, Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/security/cve/cve-2013-7370Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370Issue Tracking
secalert@redhat.comhttps://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_ScriptingBroken Link, Third Party Advisory
secalert@redhat.comhttps://security-tracker.debian.org/tracker/CVE-2013-7370Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/04/21/2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/05/13/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2013-7370Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_ScriptingBroken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/CVE-2013-7370Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sencha:connect:*:*:*:*:*:node.js:*:*",
                     matchCriteriaId: "EA24CA89-4754-4FDF-8959-B7345FC1C34E",
                     versionEndExcluding: "2.8.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware",
      },
      {
         lang: "es",
         value: "node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect.",
      },
   ],
   id: "CVE-2013-7370",
   lastModified: "2024-11-21T02:00:51.613",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-11T14:15:09.787",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/04/21/2",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/05/13/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2013-7370",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Broken Link",
            "Third Party Advisory",
         ],
         url: "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2013-7370",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/04/21/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2014/05/13/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2013-7370",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
         ],
         url: "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2013-7370",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2019-19348
Vulnerability from cvelistv5
Published
2020-04-02 19:14
Modified
2024-08-05 02:16
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
References
Impacted products
Vendor Product Version
Openshift Enterprise openshift/apb-base Version: Fixed in 4.3.5-202003020549
Version: Fixed in 4.2.21-202002240343
Version: Fixed in 4.1.37-202003021622
Version: Fixed in 3.11.188-4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:16:46.972Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/apb-base",
               vendor: "Openshift Enterprise",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in 4.3.5-202003020549",
                  },
                  {
                     status: "affected",
                     version: "Fixed in 4.2.21-202002240343",
                  },
                  {
                     status: "affected",
                     version: "Fixed in 4.1.37-202003021622",
                  },
                  {
                     status: "affected",
                     version: "Fixed in 3.11.188-4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-02T19:14:08",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2019-19348",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "openshift/apb-base",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fixed in 4.3.5-202003020549",
                                       },
                                       {
                                          version_value: "Fixed in 4.2.21-202002240343",
                                       },
                                       {
                                          version_value: "Fixed in 4.1.37-202003021622",
                                       },
                                       {
                                          version_value: "Fixed in 3.11.188-4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Openshift Enterprise",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-266",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-19348",
      datePublished: "2020-04-02T19:14:08",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-05T02:16:46.972Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5305
Vulnerability from cvelistv5
Published
2015-11-06 18:00
Modified
2024-08-06 06:41
Severity ?
Summary
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1273969x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2015:1945vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.313Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273969",
               },
               {
                  name: "RHSA-2015:1945",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2015:1945",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-10-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-11-06T17:57:03",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273969",
            },
            {
               name: "RHSA-2015:1945",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2015:1945",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5305",
      datePublished: "2015-11-06T18:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.313Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-2403
Vulnerability from cvelistv5
Published
2022-09-01 20:28
Modified
2024-08-03 00:39
Severity ?
Summary
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.
Impacted products
Vendor Product Version
n/a Openshift Version: Openshift 4.9 onwards
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:39:07.025Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101959",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2022-2403",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Openshift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Openshift 4.9 onwards",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-497",
                     description: "CWE-497",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-01T20:28:25",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101959",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2022-2403",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2022-2403",
      datePublished: "2022-09-01T20:28:25",
      dateReserved: "2022-07-14T00:00:00",
      dateUpdated: "2024-08-03T00:39:07.025Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3708
Vulnerability from cvelistv5
Published
2016-06-08 17:00
Modified
2024-08-06 00:03
Severity ?
Summary
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
References
https://access.redhat.com/errata/RHSA-2016:1094vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.544Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:1094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1094",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:1094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1094",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3708",
      datePublished: "2016-06-08T17:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.544Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-5647
Vulnerability from cvelistv5
Published
2013-02-24 21:00
Modified
2024-08-06 21:14
Severity ?
Summary
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:14:16.250Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/pull/1017",
               },
               {
                  name: "89430",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/89430",
               },
               {
                  name: "RHSA-2013:0148",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=888523",
               },
               {
                  name: "57189",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/57189",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-02-24T21:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/pull/1017",
            },
            {
               name: "89430",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/89430",
            },
            {
               name: "RHSA-2013:0148",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=888523",
            },
            {
               name: "57189",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/57189",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-5647",
      datePublished: "2013-02-24T21:00:00Z",
      dateReserved: "2012-10-24T00:00:00Z",
      dateUpdated: "2024-08-06T21:14:16.250Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2149
Vulnerability from cvelistv5
Published
2016-06-08 17:00
Modified
2024-08-05 23:17
Severity ?
Summary
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
References
https://access.redhat.com/errata/RHSA-2016:1064vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.741Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:1064",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1064",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:1064",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1064",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-2149",
      datePublished: "2016-06-08T17:00:00",
      dateReserved: "2016-01-29T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.741Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3711
Vulnerability from cvelistv5
Published
2016-06-08 17:00
Modified
2024-08-06 00:03
Severity ?
Summary
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
References
https://access.redhat.com/errata/RHSA-2016:1064vendor-advisory, x_refsource_REDHAT
https://github.com/openshift/origin/pull/8334x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.428Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:1064",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1064",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin/pull/8334",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the \"OPENSHIFT_[namespace]_SERVERID\" cookie.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:1064",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1064",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin/pull/8334",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3711",
      datePublished: "2016-06-08T17:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.428Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5325
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.530Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5325",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5325",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.530Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1806
Vulnerability from cvelistv5
Published
2015-10-16 20:00
Modified
2024-08-06 04:54
Severity ?
Summary
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.280Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
               },
               {
                  name: "RHSA-2015:1844",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-02-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
            },
            {
               name: "RHSA-2015:1844",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-1806",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
                  },
                  {
                     name: "RHSA-2015:1844",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1806",
      datePublished: "2015-10-16T20:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.280Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3262
Vulnerability from cvelistv5
Published
2022-12-08 00:00
Modified
2024-08-03 01:07
Severity ?
Summary
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.
Impacted products
Vendor Product Version
n/a openshift Version: 4.9
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:05.985Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128858",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "4.9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in Openshift. A pod with a DNSPolicy of \"ClusterFirst\" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-453",
                     description: "CWE-453",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-08T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128858",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2022-3262",
      datePublished: "2022-12-08T00:00:00",
      dateReserved: "2022-09-21T00:00:00",
      dateUpdated: "2024-08-03T01:07:05.985Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1807
Vulnerability from cvelistv5
Published
2015-10-16 20:00
Modified
2024-08-06 04:54
Severity ?
Summary
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.383Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
               },
               {
                  name: "RHSA-2015:1844",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-02-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
            },
            {
               name: "RHSA-2015:1844",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-1807",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
                  },
                  {
                     name: "RHSA-2015:1844",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1807",
      datePublished: "2015-10-16T20:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.383Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-6685
Vulnerability from cvelistv5
Published
2020-02-19 14:41
Modified
2024-08-06 21:36
Severity ?
Summary
Nokogiri before 1.5.4 is vulnerable to XXE attacks
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:36:01.934Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/sparklemotion/nokogiri/issues/693",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-06-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Nokogiri before 1.5.4 is vulnerable to XXE attacks",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-19T14:41:27",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/sparklemotion/nokogiri/issues/693",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-6685",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Nokogiri before 1.5.4 is vulnerable to XXE attacks",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sparklemotion/nokogiri/issues/693",
                     refsource: "CONFIRM",
                     url: "https://github.com/sparklemotion/nokogiri/issues/693",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
                  },
                  {
                     name: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
                     refsource: "CONFIRM",
                     url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-6685",
      datePublished: "2020-02-19T14:41:27",
      dateReserved: "2015-01-05T00:00:00",
      dateUpdated: "2024-08-06T21:36:01.934Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3723
Vulnerability from cvelistv5
Published
2016-05-17 14:00
Modified
2024-08-06 00:03
Severity ?
Summary
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.471Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
               },
               {
                  name: "RHSA-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1206",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
            },
            {
               name: "RHSA-2016:1206",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1206",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-3723",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                  },
                  {
                     name: "RHSA-2016:1206",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1206",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3723",
      datePublished: "2016-05-17T14:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.471Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-2125
Vulnerability from cvelistv5
Published
2013-10-01 17:00
Modified
2024-08-06 19:26
Severity ?
Summary
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
References
http://secunia.com/advisories/55381third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1582-1/vendor-advisory, x_refsource_UBUNTU
https://github.com/rubygems/rubygems/blob/1.8/History.txtx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-1203.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=814718x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/04/20/24mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1852.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-1441.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:26:08.518Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "55381",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/55381",
               },
               {
                  name: "USN-1582-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1582-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
               },
               {
                  name: "RHSA-2013:1203",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
               },
               {
                  name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in  upstream v1.8.23 version",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
               },
               {
                  name: "RHSA-2013:1852",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
               },
               {
                  name: "RHSA-2013:1441",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-04-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-01-07T13:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "55381",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/55381",
            },
            {
               name: "USN-1582-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1582-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
            },
            {
               name: "RHSA-2013:1203",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
            },
            {
               name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in  upstream v1.8.23 version",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
            },
            {
               name: "RHSA-2013:1852",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
            },
            {
               name: "RHSA-2013:1441",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2012-2125",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "55381",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/55381",
                  },
                  {
                     name: "USN-1582-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1582-1/",
                  },
                  {
                     name: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
                     refsource: "CONFIRM",
                     url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
                  },
                  {
                     name: "RHSA-2013:1203",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
                  },
                  {
                     name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in  upstream v1.8.23 version",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
                  },
                  {
                     name: "RHSA-2013:1852",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
                  },
                  {
                     name: "RHSA-2013:1441",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-2125",
      datePublished: "2013-10-01T17:00:00",
      dateReserved: "2012-04-04T00:00:00",
      dateUpdated: "2024-08-06T19:26:08.518Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1257
Vulnerability from cvelistv5
Published
2018-05-11 20:00
Modified
2024-09-16 22:56
Severity ?
Summary
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Impacted products
Vendor Product Version
Pivotal Spring Framework Version: 5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:51:49.126Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "104260",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/104260",
               },
               {
                  name: "RHSA-2018:1809",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1809",
               },
               {
                  name: "RHSA-2018:3768",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3768",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://pivotal.io/security/cve-2018-1257",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spring Framework",
               vendor: "Pivotal",
               versions: [
                  {
                     status: "affected",
                     version: "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17",
                  },
               ],
            },
         ],
         datePublic: "2018-05-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "ReDoS",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:00",
            orgId: "c550e75a-17ff-4988-97f0-544cde3820fe",
            shortName: "dell",
         },
         references: [
            {
               name: "104260",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/104260",
            },
            {
               name: "RHSA-2018:1809",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1809",
            },
            {
               name: "RHSA-2018:3768",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3768",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://pivotal.io/security/cve-2018-1257",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@dell.com",
               DATE_PUBLIC: "2018-05-09T00:00:00",
               ID: "CVE-2018-1257",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spring Framework",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Pivotal",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "ReDoS",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "104260",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/104260",
                  },
                  {
                     name: "RHSA-2018:1809",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1809",
                  },
                  {
                     name: "RHSA-2018:3768",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:3768",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                     refsource: "CONFIRM",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
                  {
                     name: "https://pivotal.io/security/cve-2018-1257",
                     refsource: "CONFIRM",
                     url: "https://pivotal.io/security/cve-2018-1257",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe",
      assignerShortName: "dell",
      cveId: "CVE-2018-1257",
      datePublished: "2018-05-11T20:00:00Z",
      dateReserved: "2017-12-06T00:00:00",
      dateUpdated: "2024-09-16T22:56:18.536Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-14845
Vulnerability from cvelistv5
Published
2019-10-08 18:43
Modified
2024-08-05 00:26
Summary
A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:4101vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4237vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat openshift Version: opneshift build 4.1 up to 4.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:26:39.114Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845",
               },
               {
                  name: "RHSA-2019:4101",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:4101",
               },
               {
                  name: "RHSA-2019:4237",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:4237",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "opneshift build 4.1 up to 4.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-494",
                     description: "CWE-494",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-20T01:06:04",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845",
            },
            {
               name: "RHSA-2019:4101",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:4101",
            },
            {
               name: "RHSA-2019:4237",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:4237",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-14845",
      datePublished: "2019-10-08T18:43:24",
      dateReserved: "2019-08-10T00:00:00",
      dateUpdated: "2024-08-05T00:26:39.114Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-7370
Vulnerability from cvelistv5
Published
2019-12-11 13:55
Modified
2024-08-06 18:01
Severity ?
Summary
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
Impacted products
Vendor Product Version
n/a n/a Version: < 2.8.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T18:01:20.629Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2013-7370",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2013-7370",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/05/13/1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/04/21/2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "< 2.8.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "in the Sencha Labs Connect middleware",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-11T14:01:12",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2013-7370",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/cve-2013-7370",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/05/13/1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/04/21/2",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-7370",
      datePublished: "2019-12-11T13:55:37",
      dateReserved: "2014-04-21T00:00:00",
      dateUpdated: "2024-08-06T18:01:20.629Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-6135
Vulnerability from cvelistv5
Published
2019-11-19 16:56
Modified
2024-08-06 21:28
Severity ?
Summary
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
Impacted products
Vendor Product Version
ruby-passenger ruby-passenger Version: 4.0.53-1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:28:38.905Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2012-6135",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/03/02/1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135",
               },
               {
                  name: "58259",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "https://www.securityfocus.com/bid/58259",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "ruby-passenger",
               vendor: "ruby-passenger",
               versions: [
                  {
                     status: "affected",
                     version: "4.0.53-1",
                  },
               ],
            },
         ],
         datePublic: "2013-03-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Other",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-19T16:56:41",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2012-6135",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/03/02/1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135",
            },
            {
               name: "58259",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "https://www.securityfocus.com/bid/58259",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-6135",
      datePublished: "2019-11-19T16:56:41",
      dateReserved: "2012-12-06T00:00:00",
      dateUpdated: "2024-08-06T21:28:38.905Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-1485
Vulnerability from cvelistv5
Published
2024-02-13 23:31
Modified
2024-11-06 14:50
Summary
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.
Impacted products
Vendor Product Version
Version: 1.16.2
Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-1485",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-02-21T20:39:09.253403Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-05T17:21:53.512Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T18:40:21.236Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2024-1485",
               },
               {
                  name: "RHBZ#2264106",
                  tags: [
                     "issue-tracking",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264106",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-84xv-jfrm-h4gm",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/devfile/registry-support/pull/197",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/devfile/registry-support",
               defaultStatus: "unaffected",
               packageName: "registry-support",
               versions: [
                  {
                     status: "affected",
                     version: "1.16.2",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:ocp_tools",
               ],
               defaultStatus: "affected",
               packageName: "odo",
               product: "OpenShift Developer Tools and Services",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:openshift:4",
               ],
               defaultStatus: "affected",
               packageName: "openshift4/ose-console",
               product: "Red Hat OpenShift Container Platform 4",
               vendor: "Red Hat",
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Red Hat would like to thank Joern Schneeweisz (GitLab Security Research Team) for reporting this issue.",
            },
         ],
         datePublic: "2024-02-05T00:00:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Important",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-23",
                     description: "Relative Path Traversal",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-06T14:50:04.605Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-1485",
            },
            {
               name: "RHBZ#2264106",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264106",
            },
            {
               url: "https://github.com/advisories/GHSA-84xv-jfrm-h4gm",
            },
            {
               url: "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d",
            },
            {
               url: "https://github.com/devfile/registry-support/pull/197",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-02-13T00:00:00+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-02-05T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Registry-support: decompress can delete files outside scope via relative paths",
         workarounds: [
            {
               lang: "en",
               value: "Limit or block the parsing of devfiles from untrusted sources.",
            },
         ],
         x_redhatCweChain: "CWE-349->CWE-23: Acceptance of Extraneous Untrusted Data With Trusted Data leads to Relative Path Traversal",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-1485",
      datePublished: "2024-02-13T23:31:14.427Z",
      dateReserved: "2024-02-13T21:47:23.979Z",
      dateUpdated: "2024-11-06T14:50:04.605Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-40370
Vulnerability from cvelistv5
Published
2023-08-22 21:57
Modified
2024-10-02 15:12
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 21.0.0    21.0.7.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T18:31:53.791Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7028218",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263470",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-40370",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-02T14:59:12.497018Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-02T15:12:35.118Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "21.0.7.1",
                     status: "affected",
                     version: "21.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled.  IBM X-Force ID:  263470.</span>\n\n",
                  },
               ],
               value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled.  IBM X-Force ID:  263470.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-22T21:57:37.071Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7028218",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263470",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-40370",
      datePublished: "2023-08-22T21:57:37.071Z",
      dateReserved: "2023-08-14T20:12:04.115Z",
      dateUpdated: "2024-10-02T15:12:35.118Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4364
Vulnerability from cvelistv5
Published
2018-01-08 19:00
Modified
2024-08-06 16:38
Severity ?
Summary
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:38:01.911Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1009734",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-09-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-08T18:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1009734",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4364",
      datePublished: "2018-01-08T19:00:00",
      dateReserved: "2013-06-12T00:00:00",
      dateUpdated: "2024-08-06T16:38:01.911Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5326
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.293Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5326",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5326",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.293Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19350
Vulnerability from cvelistv5
Published
2021-03-24 15:36
Modified
2024-08-05 02:16
Severity ?
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
n/a openshift/ansible-service-broker Version: as shipped in Red Hat Openshift 4 and 3.11
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:16:47.049Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793283",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/ansible-service-broker",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "as shipped in Red Hat Openshift 4 and 3.11",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-03-24T15:36:09",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793283",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-19350",
      datePublished: "2021-03-24T15:36:09",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-05T02:16:47.049Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-1761
Vulnerability from cvelistv5
Published
2021-05-27 19:45
Modified
2024-08-04 06:46
Severity ?
Summary
A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.
References
Impacted products
Vendor Product Version
n/a openshift/console Version: openshift/console-4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T06:46:30.893Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/console",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "openshift/console-4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-358",
                     description: "CWE-358",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-05-27T19:45:14",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2020-1761",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "openshift/console",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "openshift/console-4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-358",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-1761",
      datePublished: "2021-05-27T19:45:14",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-04T06:46:30.893Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-43573
Vulnerability from cvelistv5
Published
2023-01-05 17:39
Modified
2024-08-03 13:32
Summary
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 20.12   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:32:59.640Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6852655",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238678",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThan: "21.0.6",
                     status: "affected",
                     version: "20.12",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects.  IBM X-Force ID:  238678.",
                  },
               ],
               value: "IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects.  IBM X-Force ID:  238678.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.1,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-05T17:39:23.656Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6852655",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238678",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-43573",
      datePublished: "2023-01-05T17:39:23.656Z",
      dateReserved: "2022-10-20T20:12:57.788Z",
      dateUpdated: "2024-08-03T13:32:59.640Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-10875
Vulnerability from cvelistv5
Published
2018-07-13 22:00
Modified
2024-08-05 07:46
Summary
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
References
https://access.redhat.com/errata/RHSA-2018:2166vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2152vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2150vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1041396vdb-entry, x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875x_refsource_CONFIRM
https://access.redhat.com/errata/RHBA-2018:3788vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0054vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2151vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2321vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2585vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4396vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/4072-1/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019/09/msg00016.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
[UNKNOWN] ansible Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T07:46:47.518Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2018:2166",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2166",
               },
               {
                  name: "RHSA-2018:2152",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2152",
               },
               {
                  name: "RHSA-2018:2150",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2150",
               },
               {
                  name: "1041396",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1041396",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875",
               },
               {
                  name: "RHBA-2018:3788",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHBA-2018:3788",
               },
               {
                  name: "RHSA-2019:0054",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0054",
               },
               {
                  name: "RHSA-2018:2151",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2151",
               },
               {
                  name: "RHSA-2018:2321",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2321",
               },
               {
                  name: "RHSA-2018:2585",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2585",
               },
               {
                  name: "DSA-4396",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4396",
               },
               {
                  name: "openSUSE-SU-2019:1125",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
               },
               {
                  name: "USN-4072-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4072-1/",
               },
               {
                  name: "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "ansible",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-06-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-426",
                     description: "CWE-426",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-16T14:06:20",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2018:2166",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2166",
            },
            {
               name: "RHSA-2018:2152",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2152",
            },
            {
               name: "RHSA-2018:2150",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2150",
            },
            {
               name: "1041396",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1041396",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875",
            },
            {
               name: "RHBA-2018:3788",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHBA-2018:3788",
            },
            {
               name: "RHSA-2019:0054",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0054",
            },
            {
               name: "RHSA-2018:2151",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2151",
            },
            {
               name: "RHSA-2018:2321",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2321",
            },
            {
               name: "RHSA-2018:2585",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2585",
            },
            {
               name: "DSA-4396",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4396",
            },
            {
               name: "openSUSE-SU-2019:1125",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
            },
            {
               name: "USN-4072-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4072-1/",
            },
            {
               name: "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2018-10875",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "ansible",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "[UNKNOWN]",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-426",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2018:2166",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2166",
                  },
                  {
                     name: "RHSA-2018:2152",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2152",
                  },
                  {
                     name: "RHSA-2018:2150",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2150",
                  },
                  {
                     name: "1041396",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1041396",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875",
                  },
                  {
                     name: "RHBA-2018:3788",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHBA-2018:3788",
                  },
                  {
                     name: "RHSA-2019:0054",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:0054",
                  },
                  {
                     name: "RHSA-2018:2151",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2151",
                  },
                  {
                     name: "RHSA-2018:2321",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2321",
                  },
                  {
                     name: "RHSA-2018:2585",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2585",
                  },
                  {
                     name: "DSA-4396",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4396",
                  },
                  {
                     name: "openSUSE-SU-2019:1125",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
                  },
                  {
                     name: "USN-4072-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4072-1/",
                  },
                  {
                     name: "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-10875",
      datePublished: "2018-07-13T22:00:00",
      dateReserved: "2018-05-09T00:00:00",
      dateUpdated: "2024-08-05T07:46:47.518Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0068
Vulnerability from cvelistv5
Published
2022-06-30 20:34
Modified
2024-08-06 09:05
Severity ?
Summary
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.
References
Impacted products
Vendor Product Version
n/a openshift node-util Version: openshift node-util as shipped in Openshift Enterprise 1.x and 2.x
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:38.301Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1064100",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift node-util",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "openshift node-util as shipped in Openshift Enterprise 1.x and 2.x",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-732",
                     description: "CWE-732",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-30T20:34:16",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1064100",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0068",
      datePublished: "2022-06-30T20:34:16",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:38.301Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5323
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.554Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5323",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5323",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.554Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-42439
Vulnerability from cvelistv5
Published
2023-02-06 20:25
Modified
2024-08-03 13:10
Summary
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
Impacted products
Vendor Product Version
IBM App Connect Enterprise Version: 11.0.0.17   
Version: 12.0.4.0   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:10:40.440Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6952435",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "App Connect Enterprise",
               vendor: "IBM",
               versions: [
                  {
                     lessThan: "11.0.0.19",
                     status: "affected",
                     version: "11.0.0.17",
                     versionType: "semver",
                  },
                  {
                     lessThan: "12.0.5.0",
                     status: "affected",
                     version: "12.0.4.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.</span>\n\n",
                  },
               ],
               value: "\nIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-02-17T16:10:51.689Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6952435",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM App Connect Enterprise information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-42439",
      datePublished: "2023-02-06T20:25:26.204Z",
      dateReserved: "2022-10-06T15:51:26.500Z",
      dateUpdated: "2024-08-03T13:10:40.440Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-8631
Vulnerability from cvelistv5
Published
2018-07-31 20:00
Modified
2024-08-06 02:27
Summary
The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.
References
http://www.securityfocus.com/bid/94110vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2016:2696vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631x_refsource_CONFIRM
Impacted products
Vendor Product Version
Red Hat Openshift Enterprise Version: 3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T02:27:41.243Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "94110",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/94110",
               },
               {
                  name: "RHSA-2016:2696",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:2696",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Openshift Enterprise",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "3",
                  },
               ],
            },
         ],
         datePublic: "2016-11-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-08-01T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "94110",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/94110",
            },
            {
               name: "RHSA-2016:2696",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:2696",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-8631",
      datePublished: "2018-07-31T20:00:00",
      dateReserved: "2016-10-12T00:00:00",
      dateUpdated: "2024-08-06T02:27:41.243Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5736
Vulnerability from cvelistv5
Published
2019-02-11 00:00
Modified
2024-08-04 20:01
Severity ?
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
References
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
https://access.redhat.com/errata/RHSA-2019:0408vendor-advisory
https://github.com/rancher/runc-cve
https://access.redhat.com/errata/RHSA-2019:0401vendor-advisory
https://github.com/docker/docker-ce/releases/tag/v18.09.2
https://www.synology.com/security/advisory/Synology_SA_19_06
https://security.netapp.com/advisory/ntap-20190307-0008/
https://access.redhat.com/errata/RHSA-2019:0303vendor-advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runcvendor-advisory
https://github.com/q3k/cve-2019-5736-poc
https://www.exploit-db.com/exploits/46359/exploit
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
https://www.openwall.com/lists/oss-security/2019/02/11/2
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
https://access.redhat.com/security/cve/cve-2019-5736
https://www.exploit-db.com/exploits/46369/exploit
https://access.redhat.com/errata/RHSA-2019:0304vendor-advisory
https://github.com/Frichetten/CVE-2019-5736-PoC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
https://brauner.github.io/2019/02/12/privileged-containers.html
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
http://www.securityfocus.com/bid/106976vdb-entry
https://access.redhat.com/security/vulnerabilities/runcescape
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
https://bugzilla.suse.com/show_bug.cgi?id=1121967
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3Emailing-list
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3Emailing-list
http://www.openwall.com/lists/oss-security/2019/03/23/1mailing-list
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlvendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/vendor-advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
https://access.redhat.com/errata/RHSA-2019:0975vendor-advisory
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3Emailing-list
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3Emailing-list
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlvendor-advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2mailing-list
http://www.openwall.com/lists/oss-security/2019/07/06/3mailing-list
http://www.openwall.com/lists/oss-security/2019/07/06/4mailing-list
https://usn.ubuntu.com/4048-1/vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlvendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/vendor-advisory
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3Emailing-list
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlvendor-advisory
http://www.openwall.com/lists/oss-security/2019/10/24/1mailing-list
http://www.openwall.com/lists/oss-security/2019/10/29/3mailing-list
https://security.gentoo.org/glsa/202003-21vendor-advisory
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3Emailing-list
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
http://www.openwall.com/lists/oss-security/2024/01/31/6mailing-list
http://www.openwall.com/lists/oss-security/2024/02/01/1mailing-list
http://www.openwall.com/lists/oss-security/2024/02/02/3mailing-list
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:01:52.208Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
               },
               {
                  name: "RHSA-2019:0408",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0408",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/rancher/runc-cve",
               },
               {
                  name: "RHSA-2019:0401",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0401",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.synology.com/security/advisory/Synology_SA_19_06",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190307-0008/",
               },
               {
                  name: "RHSA-2019:0303",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0303",
               },
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/q3k/cve-2019-5736-poc",
               },
               {
                  name: "46359",
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/46359/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2019/02/11/2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2019-5736",
               },
               {
                  name: "46369",
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/46369/",
               },
               {
                  name: "RHSA-2019:0304",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0304",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Frichetten/CVE-2019-5736-PoC",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://brauner.github.io/2019/02/12/privileged-containers.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
               },
               {
                  name: "106976",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106976",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/vulnerabilities/runcescape",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
               },
               {
                  name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E",
               },
               {
                  name: "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E",
               },
               {
                  name: "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/03/23/1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
               },
               {
                  name: "openSUSE-SU-2019:1079",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
               },
               {
                  name: "openSUSE-SU-2019:1227",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
               },
               {
                  name: "openSUSE-SU-2019:1275",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
               },
               {
                  name: "FEDORA-2019-bc70b381ad",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
               },
               {
                  name: "FEDORA-2019-6174b47003",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
               },
               {
                  name: "RHSA-2019:0975",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0975",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
               },
               {
                  name: "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E",
               },
               {
                  name: "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E",
               },
               {
                  name: "openSUSE-SU-2019:1444",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
               },
               {
                  name: "openSUSE-SU-2019:1481",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
               },
               {
                  name: "openSUSE-SU-2019:1499",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
               },
               {
                  name: "openSUSE-SU-2019:1506",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
               },
               {
                  name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/06/28/2",
               },
               {
                  name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/07/06/3",
               },
               {
                  name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/07/06/4",
               },
               {
                  name: "USN-4048-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4048-1/",
               },
               {
                  name: "openSUSE-SU-2019:2021",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
               },
               {
                  name: "FEDORA-2019-2baa1f7b19",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
               },
               {
                  name: "FEDORA-2019-c1dac1b3b8",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
               },
               {
                  name: "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E",
               },
               {
                  name: "openSUSE-SU-2019:2245",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
               },
               {
                  name: "openSUSE-SU-2019:2286",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
               },
               {
                  name: "[oss-security] 20191023 Membership application for linux-distros - VMware",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/10/24/1",
               },
               {
                  name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/10/29/3",
               },
               {
                  name: "GLSA-202003-21",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-21",
               },
               {
                  name: "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html",
               },
               {
                  name: "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/01/31/6",
               },
               {
                  name: "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/02/01/1",
               },
               {
                  name: "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/02/02/3",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-02-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-02T12:06:25.591627",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
            },
            {
               name: "RHSA-2019:0408",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0408",
            },
            {
               url: "https://github.com/rancher/runc-cve",
            },
            {
               name: "RHSA-2019:0401",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0401",
            },
            {
               url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
            },
            {
               url: "https://www.synology.com/security/advisory/Synology_SA_19_06",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20190307-0008/",
            },
            {
               name: "RHSA-2019:0303",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0303",
            },
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
            },
            {
               url: "https://github.com/q3k/cve-2019-5736-poc",
            },
            {
               name: "46359",
               tags: [
                  "exploit",
               ],
               url: "https://www.exploit-db.com/exploits/46359/",
            },
            {
               url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
            },
            {
               url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
            },
            {
               url: "https://www.openwall.com/lists/oss-security/2019/02/11/2",
            },
            {
               url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
            },
            {
               url: "https://access.redhat.com/security/cve/cve-2019-5736",
            },
            {
               name: "46369",
               tags: [
                  "exploit",
               ],
               url: "https://www.exploit-db.com/exploits/46369/",
            },
            {
               name: "RHSA-2019:0304",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0304",
            },
            {
               url: "https://github.com/Frichetten/CVE-2019-5736-PoC",
            },
            {
               url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
            },
            {
               url: "https://brauner.github.io/2019/02/12/privileged-containers.html",
            },
            {
               url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
            },
            {
               url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
            },
            {
               name: "106976",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/106976",
            },
            {
               url: "https://access.redhat.com/security/vulnerabilities/runcescape",
            },
            {
               url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
            },
            {
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
            },
            {
               name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E",
            },
            {
               name: "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E",
            },
            {
               name: "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/03/23/1",
            },
            {
               url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
            },
            {
               name: "openSUSE-SU-2019:1079",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
            },
            {
               name: "openSUSE-SU-2019:1227",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
            },
            {
               name: "openSUSE-SU-2019:1275",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
            },
            {
               name: "FEDORA-2019-bc70b381ad",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
            },
            {
               name: "FEDORA-2019-6174b47003",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
            },
            {
               url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
            },
            {
               name: "RHSA-2019:0975",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0975",
            },
            {
               url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
            },
            {
               url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
            },
            {
               name: "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E",
            },
            {
               name: "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E",
            },
            {
               name: "openSUSE-SU-2019:1444",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
            },
            {
               name: "openSUSE-SU-2019:1481",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
            },
            {
               name: "openSUSE-SU-2019:1499",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
            },
            {
               name: "openSUSE-SU-2019:1506",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
            },
            {
               name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/06/28/2",
            },
            {
               name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/07/06/3",
            },
            {
               name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/07/06/4",
            },
            {
               name: "USN-4048-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/4048-1/",
            },
            {
               name: "openSUSE-SU-2019:2021",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
            },
            {
               name: "FEDORA-2019-2baa1f7b19",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
            },
            {
               name: "FEDORA-2019-c1dac1b3b8",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
            },
            {
               name: "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E",
            },
            {
               name: "openSUSE-SU-2019:2245",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
            },
            {
               name: "openSUSE-SU-2019:2286",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
            },
            {
               name: "[oss-security] 20191023 Membership application for linux-distros - VMware",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/10/24/1",
            },
            {
               name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/10/29/3",
            },
            {
               name: "GLSA-202003-21",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202003-21",
            },
            {
               name: "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html",
            },
            {
               url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html",
            },
            {
               name: "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/01/31/6",
            },
            {
               name: "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/02/01/1",
            },
            {
               name: "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/02/02/3",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-5736",
      datePublished: "2019-02-11T00:00:00",
      dateReserved: "2019-01-08T00:00:00",
      dateUpdated: "2024-08-04T20:01:52.208Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20578
Vulnerability from cvelistv5
Published
2021-09-30 16:20
Modified
2024-09-17 00:31
Summary
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.
Impacted products
Vendor Product Version
IBM Cloud Pak for Security Version: 1.7.0.0
Version: 1.7.1.0
Version: 1.7.2.0
Version: 1.8.0.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:45:44.685Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6493729",
               },
               {
                  name: "ibm-cp4s-cve202120578-improper-auth (199282)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cloud Pak for Security",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "1.7.0.0",
                  },
                  {
                     status: "affected",
                     version: "1.7.1.0",
                  },
                  {
                     status: "affected",
                     version: "1.7.2.0",
                  },
                  {
                     status: "affected",
                     version: "1.8.0.0",
                  },
               ],
            },
         ],
         datePublic: "2021-09-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 4.7,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/C:L/AC:L/PR:N/A:N/I:L/AV:A/S:U/UI:N/RC:C/E:U/RL:O",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Gain Access",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-09-30T16:20:16",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6493729",
            },
            {
               name: "ibm-cp4s-cve202120578-improper-auth (199282)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2021-09-29T00:00:00",
               ID: "CVE-2021-20578",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cloud Pak for Security",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.7.0.0",
                                       },
                                       {
                                          version_value: "1.7.1.0",
                                       },
                                       {
                                          version_value: "1.7.2.0",
                                       },
                                       {
                                          version_value: "1.8.0.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "L",
                     AV: "A",
                     C: "L",
                     I: "L",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Gain Access",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6493729",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6493729 (Cloud Pak for Security)",
                     url: "https://www.ibm.com/support/pages/node/6493729",
                  },
                  {
                     name: "ibm-cp4s-cve202120578-improper-auth (199282)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2021-20578",
      datePublished: "2021-09-30T16:20:16.598071Z",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-09-17T00:31:00.175Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7537
Vulnerability from cvelistv5
Published
2016-02-03 15:00
Modified
2024-08-06 07:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:51:28.599Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
               },
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-12-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
            },
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-7537",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
                  },
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-7537",
      datePublished: "2016-02-03T15:00:00",
      dateReserved: "2015-09-29T00:00:00",
      dateUpdated: "2024-08-06T07:51:28.599Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1813
Vulnerability from cvelistv5
Published
2015-10-16 20:00
Modified
2024-08-06 04:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.273Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
               },
               {
                  name: "RHSA-2015:1844",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-03-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
            },
            {
               name: "RHSA-2015:1844",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-1813",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
                  },
                  {
                     name: "RHSA-2015:1844",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1813",
      datePublished: "2015-10-16T20:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.273Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5321
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.341Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5321",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5321",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.341Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2142
Vulnerability from cvelistv5
Published
2016-06-08 17:00
Modified
2024-08-05 23:17
Severity ?
Summary
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.
References
https://access.redhat.com/errata/RHSA-2016:1038vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.581Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:1038",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1038",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:1038",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1038",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-2142",
      datePublished: "2016-06-08T17:00:00",
      dateReserved: "2016-01-29T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.581Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-29912
Vulnerability from cvelistv5
Published
2021-10-19 15:15
Modified
2024-09-16 23:11
Summary
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.
Impacted products
Vendor Product Version
IBM Cloud Pak for Security Version: 1.7.0.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T22:18:03.282Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6505283",
               },
               {
                  name: "ibm-drm-cve202129912-xss (207828)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cloud Pak for Security",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "1.7.0.0",
                  },
               ],
            },
         ],
         datePublic: "2021-10-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitCodeMaturity: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "CHANGED",
                  temporalScore: 5.2,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/PR:L/AC:L/I:L/UI:R/C:L/S:C/A:N/RC:C/E:H/RL:O",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Cross-Site Scripting",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-19T15:15:14",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6505283",
            },
            {
               name: "ibm-drm-cve202129912-xss (207828)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2021-10-18T00:00:00",
               ID: "CVE-2021-29912",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cloud Pak for Security",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.7.0.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "L",
                     AV: "N",
                     C: "L",
                     I: "L",
                     PR: "L",
                     S: "C",
                     UI: "R",
                  },
                  TM: {
                     E: "H",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Cross-Site Scripting",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6505283",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6505283 (Cloud Pak for Security)",
                     url: "https://www.ibm.com/support/pages/node/6505283",
                  },
                  {
                     name: "ibm-drm-cve202129912-xss (207828)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2021-29912",
      datePublished: "2021-10-19T15:15:14.541857Z",
      dateReserved: "2021-03-31T00:00:00",
      dateUpdated: "2024-09-16T23:11:09.698Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-7534
Vulnerability from cvelistv5
Published
2018-04-11 19:00
Modified
2024-08-05 16:04
Severity ?
Summary
OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.
References
Impacted products
Vendor Product Version
Red Hat, Inc. Openshift Version: 3.x
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:04:11.828Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "103754",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103754",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1443003",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Openshift",
               vendor: "Red Hat, Inc.",
               versions: [
                  {
                     status: "affected",
                     version: "3.x",
                  },
               ],
            },
         ],
         datePublic: "2018-04-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-04-17T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "103754",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103754",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1443003",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2017-7534",
      datePublished: "2018-04-11T19:00:00Z",
      dateReserved: "2017-04-05T00:00:00",
      dateUpdated: "2024-08-05T16:04:11.828Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1059
Vulnerability from cvelistv5
Published
2018-04-24 18:00
Modified
2024-09-17 00:46
Severity ?
Summary
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
References
https://access.redhat.com/errata/RHSA-2018:2524vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2102vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/cve-2018-1059x_refsource_MISC
https://usn.ubuntu.com/3642-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2038vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3642-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:1267vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1544298x_refsource_CONFIRM
Impacted products
Vendor Product Version
Red Hat, Inc. DPDK Version: before 18.02.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:44:11.812Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2018:2524",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2524",
               },
               {
                  name: "RHSA-2018:2102",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2102",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2018-1059",
               },
               {
                  name: "USN-3642-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3642-2/",
               },
               {
                  name: "RHSA-2018:2038",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2038",
               },
               {
                  name: "USN-3642-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3642-1/",
               },
               {
                  name: "RHSA-2018:1267",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1267",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "DPDK",
               vendor: "Red Hat, Inc.",
               versions: [
                  {
                     status: "affected",
                     version: "before 18.02.1",
                  },
               ],
            },
         ],
         datePublic: "2018-04-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "CWE-200",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-08-21T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2018:2524",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2524",
            },
            {
               name: "RHSA-2018:2102",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2102",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/cve-2018-1059",
            },
            {
               name: "USN-3642-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3642-2/",
            },
            {
               name: "RHSA-2018:2038",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2038",
            },
            {
               name: "USN-3642-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3642-1/",
            },
            {
               name: "RHSA-2018:1267",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1267",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               DATE_PUBLIC: "2018-04-23T00:00:00",
               ID: "CVE-2018-1059",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "DPDK",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before 18.02.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Red Hat, Inc.",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-200",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2018:2524",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2524",
                  },
                  {
                     name: "RHSA-2018:2102",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2102",
                  },
                  {
                     name: "https://access.redhat.com/security/cve/cve-2018-1059",
                     refsource: "MISC",
                     url: "https://access.redhat.com/security/cve/cve-2018-1059",
                  },
                  {
                     name: "USN-3642-2",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3642-2/",
                  },
                  {
                     name: "RHSA-2018:2038",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2038",
                  },
                  {
                     name: "USN-3642-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3642-1/",
                  },
                  {
                     name: "RHSA-2018:1267",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1267",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-1059",
      datePublished: "2018-04-24T18:00:00Z",
      dateReserved: "2017-12-04T00:00:00",
      dateUpdated: "2024-09-17T00:46:47.514Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1808
Vulnerability from cvelistv5
Published
2015-10-16 20:00
Modified
2024-08-06 04:54
Severity ?
Summary
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.322Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
               },
               {
                  name: "RHSA-2015:1844",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-02-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
            },
            {
               name: "RHSA-2015:1844",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-1808",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
                  },
                  {
                     name: "RHSA-2015:1844",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1808",
      datePublished: "2015-10-16T20:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.322Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-14645
Vulnerability from cvelistv5
Published
2018-09-21 13:00
Modified
2024-08-05 09:38
Summary
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
References
https://usn.ubuntu.com/3780-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2882vendor-advisory, x_refsource_REDHAT
https://www.mail-archive.com/haproxy%40formilux.org/msg31253.htmlmailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645x_refsource_CONFIRM
https://access.redhat.com/errata/RHBA-2019:0028vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
[UNKNOWN] haproxy Version: 1.8.14
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T09:38:12.812Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-3780-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3780-1/",
               },
               {
                  name: "RHSA-2018:2882",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2882",
               },
               {
                  name: "[haproxy] 20180920 [ANNOUNCE] haproxy-1.8.14 - Security Update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645",
               },
               {
                  name: "RHBA-2019:0028",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHBA-2019:0028",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "haproxy",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "1.8.14",
                  },
               ],
            },
         ],
         datePublic: "2018-09-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-07-23T07:06:04",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "USN-3780-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3780-1/",
            },
            {
               name: "RHSA-2018:2882",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2882",
            },
            {
               name: "[haproxy] 20180920 [ANNOUNCE] haproxy-1.8.14 - Security Update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645",
            },
            {
               name: "RHBA-2019:0028",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHBA-2019:0028",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2018-14645",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "haproxy",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.8.14",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "[UNKNOWN]",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-125",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-3780-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3780-1/",
                  },
                  {
                     name: "RHSA-2018:2882",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2882",
                  },
                  {
                     name: "[haproxy] 20180920 [ANNOUNCE] haproxy-1.8.14 - Security Update",
                     refsource: "MLIST",
                     url: "https://www.mail-archive.com/haproxy@formilux.org/msg31253.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645",
                  },
                  {
                     name: "RHBA-2019:0028",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHBA-2019:0028",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-14645",
      datePublished: "2018-09-21T13:00:00",
      dateReserved: "2018-07-27T00:00:00",
      dateUpdated: "2024-08-05T09:38:12.812Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4561
Vulnerability from cvelistv5
Published
2022-06-30 18:40
Modified
2024-08-06 16:45
Severity ?
Summary
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.
Impacted products
Vendor Product Version
n/a openshift-origin-msg-node-mcollective Version: openshift-origin-msg-node-mcollective as shipped with Red Hat OpenShift Online and OpenShift Enterprise 1.x.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:45:15.230Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1029652",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift-origin-msg-node-mcollective",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "openshift-origin-msg-node-mcollective  as shipped with Red Hat OpenShift Online and OpenShift Enterprise 1.x.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-377",
                     description: "CWE-377",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-30T18:40:58",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1029652",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4561",
      datePublished: "2022-06-30T18:40:58",
      dateReserved: "2013-06-12T00:00:00",
      dateUpdated: "2024-08-06T16:45:15.230Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-5409
Vulnerability from cvelistv5
Published
2017-04-20 17:00
Modified
2024-08-06 01:01
Severity ?
Summary
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:01:00.226Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1366461",
               },
               {
                  name: "97988",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/97988",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-08-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-04-26T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1366461",
            },
            {
               name: "97988",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/97988",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-5409",
      datePublished: "2017-04-20T17:00:00",
      dateReserved: "2016-06-10T00:00:00",
      dateUpdated: "2024-08-06T01:01:00.226Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-29894
Vulnerability from cvelistv5
Published
2021-09-30 16:20
Modified
2024-09-16 20:52
Summary
IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.
Impacted products
Vendor Product Version
IBM Cloud Pak for Security Version: 1.7.0.0
Version: 1.7.1.0
Version: 1.7.2.0
Version: 1.8.0.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T22:18:03.219Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6493729",
               },
               {
                  name: "ibm-cp4s-cve202129894-info-disc (207320)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cloud Pak for Security",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "1.7.0.0",
                  },
                  {
                     status: "affected",
                     version: "1.7.1.0",
                  },
                  {
                     status: "affected",
                     version: "1.7.2.0",
                  },
                  {
                     status: "affected",
                     version: "1.8.0.0",
                  },
               ],
            },
         ],
         datePublic: "2021-09-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 5.2,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/C:H/PR:N/AC:H/I:N/A:N/S:U/UI:N/AV:N/E:U/RL:O/RC:C",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-09-30T16:20:18",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6493729",
            },
            {
               name: "ibm-cp4s-cve202129894-info-disc (207320)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2021-09-29T00:00:00",
               ID: "CVE-2021-29894",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cloud Pak for Security",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.7.0.0",
                                       },
                                       {
                                          version_value: "1.7.1.0",
                                       },
                                       {
                                          version_value: "1.7.2.0",
                                       },
                                       {
                                          version_value: "1.8.0.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "H",
                     AV: "N",
                     C: "H",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6493729",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6493729 (Cloud Pak for Security)",
                     url: "https://www.ibm.com/support/pages/node/6493729",
                  },
                  {
                     name: "ibm-cp4s-cve202129894-info-disc (207320)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2021-29894",
      datePublished: "2021-09-30T16:20:18.227248Z",
      dateReserved: "2021-03-31T00:00:00",
      dateUpdated: "2024-09-16T20:52:47.440Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-41731
Vulnerability from cvelistv5
Published
2023-02-06 20:09
Modified
2024-08-03 12:49
Summary
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.
Impacted products
Vendor Product Version
IBM Watson Knowledge Catalog on-prem Version: 4.5.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T12:49:43.943Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6890729",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/237402",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Watson Knowledge Catalog on-prem",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "4.5.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.  IBM X-Force ID:  237402.",
                  },
               ],
               value: "IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.  IBM X-Force ID:  237402.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 8.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-02-12T01:45:42.615671Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6890729",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/237402",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Watson Knowledge Catalog on Cloud Pak SQL injection",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-41731",
      datePublished: "2023-02-06T20:09:15.879Z",
      dateReserved: "2022-09-28T17:18:53.375Z",
      dateUpdated: "2024-08-03T12:49:43.943Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4125
Vulnerability from cvelistv5
Published
2022-08-24 15:09
Modified
2024-08-03 17:16
Severity ?
Summary
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
Impacted products
Vendor Product Version
n/a kube-reporting/hive Version: Fixed in v4.8, v4.7 and v4.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:04.248Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033121",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2021-4125",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2021-44228",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2021-45046",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/kube-reporting/hive/pull/71",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/kube-reporting/hive/pull/72",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/kube-reporting/hive/pull/73",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "kube-reporting/hive",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in v4.8, v4.7 and v4.6",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 - Improper Input Validation, CWE-502 - Deserialization of Untrusted Data, CWE-400 - Uncontrolled Resource Consumption",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-24T15:09:17",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033121",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2021-4125",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2021-44228",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2021-45046",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/kube-reporting/hive/pull/71",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/kube-reporting/hive/pull/72",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/kube-reporting/hive/pull/73",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-4125",
      datePublished: "2022-08-24T15:09:17",
      dateReserved: "2021-12-16T00:00:00",
      dateUpdated: "2024-08-03T17:16:04.248Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-3884
Vulnerability from cvelistv5
Published
2019-08-01 13:20
Modified
2024-08-04 19:19
Summary
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
References
Impacted products
Vendor Product Version
Red Hat atomic-openshift Version: 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:19:18.666Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "atomic-openshift",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 3.6,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-290",
                     description: "CWE-290",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-01T13:20:50",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-3884",
      datePublished: "2019-08-01T13:20:50",
      dateReserved: "2019-01-03T00:00:00",
      dateUpdated: "2024-08-04T19:19:18.666Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-5418
Vulnerability from cvelistv5
Published
2016-09-21 14:00
Modified
2024-08-06 01:00
Severity ?
Summary
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:00:59.971Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601",
               },
               {
                  name: "RHSA-2016:1852",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1852",
               },
               {
                  name: "RHSA-2016:1853",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1853",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
               },
               {
                  name: "RHSA-2016:1844",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/libarchive/libarchive/issues/746",
               },
               {
                  name: "RHSA-2016:1850",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html",
               },
               {
                  name: "GLSA-201701-03",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201701-03",
               },
               {
                  name: "93165",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/93165",
               },
               {
                  name: "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/08/09/2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-08-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-06-30T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601",
            },
            {
               name: "RHSA-2016:1852",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1852",
            },
            {
               name: "RHSA-2016:1853",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1853",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
            },
            {
               name: "RHSA-2016:1844",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/libarchive/libarchive/issues/746",
            },
            {
               name: "RHSA-2016:1850",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html",
            },
            {
               name: "GLSA-201701-03",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201701-03",
            },
            {
               name: "93165",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/93165",
            },
            {
               name: "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/08/09/2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-5418",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601",
                  },
                  {
                     name: "RHSA-2016:1852",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1852",
                  },
                  {
                     name: "RHSA-2016:1853",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1853",
                  },
                  {
                     name: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
                     refsource: "CONFIRM",
                     url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9",
                  },
                  {
                     name: "RHSA-2016:1844",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  },
                  {
                     name: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f",
                     refsource: "MISC",
                     url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f",
                  },
                  {
                     name: "https://github.com/libarchive/libarchive/issues/746",
                     refsource: "CONFIRM",
                     url: "https://github.com/libarchive/libarchive/issues/746",
                  },
                  {
                     name: "RHSA-2016:1850",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html",
                  },
                  {
                     name: "GLSA-201701-03",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201701-03",
                  },
                  {
                     name: "93165",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/93165",
                  },
                  {
                     name: "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/08/09/2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-5418",
      datePublished: "2016-09-21T14:00:00",
      dateReserved: "2016-06-10T00:00:00",
      dateUpdated: "2024-08-06T01:00:59.971Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7561
Vulnerability from cvelistv5
Published
2017-08-07 17:00
Modified
2024-08-06 07:51
Severity ?
Summary
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:51:28.614Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/kubernetes/kubernetes/pull/18909",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291963",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-12-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-07T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/kubernetes/kubernetes/pull/18909",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291963",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-7561",
      datePublished: "2017-08-07T17:00:00",
      dateReserved: "2015-09-29T00:00:00",
      dateUpdated: "2024-08-06T07:51:28.614Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7528
Vulnerability from cvelistv5
Published
2016-04-11 21:00
Modified
2024-08-06 07:51
Severity ?
Summary
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:51:28.486Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin/pull/6113",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5",
               },
               {
                  name: "RHSA-2015:2615",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2615.html",
               },
               {
                  name: "RHSA-2015:2544",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2015:2544",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/kubernetes/kubernetes/pull/17886",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-12-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-04-11T20:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin/pull/6113",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5",
            },
            {
               name: "RHSA-2015:2615",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2615.html",
            },
            {
               name: "RHSA-2015:2544",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2015:2544",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/kubernetes/kubernetes/pull/17886",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-7528",
      datePublished: "2016-04-11T21:00:00",
      dateReserved: "2015-09-29T00:00:00",
      dateUpdated: "2024-08-06T07:51:28.486Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0196
Vulnerability from cvelistv5
Published
2019-12-30 21:17
Modified
2024-08-06 14:18
Severity ?
Summary
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
Impacted products
Vendor Product Version
OpenShift OpenShift Enterprise Version: 1.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:18:09.499Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2013-0196",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift Enterprise",
               vendor: "OpenShift",
               versions: [
                  {
                     status: "affected",
                     version: "1.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Cross-Site Request Forgery ",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-30T21:17:02",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/cve-2013-0196",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0196",
      datePublished: "2019-12-30T21:17:02",
      dateReserved: "2012-12-06T00:00:00",
      dateUpdated: "2024-08-06T14:18:09.499Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0164
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 14:18
Severity ?
Summary
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:18:09.219Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2",
               },
               {
                  name: "RHSA-2013:0220",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/pull/1136",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=893307",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-02-24T22:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2",
            },
            {
               name: "RHSA-2013:0220",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/pull/1136",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=893307",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0164",
      datePublished: "2013-02-24T22:00:00Z",
      dateReserved: "2012-12-06T00:00:00Z",
      dateUpdated: "2024-08-06T14:18:09.219Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-43922
Vulnerability from cvelistv5
Published
2023-02-01 17:32
Modified
2024-08-03 13:40
Summary
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.
Impacted products
Vendor Product Version
IBM App Connect Enterprise Certified Container Version: 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:40:06.572Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6857807",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "App Connect Enterprise Certified Container",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583.",
                  },
               ],
               value: "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "328 Reversible One-Way Hash",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-02-01T17:32:29.171Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6857807",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM App Connect Enterprise Certified Container information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-43922",
      datePublished: "2023-02-01T17:32:29.171Z",
      dateReserved: "2022-10-26T15:46:22.848Z",
      dateUpdated: "2024-08-03T13:40:06.572Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3664
Vulnerability from cvelistv5
Published
2014-10-15 14:00
Modified
2024-08-06 10:50
Severity ?
Summary
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:17.939Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147765",
               },
               {
                  name: "jenkins-cve20143664-dir-traversal(96973)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147765",
            },
            {
               name: "jenkins-cve20143664-dir-traversal(96973)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3664",
      datePublished: "2014-10-15T14:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:17.939Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-35900
Vulnerability from cvelistv5
Published
2023-07-19 00:58
Modified
2024-10-21 14:09
Summary
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 21.0.0    21.0.7.4
Version: 23.0.0    23.0.5
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T16:37:39.989Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7010895",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259368",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-35900",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-21T14:07:44.408091Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-21T14:09:24.300Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "21.0.7.4",
                     status: "affected",
                     version: "21.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "23.0.5",
                     status: "affected",
                     version: "23.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level.  IBM X-Force ID:  259368.",
                  },
               ],
               value: "IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level.  IBM X-Force ID:  259368.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-19T00:58:53.912Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7010895",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259368",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-35900",
      datePublished: "2023-07-19T00:58:53.912Z",
      dateReserved: "2023-06-20T02:24:31.593Z",
      dateUpdated: "2024-10-21T14:09:24.300Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-35901
Vulnerability from cvelistv5
Published
2023-07-16 23:31
Modified
2024-10-22 13:58
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 21.0.0    21.0.7.6
Version: 23.0.0    23.0.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T16:37:40.055Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7012317",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259380",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-35901",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-22T13:51:19.557944Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-22T13:58:28.204Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "21.0.7.6",
                     status: "affected",
                     version: "21.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "23.0.6",
                     status: "affected",
                     version: "23.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields.  IBM X-Force ID:  259380.",
                  },
               ],
               value: "IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields.  IBM X-Force ID:  259380.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 2.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-287",
                     description: "CWE-287 Improper Authentication",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-16T23:31:39.325Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7012317",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259380",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation security bypass",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-35901",
      datePublished: "2023-07-16T23:31:39.325Z",
      dateReserved: "2023-06-20T02:24:31.593Z",
      dateUpdated: "2024-10-22T13:58:28.204Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7501
Vulnerability from cvelistv5
Published
2017-11-09 00:00
Modified
2024-08-06 07:51
Severity ?
Summary
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
References
http://rhn.redhat.com/errata/RHSA-2016-0040.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2670.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2501.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2517.htmlvendor-advisory
http://www.securityfocus.com/bid/78215vdb-entry
http://www.securitytracker.com/id/1034097vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-2671.htmlvendor-advisory
http://www.securitytracker.com/id/1037052vdb-entry
http://www.securitytracker.com/id/1037640vdb-entry
http://rhn.redhat.com/errata/RHSA-2015-2522.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2521.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2516.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2500.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2514.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2502.htmlvendor-advisory
https://rhn.redhat.com/errata/RHSA-2015-2536.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-1773.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-2524.htmlvendor-advisory
http://www.securitytracker.com/id/1037053vdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=1279330
https://access.redhat.com/solutions/2045023
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://access.redhat.com/security/vulnerabilities/2059393
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://security.netapp.com/advisory/ntap-20240216-0010/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:51:28.224Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0040",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0040.html",
               },
               {
                  name: "RHSA-2015:2670",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2670.html",
               },
               {
                  name: "RHSA-2015:2501",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2501.html",
               },
               {
                  name: "RHSA-2015:2517",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2517.html",
               },
               {
                  name: "78215",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/78215",
               },
               {
                  name: "1034097",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034097",
               },
               {
                  name: "RHSA-2015:2671",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2671.html",
               },
               {
                  name: "1037052",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037052",
               },
               {
                  name: "1037640",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037640",
               },
               {
                  name: "RHSA-2015:2522",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2522.html",
               },
               {
                  name: "RHSA-2015:2521",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2521.html",
               },
               {
                  name: "RHSA-2015:2516",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2516.html",
               },
               {
                  name: "RHSA-2015:2500",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2500.html",
               },
               {
                  name: "RHSA-2015:2514",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2514.html",
               },
               {
                  name: "RHSA-2015:2502",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2502.html",
               },
               {
                  name: "RHSA-2015:2536",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://rhn.redhat.com/errata/RHSA-2015-2536.html",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
               {
                  name: "RHSA-2015:2524",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-2524.html",
               },
               {
                  name: "1037053",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037053",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279330",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/solutions/2045023",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/vulnerabilities/2059393",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240216-0010/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-16T13:06:08.221728",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0040",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0040.html",
            },
            {
               name: "RHSA-2015:2670",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2670.html",
            },
            {
               name: "RHSA-2015:2501",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2501.html",
            },
            {
               name: "RHSA-2015:2517",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2517.html",
            },
            {
               name: "78215",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/78215",
            },
            {
               name: "1034097",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1034097",
            },
            {
               name: "RHSA-2015:2671",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2671.html",
            },
            {
               name: "1037052",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1037052",
            },
            {
               name: "1037640",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1037640",
            },
            {
               name: "RHSA-2015:2522",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2522.html",
            },
            {
               name: "RHSA-2015:2521",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2521.html",
            },
            {
               name: "RHSA-2015:2516",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2516.html",
            },
            {
               name: "RHSA-2015:2500",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2500.html",
            },
            {
               name: "RHSA-2015:2514",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2514.html",
            },
            {
               name: "RHSA-2015:2502",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2502.html",
            },
            {
               name: "RHSA-2015:2536",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://rhn.redhat.com/errata/RHSA-2015-2536.html",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
            {
               name: "RHSA-2015:2524",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-2524.html",
            },
            {
               name: "1037053",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securitytracker.com/id/1037053",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279330",
            },
            {
               url: "https://access.redhat.com/solutions/2045023",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            },
            {
               url: "https://access.redhat.com/security/vulnerabilities/2059393",
            },
            {
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240216-0010/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-7501",
      datePublished: "2017-11-09T00:00:00",
      dateReserved: "2015-09-29T00:00:00",
      dateUpdated: "2024-08-06T07:51:28.224Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0163
Vulnerability from cvelistv5
Published
2019-12-11 15:33
Modified
2024-08-06 09:05
Severity ?
Summary
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
Impacted products
Vendor Product Version
Openshift Openshift Version: through 2014-04-03
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:38.899Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2014-0163",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Openshift",
               vendor: "Openshift",
               versions: [
                  {
                     status: "affected",
                     version: "through 2014-04-03",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Multiple shell command injection flaws",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-11T15:33:33",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/cve-2014-0163",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0163",
      datePublished: "2019-12-11T15:33:33",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:38.899Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0791
Vulnerability from cvelistv5
Published
2016-04-07 23:00
Modified
2024-08-05 22:30
Severity ?
Summary
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:05.037Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0711",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0711",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0711",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0711",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-0791",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0711",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0711",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0791",
      datePublished: "2016-04-07T23:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:05.037Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-2103
Vulnerability from cvelistv5
Published
2019-12-03 13:11
Modified
2024-08-06 15:27
Severity ?
Summary
OpenShift cartridge allows remote URL retrieval
Impacted products
Vendor Product Version
OpenShift cartridge OpenShift cartridge Version: through 2013-05-17
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:27:40.659Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2013-2103",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift cartridge",
               vendor: "OpenShift cartridge",
               versions: [
                  {
                     status: "affected",
                     version: "through 2013-05-17",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "OpenShift cartridge allows remote URL retrieval",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "remote URL retrieval",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-03T13:11:05",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/cve-2013-2103",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-2103",
      datePublished: "2019-12-03T13:11:05",
      dateReserved: "2013-02-19T00:00:00",
      dateUpdated: "2024-08-06T15:27:40.659Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-2119
Vulnerability from cvelistv5
Published
2014-01-02 21:00
Modified
2024-08-06 15:27
Severity ?
Summary
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:27:40.872Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813",
               },
               {
                  name: "RHSA-2013:1136",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-05-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-01-02T20:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813",
            },
            {
               name: "RHSA-2013:1136",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-2119",
      datePublished: "2014-01-02T21:00:00",
      dateReserved: "2013-02-19T00:00:00",
      dateUpdated: "2024-08-06T15:27:40.872Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-38733
Vulnerability from cvelistv5
Published
2023-08-22 21:54
Modified
2024-10-01 15:53
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 21.0.0    21.0.7.1
Version: 23.0.0    23.0.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T17:46:56.817Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7028223",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-38733",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-01T15:13:36.389729Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-01T15:53:45.988Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "21.0.7.1",
                     status: "affected",
                     version: "21.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "23.0.1",
                     status: "affected",
                     version: "23.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs.  IBM X-Force Id:  262293.</span>\n\n",
                  },
               ],
               value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs.  IBM X-Force Id:  262293.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-532",
                     description: "CWE-532 Insertion of Sensitive Information into Log File",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-22T21:54:14.033Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7028223",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-38733",
      datePublished: "2023-08-22T21:54:14.033Z",
      dateReserved: "2023-07-25T00:01:17.449Z",
      dateUpdated: "2024-10-01T15:53:45.988Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0175
Vulnerability from cvelistv5
Published
2019-12-13 12:40
Modified
2024-08-06 09:05
Severity ?
Summary
mcollective has a default password set at install
Impacted products
Vendor Product Version
mcollective mcollective Version: 2.6.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:39.212Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2014-0175",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2014-0175",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "mcollective",
               vendor: "mcollective",
               versions: [
                  {
                     status: "affected",
                     version: "2.6.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "mcollective has a default password set at install",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "password set at install",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-13T12:40:38",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2014-0175",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/cve-2014-0175",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0175",
      datePublished: "2019-12-13T12:40:38",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:39.212Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5322
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.367Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5322",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5322",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.367Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-38734
Vulnerability from cvelistv5
Published
2023-08-22 21:18
Modified
2024-10-03 13:28
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 21.0.0    21.0.7.1
Version: 23.0.0    23.0.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T17:46:56.808Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7028227",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262481",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "robotic_process_automation",
                  vendor: "ibm",
                  versions: [
                     {
                        lessThanOrEqual: "21.0.7.1",
                        status: "affected",
                        version: "21.0.0",
                        versionType: "semver",
                     },
                     {
                        lessThanOrEqual: "23.0.1",
                        status: "affected",
                        version: "23.0.0",
                        versionType: "semver",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-38734",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T13:26:45.892668Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T13:28:27.675Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "21.0.7.1",
                     status: "affected",
                     version: "21.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "23.0.1",
                     status: "affected",
                     version: "23.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory.  IBM X-Force ID:  262481.</span>\n\n",
                  },
               ],
               value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory.  IBM X-Force ID:  262481.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "266 Incorrect Privilege Assignment",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-22T21:18:08.392Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7028227",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262481",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation privilege escalation",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-38734",
      datePublished: "2023-08-22T21:18:08.392Z",
      dateReserved: "2023-07-25T00:01:17.449Z",
      dateUpdated: "2024-10-03T13:28:27.675Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5274
Vulnerability from cvelistv5
Published
2015-09-18 14:00
Modified
2024-08-06 06:41
Severity ?
Summary
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
References
http://rhn.redhat.com/errata/RHSA-2015-1808.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.288Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2015:1808",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1808.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-09-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-09-18T13:57:03",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2015:1808",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1808.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5274",
      datePublished: "2015-09-18T14:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.288Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-7517
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-05 16:04
Severity ?
Summary
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance.
Impacted products
Vendor Product Version
n/a Hawkular Metrics Version: Hawkular Metrics as shipped in Red Hat Openshift 3.x
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T16:04:11.756Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1470414",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2017-7517",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Hawkular Metrics",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Hawkular Metrics as shipped in Red Hat Openshift 3.x",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called \"MyProject\", and then later deletes it another user can then create a project called \"MyProject\" and access the metrics stored from the original \"MyProject\" instance.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-17T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1470414",
            },
            {
               url: "https://access.redhat.com/security/cve/CVE-2017-7517",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2017-7517",
      datePublished: "2022-10-17T00:00:00",
      dateReserved: "2017-04-05T00:00:00",
      dateUpdated: "2024-08-05T16:04:11.756Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-5622
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-08-06 21:14
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:14:16.008Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=883227",
               },
               {
                  name: "RHSA-2012:1555",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-1555.html",
               },
               {
                  name: "88333",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/88333",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/pull/1009",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-12-18T01:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=883227",
            },
            {
               name: "RHSA-2012:1555",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-1555.html",
            },
            {
               name: "88333",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/88333",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/pull/1009",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-5622",
      datePublished: "2012-12-18T01:00:00Z",
      dateReserved: "2012-10-24T00:00:00Z",
      dateUpdated: "2024-08-06T21:14:16.008Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0164
Vulnerability from cvelistv5
Published
2014-05-05 17:00
Modified
2024-08-06 09:05
Severity ?
Summary
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.
References
http://rhn.redhat.com/errata/RHSA-2014-0461.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-0460.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:39.151Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2014:0461",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0461.html",
               },
               {
                  name: "RHSA-2014:0460",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0460.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-05-05T16:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2014:0461",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0461.html",
            },
            {
               name: "RHSA-2014:0460",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0460.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0164",
      datePublished: "2014-05-05T17:00:00",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:39.151Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0788
Vulnerability from cvelistv5
Published
2016-04-07 23:00
Modified
2024-08-05 22:30
Severity ?
Summary
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:04.546Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0711",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0711",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0711",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0711",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-0788",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0711",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0711",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0788",
      datePublished: "2016-04-07T23:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:04.546Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-38732
Vulnerability from cvelistv5
Published
2023-08-22 13:13
Modified
2024-10-01 16:03
Summary
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 21.0.0    21.0.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T17:46:56.939Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7028221",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262289",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-38732",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-01T15:20:15.941301Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-01T16:03:30.784Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "21.0.7",
                     status: "affected",
                     version: "21.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.</span>\n\n",
                  },
               ],
               value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-532",
                     description: "CWE-532 Insertion of Sensitive Information into Log File",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-22T13:13:42.214Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7028221",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262289",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-38732",
      datePublished: "2023-08-22T13:13:42.214Z",
      dateReserved: "2023-07-25T00:01:06.101Z",
      dateUpdated: "2024-10-01T16:03:30.784Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-2186
Vulnerability from cvelistv5
Published
2013-10-28 21:00
Modified
2024-08-06 15:27
Severity ?
Summary
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
References
http://rhn.redhat.com/errata/RHSA-2013-1430.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-1429.htmlvendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/88133vdb-entry, x_refsource_XF
http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlx_refsource_CONFIRM
http://secunia.com/advisories/55716third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2013-1428.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2013/dsa-2827vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2016:0070vendor-advisory, x_refsource_REDHAT
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-1442.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-1448.htmlvendor-advisory, x_refsource_REDHAT
https://www.tenable.com/security/research/tra-2016-23x_refsource_MISC
http://www.securityfocus.com/bid/63174vdb-entry, x_refsource_BID
http://ubuntu.com/usn/usn-2029-1vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:27:40.996Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2013:1430",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1430.html",
               },
               {
                  name: "RHSA-2013:1429",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1429.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
               },
               {
                  name: "apache-commons-cve20132186-file-overrwite(88133)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133",
               },
               {
                  name: "openSUSE-SU-2013:1571",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
               },
               {
                  name: "55716",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/55716",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
               },
               {
                  name: "openSUSE-SU-2013:1596",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html",
               },
               {
                  name: "SUSE-SU-2013:1660",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html",
               },
               {
                  name: "RHSA-2013:1428",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1428.html",
               },
               {
                  name: "DSA-2827",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2013/dsa-2827",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
               {
                  name: "RHSA-2013:1442",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1442.html",
               },
               {
                  name: "RHSA-2013:1448",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1448.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.tenable.com/security/research/tra-2016-23",
               },
               {
                  name: "63174",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/63174",
               },
               {
                  name: "USN-2029-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://ubuntu.com/usn/usn-2029-1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-10-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-08T21:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2013:1430",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1430.html",
            },
            {
               name: "RHSA-2013:1429",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1429.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
            },
            {
               name: "apache-commons-cve20132186-file-overrwite(88133)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133",
            },
            {
               name: "openSUSE-SU-2013:1571",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
            },
            {
               name: "55716",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/55716",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
            },
            {
               name: "openSUSE-SU-2013:1596",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html",
            },
            {
               name: "SUSE-SU-2013:1660",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html",
            },
            {
               name: "RHSA-2013:1428",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1428.html",
            },
            {
               name: "DSA-2827",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2013/dsa-2827",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
            {
               name: "RHSA-2013:1442",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1442.html",
            },
            {
               name: "RHSA-2013:1448",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1448.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.tenable.com/security/research/tra-2016-23",
            },
            {
               name: "63174",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/63174",
            },
            {
               name: "USN-2029-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://ubuntu.com/usn/usn-2029-1",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-2186",
      datePublished: "2013-10-28T21:00:00",
      dateReserved: "2013-02-19T00:00:00",
      dateUpdated: "2024-08-06T15:27:40.996Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-2611
Vulnerability from cvelistv5
Published
2018-05-08 18:00
Modified
2024-08-05 14:02
Summary
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Impacted products
Vendor Product Version
unspecified jenkins Version: jenkins 2.44
Version: jenkins 2.32.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T14:02:06.500Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://jenkins.io/security/advisory/2017-02-01/",
               },
               {
                  name: "95956",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/95956",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "jenkins",
               vendor: "unspecified",
               versions: [
                  {
                     status: "affected",
                     version: "jenkins 2.44",
                  },
                  {
                     status: "affected",
                     version: " jenkins 2.32.2",
                  },
               ],
            },
         ],
         datePublic: "2017-02-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-358",
                     description: "CWE-358",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-05-09T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://jenkins.io/security/advisory/2017-02-01/",
            },
            {
               name: "95956",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/95956",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2017-2611",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "jenkins",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "jenkins 2.44",
                                       },
                                       {
                                          version_value: " jenkins 2.32.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-358",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jenkins.io/security/advisory/2017-02-01/",
                     refsource: "CONFIRM",
                     url: "https://jenkins.io/security/advisory/2017-02-01/",
                  },
                  {
                     name: "95956",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/95956",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611",
                  },
                  {
                     name: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86",
                     refsource: "CONFIRM",
                     url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2017-2611",
      datePublished: "2018-05-08T18:00:00",
      dateReserved: "2016-12-01T00:00:00",
      dateUpdated: "2024-08-05T14:02:06.500Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-5766
Vulnerability from cvelistv5
Published
2016-08-07 10:00
Modified
2024-08-06 01:15
Severity ?
Summary
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:15:09.075Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.php.net/bug.php?id=72339",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://libgd.github.io/release-2.2.3.html",
               },
               {
                  name: "openSUSE-SU-2016:1761",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html",
               },
               {
                  name: "openSUSE-SU-2016:1922",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html",
               },
               {
                  name: "RHSA-2016:2750",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html",
               },
               {
                  name: "RHSA-2016:2598",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://php.net/ChangeLog-5.php",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1",
               },
               {
                  name: "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/06/23/4",
               },
               {
                  name: "GLSA-201612-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201612-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://php.net/ChangeLog-7.php",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
               },
               {
                  name: "DSA-3619",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3619",
               },
               {
                  name: "SUSE-SU-2016:2013",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html",
               },
               {
                  name: "USN-3030-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3030-1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.php.net/bug.php?id=72339",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://libgd.github.io/release-2.2.3.html",
            },
            {
               name: "openSUSE-SU-2016:1761",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html",
            },
            {
               name: "openSUSE-SU-2016:1922",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html",
            },
            {
               name: "RHSA-2016:2750",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html",
            },
            {
               name: "RHSA-2016:2598",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://php.net/ChangeLog-5.php",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1",
            },
            {
               name: "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/06/23/4",
            },
            {
               name: "GLSA-201612-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201612-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://php.net/ChangeLog-7.php",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
            },
            {
               name: "DSA-3619",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3619",
            },
            {
               name: "SUSE-SU-2016:2013",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html",
            },
            {
               name: "USN-3030-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3030-1",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-5766",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugs.php.net/bug.php?id=72339",
                     refsource: "CONFIRM",
                     url: "https://bugs.php.net/bug.php?id=72339",
                  },
                  {
                     name: "https://libgd.github.io/release-2.2.3.html",
                     refsource: "CONFIRM",
                     url: "https://libgd.github.io/release-2.2.3.html",
                  },
                  {
                     name: "openSUSE-SU-2016:1761",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html",
                  },
                  {
                     name: "openSUSE-SU-2016:1922",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html",
                  },
                  {
                     name: "RHSA-2016:2750",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html",
                  },
                  {
                     name: "RHSA-2016:2598",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html",
                  },
                  {
                     name: "http://php.net/ChangeLog-5.php",
                     refsource: "CONFIRM",
                     url: "http://php.net/ChangeLog-5.php",
                  },
                  {
                     name: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1",
                     refsource: "CONFIRM",
                     url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1",
                  },
                  {
                     name: "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/06/23/4",
                  },
                  {
                     name: "GLSA-201612-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201612-09",
                  },
                  {
                     name: "http://php.net/ChangeLog-7.php",
                     refsource: "CONFIRM",
                     url: "http://php.net/ChangeLog-7.php",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
                  },
                  {
                     name: "DSA-3619",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3619",
                  },
                  {
                     name: "SUSE-SU-2016:2013",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html",
                  },
                  {
                     name: "USN-3030-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3030-1",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-5766",
      datePublished: "2016-08-07T10:00:00",
      dateReserved: "2016-06-23T00:00:00",
      dateUpdated: "2024-08-06T01:15:09.075Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-22592
Vulnerability from cvelistv5
Published
2023-01-18 18:33
Modified
2024-08-02 10:13
Summary
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.
Impacted products
Vendor Product Version
IBM Robotic Process Automation for Cloud Pak Version: 21.0.1   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:13:49.005Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6855839",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244073",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation for Cloud Pak",
               vendor: "IBM",
               versions: [
                  {
                     lessThan: "21.0.4",
                     status: "affected",
                     version: "21.0.1",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.</span>\n\n",
                  },
               ],
               value: "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "280 Improper Handling of Insufficient Permissions or Privileges",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-18T18:33:47.025Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6855839",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244073",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation for Cloud Pak insufficient permission settings",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-22592",
      datePublished: "2023-01-18T18:33:47.025Z",
      dateReserved: "2023-01-03T19:19:41.133Z",
      dateUpdated: "2024-08-02T10:13:49.005Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-5646
Vulnerability from cvelistv5
Published
2013-02-24 21:00
Modified
2024-08-06 21:14
Severity ?
Summary
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:14:16.329Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=888518",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/pull/1017",
               },
               {
                  name: "89431",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/89431",
               },
               {
                  name: "RHSA-2013:0148",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00",
               },
               {
                  name: "57189",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/57189",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-02-24T21:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=888518",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/pull/1017",
            },
            {
               name: "89431",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/89431",
            },
            {
               name: "RHSA-2013:0148",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00",
            },
            {
               name: "57189",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/57189",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-5646",
      datePublished: "2013-02-24T21:00:00Z",
      dateReserved: "2012-10-24T00:00:00Z",
      dateUpdated: "2024-08-06T21:14:16.329Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3738
Vulnerability from cvelistv5
Published
2016-06-08 17:00
Modified
2024-08-06 00:03
Severity ?
Summary
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
References
https://access.redhat.com/errata/RHSA-2016:1094vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.442Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:1094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1094",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:1094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1094",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3738",
      datePublished: "2016-06-08T17:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.442Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3681
Vulnerability from cvelistv5
Published
2014-10-15 14:00
Modified
2024-08-06 10:50
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:18.261Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "jenkins-cve20143681-xss(96975)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147766",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "jenkins-cve20143681-xss(96975)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147766",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3681",
      datePublished: "2014-10-15T14:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:18.261Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-4239
Vulnerability from cvelistv5
Published
2019-06-14 14:45
Modified
2024-09-16 17:18
Summary
IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
Impacted products
Vendor Product Version
IBM MQ Advanced Cloud Pak (IBM Cloud Private) Version: 1.0.0
Version: 1.1.0
Version: 1.2.0
Version: 1.3.0
Version: 2.0.0
Version: 2.1.0
Version: 2.2.0
Version: 2.2.1
Version: 2.2.2
Version: 2.2.3
Version: 3.0.0
Version: 3.0.1
IBM MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) Version: 1.0.0
Version: 1.1.0
Version: 1.2.0
Version: 1.3.0
Version: 2.0.0
Version: 2.1.0
Version: 2.2.0
Version: 2.2.1
Version: 2.2.2
Version: 2.2.3
Version: 3.0.0
Version: 3.0.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:33:37.768Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591",
               },
               {
                  name: "ibm-mq-cve20194239-info-disc (159465)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "MQ Advanced Cloud Pak (IBM Cloud Private)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "1.0.0",
                  },
                  {
                     status: "affected",
                     version: "1.1.0",
                  },
                  {
                     status: "affected",
                     version: "1.2.0",
                  },
                  {
                     status: "affected",
                     version: "1.3.0",
                  },
                  {
                     status: "affected",
                     version: "2.0.0",
                  },
                  {
                     status: "affected",
                     version: "2.1.0",
                  },
                  {
                     status: "affected",
                     version: "2.2.0",
                  },
                  {
                     status: "affected",
                     version: "2.2.1",
                  },
                  {
                     status: "affected",
                     version: "2.2.2",
                  },
                  {
                     status: "affected",
                     version: "2.2.3",
                  },
                  {
                     status: "affected",
                     version: "3.0.0",
                  },
                  {
                     status: "affected",
                     version: "3.0.1",
                  },
               ],
            },
            {
               product: "MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "1.0.0",
                  },
                  {
                     status: "affected",
                     version: "1.1.0",
                  },
                  {
                     status: "affected",
                     version: "1.2.0",
                  },
                  {
                     status: "affected",
                     version: "1.3.0",
                  },
                  {
                     status: "affected",
                     version: "2.0.0",
                  },
                  {
                     status: "affected",
                     version: "2.1.0",
                  },
                  {
                     status: "affected",
                     version: "2.2.0",
                  },
                  {
                     status: "affected",
                     version: "2.2.1",
                  },
                  {
                     status: "affected",
                     version: "2.2.2",
                  },
                  {
                     status: "affected",
                     version: "2.2.3",
                  },
                  {
                     status: "affected",
                     version: "3.0.0",
                  },
                  {
                     status: "affected",
                     version: "3.0.1",
                  },
               ],
            },
         ],
         datePublic: "2019-06-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 5.4,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/PR:N/A:N/S:U/AV:L/I:N/AC:L/UI:N/C:H/RL:O/RC:C/E:U",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-14T14:45:17",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591",
            },
            {
               name: "ibm-mq-cve20194239-info-disc (159465)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2019-06-07T00:00:00",
               ID: "CVE-2019-4239",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "MQ Advanced Cloud Pak (IBM Cloud Private)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.0.0",
                                       },
                                       {
                                          version_value: "1.1.0",
                                       },
                                       {
                                          version_value: "1.2.0",
                                       },
                                       {
                                          version_value: "1.3.0",
                                       },
                                       {
                                          version_value: "2.0.0",
                                       },
                                       {
                                          version_value: "2.1.0",
                                       },
                                       {
                                          version_value: "2.2.0",
                                       },
                                       {
                                          version_value: "2.2.1",
                                       },
                                       {
                                          version_value: "2.2.2",
                                       },
                                       {
                                          version_value: "2.2.3",
                                       },
                                       {
                                          version_value: "3.0.0",
                                       },
                                       {
                                          version_value: "3.0.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.0.0",
                                       },
                                       {
                                          version_value: "1.1.0",
                                       },
                                       {
                                          version_value: "1.2.0",
                                       },
                                       {
                                          version_value: "1.3.0",
                                       },
                                       {
                                          version_value: "2.0.0",
                                       },
                                       {
                                          version_value: "2.1.0",
                                       },
                                       {
                                          version_value: "2.2.0",
                                       },
                                       {
                                          version_value: "2.2.1",
                                       },
                                       {
                                          version_value: "2.2.2",
                                       },
                                       {
                                          version_value: "2.2.3",
                                       },
                                       {
                                          version_value: "3.0.0",
                                       },
                                       {
                                          version_value: "3.0.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "L",
                     AV: "L",
                     C: "H",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/docview.wss?uid=ibm10886591",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 886591 (Application Integration and Connectivity)",
                     url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591",
                  },
                  {
                     name: "ibm-mq-cve20194239-info-disc (159465)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2019-4239",
      datePublished: "2019-06-14T14:45:18.008806Z",
      dateReserved: "2019-01-03T00:00:00",
      dateUpdated: "2024-09-16T17:18:34.429Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3602
Vulnerability from cvelistv5
Published
2014-11-13 15:00
Modified
2024-08-06 10:50
Severity ?
Summary
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
References
http://rhn.redhat.com/errata/RHSA-2014-1906.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1796.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:17.591Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2014:1906",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html",
               },
               {
                  name: "RHSA-2014:1796",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-12-01T15:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2014:1906",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html",
            },
            {
               name: "RHSA-2014:1796",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3602",
      datePublished: "2014-11-13T15:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:17.591Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3680
Vulnerability from cvelistv5
Published
2014-10-16 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:17.934Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3680",
      datePublished: "2014-10-16T19:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:17.934Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-22863
Vulnerability from cvelistv5
Published
2023-01-18 18:46
Modified
2024-08-02 10:20
Summary
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 20.12.0   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:20:31.133Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6855837",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244109",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThan: "21.0.2",
                     status: "affected",
                     version: "20.12.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL.  This could allow an attacker to obtain sensitive information using man in the middle techniques.  IBM X-Force ID:  244109.",
                  },
               ],
               value: "IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL.  This could allow an attacker to obtain sensitive information using man in the middle techniques.  IBM X-Force ID:  244109.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-319",
                     description: "CWE-319 Cleartext Transmission of Sensitive Information",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-18T18:46:54.882Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6855837",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244109",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-22863",
      datePublished: "2023-01-18T18:46:54.882Z",
      dateReserved: "2023-01-09T15:16:41.369Z",
      dateUpdated: "2024-08-02T10:20:31.133Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1814
Vulnerability from cvelistv5
Published
2015-10-16 20:00
Modified
2024-08-06 04:54
Severity ?
Summary
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.310Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
               },
               {
                  name: "RHSA-2015:1844",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-03-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
            },
            {
               name: "RHSA-2015:1844",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-1814",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
                  },
                  {
                     name: "RHSA-2015:1844",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1814",
      datePublished: "2015-10-16T20:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.310Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3695
Vulnerability from cvelistv5
Published
2022-07-06 15:06
Modified
2024-08-03 17:01
Severity ?
Summary
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Impacted products
Vendor Product Version
n/a grub2 Version: grub-2.06
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:01:08.290Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685",
               },
               {
                  name: "GLSA-202209-12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-12",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "grub2",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "grub-2.06",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-30T15:06:18",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685",
            },
            {
               name: "GLSA-202209-12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-12",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2021-3695",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "grub2",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "grub-2.06",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-787",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685",
                  },
                  {
                     name: "GLSA-202209-12",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-12",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220930-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3695",
      datePublished: "2022-07-06T15:06:38",
      dateReserved: "2021-08-10T00:00:00",
      dateUpdated: "2024-08-03T17:01:08.290Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3725
Vulnerability from cvelistv5
Published
2016-05-17 14:00
Modified
2024-08-06 00:03
Severity ?
Summary
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.459Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
               },
               {
                  name: "RHSA-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1206",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
            },
            {
               name: "RHSA-2016:1206",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1206",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-3725",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                  },
                  {
                     name: "RHSA-2016:1206",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1206",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3725",
      datePublished: "2016-05-17T14:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.459Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7538
Vulnerability from cvelistv5
Published
2016-02-03 15:00
Modified
2024-08-06 07:51
Severity ?
Summary
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:51:28.455Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
               },
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-12-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
            },
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-7538",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
                  },
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-7538",
      datePublished: "2016-02-03T15:00:00",
      dateReserved: "2015-09-29T00:00:00",
      dateUpdated: "2024-08-06T07:51:28.455Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3496
Vulnerability from cvelistv5
Published
2014-06-20 14:00
Modified
2024-08-06 10:43
Severity ?
Summary
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
References
http://secunia.com/advisories/59298third-party-advisory, x_refsource_SECUNIA
https://github.com/openshift/origin-server/pull/5521x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0764.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-0762.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-0763.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1110470x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:43:06.098Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "59298",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/59298",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-server/pull/5521",
               },
               {
                  name: "RHSA-2014:0764",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0764.html",
               },
               {
                  name: "RHSA-2014:0762",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0762.html",
               },
               {
                  name: "RHSA-2014:0763",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0763.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110470",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-06-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-01-05T14:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "59298",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/59298",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin-server/pull/5521",
            },
            {
               name: "RHSA-2014:0764",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0764.html",
            },
            {
               name: "RHSA-2014:0762",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0762.html",
            },
            {
               name: "RHSA-2014:0763",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0763.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110470",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3496",
      datePublished: "2014-06-20T14:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:43:06.098Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0188
Vulnerability from cvelistv5
Published
2014-04-24 14:00
Modified
2024-08-06 09:05
Severity ?
Summary
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.
References
http://rhn.redhat.com/errata/RHSA-2014-0422.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1090120x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-0423.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:39.256Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2014:0422",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0422.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1090120",
               },
               {
                  name: "RHSA-2014:0423",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0423.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-04-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-04-24T11:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2014:0422",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0422.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1090120",
            },
            {
               name: "RHSA-2014:0423",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0423.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0188",
      datePublished: "2014-04-24T14:00:00",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:39.256Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-35514
Vulnerability from cvelistv5
Published
2021-06-02 13:22
Modified
2024-08-04 17:02
Severity ?
Summary
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.
References
Impacted products
Vendor Product Version
n/a openshift/machine-config-operator Version: Unspecified
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T17:02:08.247Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1914714",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/machine-config-operator",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Unspecified",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-02T13:22:12",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1914714",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-35514",
      datePublished: "2021-06-02T13:22:12",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-08-04T17:02:08.247Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0790
Vulnerability from cvelistv5
Published
2016-04-07 23:00
Modified
2024-08-05 22:30
Severity ?
Summary
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:05.130Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0711",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0711",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0711",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0711",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-0790",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0711",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0711",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0790",
      datePublished: "2016-04-07T23:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:05.130Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0163
Vulnerability from cvelistv5
Published
2019-12-05 14:57
Modified
2024-08-06 14:18
Severity ?
Summary
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
Impacted products
Vendor Product Version
OpenShift haproxy cartridge OpenShift haproxy cartridge Version: through 2013-01-08
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:18:09.140Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2013-0163",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift haproxy cartridge",
               vendor: "OpenShift haproxy cartridge",
               versions: [
                  {
                     status: "affected",
                     version: "through 2013-01-08",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "predictable /tmp in set-proxy connection hook",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-05T14:57:36",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/cve-2013-0163",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0163",
      datePublished: "2019-12-05T14:57:36",
      dateReserved: "2012-12-06T00:00:00",
      dateUpdated: "2024-08-06T14:18:09.140Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3674
Vulnerability from cvelistv5
Published
2014-11-13 15:00
Modified
2024-08-06 10:50
Severity ?
Summary
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
References
http://rhn.redhat.com/errata/RHSA-2014-1906.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1796.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:18.017Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2014:1906",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html",
               },
               {
                  name: "RHSA-2014:1796",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-12-01T15:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2014:1906",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html",
            },
            {
               name: "RHSA-2014:1796",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3674",
      datePublished: "2014-11-13T15:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:18.017Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1102
Vulnerability from cvelistv5
Published
2018-04-30 19:00
Modified
2024-08-05 03:51
Severity ?
Summary
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
References
https://access.redhat.com/errata/RHSA-2018:1235vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1241vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1233vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0036vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1237vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1227vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1243vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1231vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1562246x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1229vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1239vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat, Inc. atomic-openshift Version: as shipped with Openshift Enterprise 3.x
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:51:49.044Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2018:1235",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1235",
               },
               {
                  name: "RHSA-2018:1241",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1241",
               },
               {
                  name: "RHSA-2018:1233",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1233",
               },
               {
                  name: "RHSA-2019:0036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0036",
               },
               {
                  name: "RHSA-2018:1237",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1237",
               },
               {
                  name: "RHSA-2018:1227",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1227",
               },
               {
                  name: "RHSA-2018:1243",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1243",
               },
               {
                  name: "RHSA-2018:1231",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1231",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
               },
               {
                  name: "RHSA-2018:1229",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1229",
               },
               {
                  name: "RHSA-2018:1239",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1239",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "atomic-openshift",
               vendor: "Red Hat, Inc.",
               versions: [
                  {
                     status: "affected",
                     version: "as shipped with Openshift Enterprise 3.x",
                  },
               ],
            },
         ],
         datePublic: "2018-03-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-01-09T10:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2018:1235",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1235",
            },
            {
               name: "RHSA-2018:1241",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1241",
            },
            {
               name: "RHSA-2018:1233",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1233",
            },
            {
               name: "RHSA-2019:0036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0036",
            },
            {
               name: "RHSA-2018:1237",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1237",
            },
            {
               name: "RHSA-2018:1227",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1227",
            },
            {
               name: "RHSA-2018:1243",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1243",
            },
            {
               name: "RHSA-2018:1231",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1231",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1562246",
            },
            {
               name: "RHSA-2018:1229",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1229",
            },
            {
               name: "RHSA-2018:1239",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1239",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-1102",
      datePublished: "2018-04-30T19:00:00Z",
      dateReserved: "2017-12-04T00:00:00",
      dateUpdated: "2024-08-05T03:51:49.044Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3696
Vulnerability from cvelistv5
Published
2022-07-06 15:06
Modified
2024-08-03 17:01
Severity ?
Summary
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Impacted products
Vendor Product Version
n/a grub2 Version: grub-2.06
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:01:08.303Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686",
               },
               {
                  name: "GLSA-202209-12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-12",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "grub2",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "grub-2.06",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-30T15:06:17",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686",
            },
            {
               name: "GLSA-202209-12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-12",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2021-3696",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "grub2",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "grub-2.06",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-787",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686",
                  },
                  {
                     name: "GLSA-202209-12",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-12",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220930-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3696",
      datePublished: "2022-07-06T15:06:43",
      dateReserved: "2021-08-10T00:00:00",
      dateUpdated: "2024-08-03T17:01:08.303Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2074
Vulnerability from cvelistv5
Published
2016-07-03 21:00
Modified
2024-08-05 23:17
Severity ?
Summary
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.458Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html",
               },
               {
                  name: "RHSA-2016:0537",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html",
               },
               {
                  name: "RHSA-2016:0524",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
               },
               {
                  name: "DSA-3533",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3533",
               },
               {
                  name: "RHSA-2016:0615",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0615",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2016-2074",
               },
               {
                  name: "GLSA-201701-07",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201701-07",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX232655",
               },
               {
                  name: "RHSA-2016:0523",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html",
               },
               {
                  name: "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html",
               },
               {
                  name: "85700",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/85700",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-03-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-22T09:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html",
            },
            {
               name: "RHSA-2016:0537",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html",
            },
            {
               name: "RHSA-2016:0524",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
            },
            {
               name: "DSA-3533",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3533",
            },
            {
               name: "RHSA-2016:0615",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0615",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2016-2074",
            },
            {
               name: "GLSA-201701-07",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201701-07",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.citrix.com/article/CTX232655",
            },
            {
               name: "RHSA-2016:0523",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html",
            },
            {
               name: "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html",
            },
            {
               name: "85700",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/85700",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-2074",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch",
                     refsource: "MLIST",
                     url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html",
                  },
                  {
                     name: "RHSA-2016:0537",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html",
                  },
                  {
                     name: "RHSA-2016:0524",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
                  },
                  {
                     name: "DSA-3533",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3533",
                  },
                  {
                     name: "RHSA-2016:0615",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0615",
                  },
                  {
                     name: "https://security-tracker.debian.org/tracker/CVE-2016-2074",
                     refsource: "CONFIRM",
                     url: "https://security-tracker.debian.org/tracker/CVE-2016-2074",
                  },
                  {
                     name: "GLSA-201701-07",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201701-07",
                  },
                  {
                     name: "https://support.citrix.com/article/CTX232655",
                     refsource: "CONFIRM",
                     url: "https://support.citrix.com/article/CTX232655",
                  },
                  {
                     name: "RHSA-2016:0523",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html",
                  },
                  {
                     name: "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available",
                     refsource: "MLIST",
                     url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html",
                  },
                  {
                     name: "85700",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/85700",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-2074",
      datePublished: "2016-07-03T21:00:00",
      dateReserved: "2016-01-26T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.458Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3662
Vulnerability from cvelistv5
Published
2014-10-16 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:18.267Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T15:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3662",
      datePublished: "2014-10-16T19:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:18.267Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0792
Vulnerability from cvelistv5
Published
2016-04-07 23:00
Modified
2024-08-05 22:30
Severity ?
Summary
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:05.113Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "43375",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/43375/",
               },
               {
                  name: "RHSA-2016:0711",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0711",
               },
               {
                  name: "42394",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/42394/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "43375",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "https://www.exploit-db.com/exploits/43375/",
            },
            {
               name: "RHSA-2016:0711",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0711",
            },
            {
               name: "42394",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "https://www.exploit-db.com/exploits/42394/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-0792",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "43375",
                     refsource: "EXPLOIT-DB",
                     url: "https://www.exploit-db.com/exploits/43375/",
                  },
                  {
                     name: "RHSA-2016:0711",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0711",
                  },
                  {
                     name: "42394",
                     refsource: "EXPLOIT-DB",
                     url: "https://www.exploit-db.com/exploits/42394/",
                  },
                  {
                     name: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
                     refsource: "MISC",
                     url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0792",
      datePublished: "2016-04-07T23:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:05.113Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2160
Vulnerability from cvelistv5
Published
2016-06-08 17:00
Modified
2024-08-05 23:17
Severity ?
Summary
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.570Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin/pull/7864",
               },
               {
                  name: "RHSA-2016:1064",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1064",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316127",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openshift/origin/pull/7864",
            },
            {
               name: "RHSA-2016:1064",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1064",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316127",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-2160",
      datePublished: "2016-06-08T17:00:00",
      dateReserved: "2016-01-29T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.570Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19335
Vulnerability from cvelistv5
Published
2020-03-18 15:45
Modified
2024-08-05 02:16
Summary
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.
References
Impacted products
Vendor Product Version
Red Hat openshift/installer Version: ose-installer as shipped in Openshift 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:16:46.713Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/installer",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "ose-installer as shipped in Openshift 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 4.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-732",
                     description: "CWE-732",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-18T15:45:41",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-19335",
      datePublished: "2020-03-18T15:45:41",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-05T02:16:46.713Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3721
Vulnerability from cvelistv5
Published
2016-05-17 00:00
Modified
2024-08-06 00:03
Summary
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 4.3,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "NONE",
                     integrityImpact: "LOW",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2016-3721",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-05-02T17:22:46.826118Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T19:04:06.286Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "ADP Container",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.424Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170",
               },
               {
                  name: "RHSA-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1206",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
               {
                  name: "[oss-security] 20240502 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/05/02/3",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-02T14:06:01.733858",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
            },
            {
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
            },
            {
               url: "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170",
            },
            {
               name: "RHSA-2016:1206",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1206",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
            {
               name: "[oss-security] 20240502 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/05/02/3",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3721",
      datePublished: "2016-05-17T00:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.424Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5318
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.332Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5318",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5318",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.332Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3260
Vulnerability from cvelistv5
Published
2022-12-08 00:00
Modified
2024-08-03 01:07
Severity ?
Summary
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
Impacted products
Vendor Product Version
n/a Openshift Version: 4.9
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:05.582Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106780",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Openshift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "4.9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1021",
                     description: "CWE-1021",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-08T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106780",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2022-3260",
      datePublished: "2022-12-08T00:00:00",
      dateReserved: "2022-09-21T00:00:00",
      dateUpdated: "2024-08-03T01:07:05.582Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-1000229
Vulnerability from cvelistv5
Published
2019-12-20 13:02
Modified
2024-08-06 03:55
Severity ?
Summary
swagger-ui has XSS in key names
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T03:55:27.059Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/97580",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0868",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "swagger-ui has XSS in key names",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-12-20T13:02:44",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/bid/97580",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0868",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-1000229",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "swagger-ui has XSS in key names",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json",
                     refsource: "MISC",
                     url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229",
                  },
                  {
                     name: "http://www.securityfocus.com/bid/97580",
                     refsource: "MISC",
                     url: "http://www.securityfocus.com/bid/97580",
                  },
                  {
                     name: "https://access.redhat.com/errata/RHSA-2017:0868",
                     refsource: "MISC",
                     url: "https://access.redhat.com/errata/RHSA-2017:0868",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-1000229",
      datePublished: "2019-12-20T13:02:44",
      dateReserved: "2016-09-20T00:00:00",
      dateUpdated: "2024-08-06T03:55:27.059Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-1869
Vulnerability from cvelistv5
Published
2014-02-08 00:00
Modified
2024-08-06 09:58
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:58:15.417Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/zeroclipboard/zeroclipboard/pull/335",
               },
               {
                  name: "zeroclipboard-cve20141869-xss(91085)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085",
               },
               {
                  name: "56821",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/56821",
               },
               {
                  name: "65484",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/65484",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-01-31T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/zeroclipboard/zeroclipboard/pull/335",
            },
            {
               name: "zeroclipboard-cve20141869-xss(91085)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085",
            },
            {
               name: "56821",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/56821",
            },
            {
               name: "65484",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/65484",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-1869",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/zeroclipboard/zeroclipboard/pull/335",
                     refsource: "CONFIRM",
                     url: "https://github.com/zeroclipboard/zeroclipboard/pull/335",
                  },
                  {
                     name: "zeroclipboard-cve20141869-xss(91085)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085",
                  },
                  {
                     name: "56821",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/56821",
                  },
                  {
                     name: "65484",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/65484",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
                  },
                  {
                     name: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2",
                     refsource: "CONFIRM",
                     url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2",
                  },
                  {
                     name: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca",
                     refsource: "MISC",
                     url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-1869",
      datePublished: "2014-02-08T00:00:00",
      dateReserved: "2014-02-06T00:00:00",
      dateUpdated: "2024-08-06T09:58:15.417Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3666
Vulnerability from cvelistv5
Published
2014-10-16 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:17.969Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3666",
      datePublished: "2014-10-16T19:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:17.969Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1812
Vulnerability from cvelistv5
Published
2015-10-16 20:00
Modified
2024-08-06 04:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.387Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
               },
               {
                  name: "RHSA-2015:1844",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-03-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
            },
            {
               name: "RHSA-2015:1844",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-1812",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
                  },
                  {
                     name: "RHSA-2015:1844",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1812",
      datePublished: "2015-10-16T20:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.387Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-7075
Vulnerability from cvelistv5
Published
2018-09-10 14:00
Modified
2024-08-06 01:50
Summary
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
Impacted products
Vendor Product Version
Red Hat OpenShift Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:50:47.447Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/kubernetes/kubernetes/issues/34517",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075",
               },
               {
                  name: "RHSA-2016:2064",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:2064",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-10-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-295",
                     description: "CWE-295",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-09-11T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/kubernetes/kubernetes/issues/34517",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075",
            },
            {
               name: "RHSA-2016:2064",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:2064",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-7075",
      datePublished: "2018-09-10T14:00:00",
      dateReserved: "2016-08-23T00:00:00",
      dateUpdated: "2024-08-06T01:50:47.447Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-43844
Vulnerability from cvelistv5
Published
2023-01-05 17:19
Modified
2024-08-03 13:40
Severity ?
Summary
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.
Impacted products
Vendor Product Version
IBM Robotic Process Automation for Cloud Pak Version: 20.12   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:40:06.463Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6852663",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239081",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation for Cloud Pak",
               vendor: "IBM",
               versions: [
                  {
                     lessThan: "21.0.3",
                     status: "affected",
                     version: "20.12",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control.   A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak.  IBM X-Force ID:  239081.",
                  },
               ],
               value: "IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control.   A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak.  IBM X-Force ID:  239081.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-613",
                     description: "CWE-613 Insufficient Session Expiration",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-05T17:19:27.774Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6852663",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239081",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation for Cloud Pak session fixation",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-43844",
      datePublished: "2023-01-05T17:19:27.774Z",
      dateReserved: "2022-10-26T15:46:22.820Z",
      dateUpdated: "2024-08-03T13:40:06.463Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-1709
Vulnerability from cvelistv5
Published
2020-03-20 00:00
Modified
2024-08-04 06:46
Summary
A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
[UNKNOWN] openshift/mediawiki Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T06:46:30.193Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/mediawiki",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-732",
                     description: "CWE-732",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-07T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-1709",
      datePublished: "2020-03-20T00:00:00",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-04T06:46:30.193Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5324
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.544Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-07T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5324",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5324",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.544Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5222
Vulnerability from cvelistv5
Published
2015-08-24 14:00
Modified
2024-08-06 06:41
Severity ?
Summary
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
References
https://access.redhat.com/errata/RHSA-2015:1650vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:07.949Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2015:1650",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2015:1650",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-08-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-08-24T14:57:02",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2015:1650",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2015:1650",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5222",
      datePublished: "2015-08-24T14:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:07.949Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0165
Vulnerability from cvelistv5
Published
2019-11-01 18:12
Modified
2024-08-06 14:18
Severity ?
Summary
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
References
Impacted products
Vendor Product Version
OpenShift mongodb cartridge OpenShift mongodb cartridge Version: before 3b74dd3d162a9a3b63a7ac4e1eaccea6b889e186
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:18:09.190Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift mongodb cartridge",
               vendor: "OpenShift mongodb cartridge",
               versions: [
                  {
                     status: "affected",
                     version: "before 3b74dd3d162a9a3b63a7ac4e1eaccea6b889e186",
                  },
               ],
            },
         ],
         datePublic: "2014-06-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Other",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-01T18:12:44",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0165",
      datePublished: "2019-11-01T18:12:44",
      dateReserved: "2012-12-06T00:00:00",
      dateUpdated: "2024-08-06T14:18:09.190Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-4047
Vulnerability from cvelistv5
Published
2022-04-11 19:38
Modified
2024-08-03 17:16
Severity ?
Summary
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.
References
Impacted products
Vendor Product Version
n/a OpenShift Version: OpenShift 4.9
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:16:03.305Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027881",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenShift 4.9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-04-11T19:38:31",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027881",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-4047",
      datePublished: "2022-04-11T19:38:31",
      dateReserved: "2021-12-02T00:00:00",
      dateUpdated: "2024-08-03T17:16:03.305Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-5123
Vulnerability from cvelistv5
Published
2019-11-05 21:16
Modified
2024-08-06 17:06
Severity ?
Summary
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T17:06:50.907Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2013-5123",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/08/21/17",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/08/21/18",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/77520",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-02-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-05T21:16:59",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2013-5123",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/08/21/17",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/08/21/18",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/bid/77520",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-5123",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://security-tracker.debian.org/tracker/CVE-2013-5123",
                     refsource: "MISC",
                     url: "https://security-tracker.debian.org/tracker/CVE-2013-5123",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123",
                  },
                  {
                     name: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123",
                     refsource: "MISC",
                     url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123",
                  },
                  {
                     name: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html",
                     refsource: "MISC",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html",
                  },
                  {
                     name: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html",
                     refsource: "MISC",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html",
                  },
                  {
                     name: "http://www.openwall.com/lists/oss-security/2013/08/21/17",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2013/08/21/17",
                  },
                  {
                     name: "http://www.openwall.com/lists/oss-security/2013/08/21/18",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2013/08/21/18",
                  },
                  {
                     name: "http://www.securityfocus.com/bid/77520",
                     refsource: "MISC",
                     url: "http://www.securityfocus.com/bid/77520",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-5123",
      datePublished: "2019-11-05T21:16:59",
      dateReserved: "2013-08-15T00:00:00",
      dateUpdated: "2024-08-06T17:06:50.907Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0296
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-02 05:10
Severity ?
Summary
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
Impacted products
Vendor Product Version
n/a Red Hat OpenShift Version: OpenShift 4.11
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:10:55.076Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161287",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Red Hat OpenShift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "OpenShift 4.11",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-327",
                     description: "CWE-327",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-17T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161287",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2023-0296",
      datePublished: "2023-01-17T00:00:00",
      dateReserved: "2023-01-13T00:00:00",
      dateUpdated: "2024-08-02T05:10:55.076Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0023
Vulnerability from cvelistv5
Published
2019-11-15 14:40
Modified
2024-08-06 08:58
Severity ?
Summary
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
Impacted products
Vendor Product Version
OpenShift OpenShift Version: through 2014-01-21
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:58:26.621Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2014-0023",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift",
               vendor: "OpenShift",
               versions: [
                  {
                     status: "affected",
                     version: "through 2014-01-21",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "install script has temporary file creation vulnerability",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-15T14:40:12",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://access.redhat.com/security/cve/cve-2014-0023",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0023",
      datePublished: "2019-11-15T14:40:12",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T08:58:26.621Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3727
Vulnerability from cvelistv5
Published
2016-05-17 14:00
Modified
2024-08-06 00:03
Severity ?
Summary
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.534Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
               },
               {
                  name: "RHSA-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1206",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
            },
            {
               name: "RHSA-2016:1206",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1206",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-3727",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                  },
                  {
                     name: "RHSA-2016:1206",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1206",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3727",
      datePublished: "2016-05-17T14:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.534Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0789
Vulnerability from cvelistv5
Published
2016-04-07 23:00
Modified
2024-08-05 22:30
Severity ?
Summary
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:04.049Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0711",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0711",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0711",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0711",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-0789",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0711",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0711",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0789",
      datePublished: "2016-04-07T23:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:04.049Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19346
Vulnerability from cvelistv5
Published
2020-04-02 19:12
Modified
2024-08-05 02:16
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
References
Impacted products
Vendor Product Version
Openshift Enterprise openshift/mariadb-apb Version: Fixed in 4.3.5-202003020549
Version: Fixed in 4.2.21-202002240343
Version: Fixed in 4.1.37-202003021622
Version: Fixed in 3.11.188-4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:16:47.011Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/mariadb-apb",
               vendor: "Openshift Enterprise",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in 4.3.5-202003020549",
                  },
                  {
                     status: "affected",
                     version: "Fixed in 4.2.21-202002240343",
                  },
                  {
                     status: "affected",
                     version: "Fixed in 4.1.37-202003021622",
                  },
                  {
                     status: "affected",
                     version: "Fixed in 3.11.188-4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-02T19:12:29",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2019-19346",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "openshift/mariadb-apb",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fixed in 4.3.5-202003020549",
                                       },
                                       {
                                          version_value: "Fixed in 4.2.21-202002240343",
                                       },
                                       {
                                          version_value: "Fixed in 4.1.37-202003021622",
                                       },
                                       {
                                          version_value: "Fixed in 3.11.188-4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Openshift Enterprise",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-266",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-19346",
      datePublished: "2020-04-02T19:12:29",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-05T02:16:47.011Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-43058
Vulnerability from cvelistv5
Published
2023-10-06 13:09
Modified
2024-09-19 16:10
Summary
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 23.0.9
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T19:37:23.083Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7047017",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-43058",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-19T16:10:45.586299Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-19T16:10:55.953Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "23.0.9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects.  IBM X-Force ID:  247527.",
                  },
               ],
               value: "IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects.  IBM X-Force ID:  247527.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "264 Permissions, Privileges, Access Controls",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-06T13:09:44.458Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7047017",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation privilege escalation",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-43058",
      datePublished: "2023-10-06T13:09:44.458Z",
      dateReserved: "2023-09-15T01:12:39.148Z",
      dateUpdated: "2024-09-19T16:10:55.953Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-39013
Vulnerability from cvelistv5
Published
2021-12-22 16:50
Modified
2024-09-17 00:22
Summary
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.
Impacted products
Vendor Product Version
IBM Cloud Pak for Security Version: 1.7.0.0
Version: 1.7.1.0
Version: 1.7.2.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T01:58:17.565Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6529200",
               },
               {
                  name: "ibm-cp4s-cve202139013-info-disc (213651)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cloud Pak for Security",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "1.7.0.0",
                  },
                  {
                     status: "affected",
                     version: "1.7.1.0",
                  },
                  {
                     status: "affected",
                     version: "1.7.2.0",
                  },
               ],
            },
         ],
         datePublic: "2021-12-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 3.8,
                  temporalSeverity: "LOW",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/S:U/AV:N/A:N/UI:N/AC:L/PR:L/I:N/C:L/RC:C/RL:O/E:U",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-12-22T16:50:09",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6529200",
            },
            {
               name: "ibm-cp4s-cve202139013-info-disc (213651)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2021-12-21T00:00:00",
               ID: "CVE-2021-39013",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cloud Pak for Security",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.7.0.0",
                                       },
                                       {
                                          version_value: "1.7.1.0",
                                       },
                                       {
                                          version_value: "1.7.2.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "L",
                     AV: "N",
                     C: "L",
                     I: "N",
                     PR: "L",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6529200",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6529200 (Cloud Pak for Security)",
                     url: "https://www.ibm.com/support/pages/node/6529200",
                  },
                  {
                     name: "ibm-cp4s-cve202139013-info-disc (213651)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2021-39013",
      datePublished: "2021-12-22T16:50:09.950208Z",
      dateReserved: "2021-08-16T00:00:00",
      dateUpdated: "2024-09-17T00:22:03.701Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-22594
Vulnerability from cvelistv5
Published
2023-01-18 18:41
Modified
2024-08-02 10:13
Summary
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.
Impacted products
Vendor Product Version
IBM Robotic Process Automation for Cloud Pak Version: 20.12.0   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:13:49.099Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6855835",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244075",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation for Cloud Pak",
               vendor: "IBM",
               versions: [
                  {
                     lessThan: "21.0.4",
                     status: "affected",
                     version: "20.12.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  244075.",
                  },
               ],
               value: "IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  244075.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-18T18:41:26.417Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6855835",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244075",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation for Cloud Pak cross-site scripting",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-22594",
      datePublished: "2023-01-18T18:41:26.417Z",
      dateReserved: "2023-01-03T19:19:41.133Z",
      dateUpdated: "2024-08-02T10:13:49.099Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-23468
Vulnerability from cvelistv5
Published
2023-06-27 18:30
Modified
2024-11-01 15:07
Summary
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.
Impacted products
Vendor Product Version
IBM Robotic Process Automation for Cloud Pak Version: 21.0.1    21.0.7.3
Version: 23.0.0    23.0.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:28:41.140Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7005999",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244500",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-23468",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-01T15:07:35.917496Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-01T15:07:48.314Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation for Cloud Pak",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "21.0.7.3",
                     status: "affected",
                     version: "21.0.1",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "23.0.3",
                     status: "affected",
                     version: "23.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster.  IBM X-Force ID:  244500.",
                  },
               ],
               value: "IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster.  IBM X-Force ID:  244500.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "284 Improper Access Control",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-27T18:30:35.685Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7005999",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244500",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation for Cloud Pak access control",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-23468",
      datePublished: "2023-06-27T18:30:35.685Z",
      dateReserved: "2023-01-12T16:24:46.602Z",
      dateUpdated: "2024-11-01T15:07:48.314Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19345
Vulnerability from cvelistv5
Published
2020-03-20 14:00
Modified
2024-08-05 02:16
Summary
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
References
Impacted products
Vendor Product Version
[UNKNOWN] openshift/mediawiki-apb Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:16:47.043Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/mediawiki-apb",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-20T14:00:33",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-19345",
      datePublished: "2020-03-20T14:00:33",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-05T02:16:47.043Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3663
Vulnerability from cvelistv5
Published
2014-10-16 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:18.207Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T15:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3663",
      datePublished: "2014-10-16T19:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:18.207Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-10885
Vulnerability from cvelistv5
Published
2018-07-05 13:00
Modified
2024-08-05 07:54
Summary
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.
References
Impacted products
Vendor Product Version
[UNKNOWN] atomic-openshift Version: atomic-openshift 3.10.9
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T07:54:34.734Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885",
               },
               {
                  name: "104688",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/104688",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "atomic-openshift",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "atomic-openshift 3.10.9",
                  },
               ],
            },
         ],
         datePublic: "2018-07-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-07-10T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885",
            },
            {
               name: "104688",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/104688",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2018-10885",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "atomic-openshift",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "atomic-openshift 3.10.9",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "[UNKNOWN]",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-20",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885",
                  },
                  {
                     name: "104688",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/104688",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-10885",
      datePublished: "2018-07-05T13:00:00",
      dateReserved: "2018-05-09T00:00:00",
      dateUpdated: "2024-08-05T07:54:34.734Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-7539
Vulnerability from cvelistv5
Published
2016-02-03 15:00
Modified
2024-08-06 07:51
Severity ?
Summary
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:51:28.450Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
               },
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-12-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
            },
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-7539",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
                  },
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-7539",
      datePublished: "2016-02-03T15:00:00",
      dateReserved: "2015-09-29T00:00:00",
      dateUpdated: "2024-08-06T07:51:28.450Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5320
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.291Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5320",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5320",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.291Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0234
Vulnerability from cvelistv5
Published
2020-02-12 00:09
Modified
2024-08-06 09:05
Severity ?
Summary
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
Impacted products
Vendor Product Version
n/a Red Hat OpenShift Enterprise Version: 2.x before 2.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:39.263Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/openshift-extras/blob/master/README.md",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://openwall.com/lists/oss-security/2014/06/05/19",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1097008",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://rhn.redhat.com/errata/RHSA-2014-0487.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/67657",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Red Hat OpenShift Enterprise",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "2.x before 2.1",
                  },
               ],
            },
         ],
         datePublic: "2014-05-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of \"mooo\" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Password",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-12T00:09:56",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/openshift/openshift-extras/blob/master/README.md",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://openwall.com/lists/oss-security/2014/06/05/19",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1097008",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://rhn.redhat.com/errata/RHSA-2014-0487.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/bid/67657",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0234",
      datePublished: "2020-02-12T00:09:56",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:39.263Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3724
Vulnerability from cvelistv5
Published
2016-05-17 14:00
Modified
2024-08-06 00:03
Severity ?
Summary
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.453Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
               },
               {
                  name: "RHSA-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1206",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
            },
            {
               name: "RHSA-2016:1206",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1206",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-3724",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                  },
                  {
                     name: "RHSA-2016:1206",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1206",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3724",
      datePublished: "2016-05-17T14:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.453Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-22593
Vulnerability from cvelistv5
Published
2023-06-27 18:00
Modified
2024-11-06 18:55
Summary
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
Impacted products
Vendor Product Version
IBM Robotic Process Automation for Cloud Pak Version: 21.0.1    21.0.7.3
Version: 23.0.0    23.0.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:13:49.124Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7006001",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-22593",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-06T18:53:52.163890Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-863",
                        description: "CWE-863 Incorrect Authorization",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-06T18:55:14.648Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation for Cloud Pak",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "21.0.7.3",
                     status: "affected",
                     version: "21.0.1",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "23.0.3",
                     status: "affected",
                     version: "23.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges.  IBM X-Force ID:  244074.</span>\n\n",
                  },
               ],
               value: "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges.  IBM X-Force ID:  244074.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "16 Configuration",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-06-27T18:00:38.347Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7006001",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation for Cloud Pak security configuration",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-22593",
      datePublished: "2023-06-27T18:00:38.347Z",
      dateReserved: "2023-01-03T19:19:41.133Z",
      dateUpdated: "2024-11-06T18:55:14.648Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-27540
Vulnerability from cvelistv5
Published
2023-07-10 00:22
Modified
2024-10-25 19:52
Summary
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.
Impacted products
Vendor Product Version
IBM Watson CP4D Data Stores Version: 4.6.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T12:16:35.564Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7009883",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248924",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-27540",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-25T19:50:44.661840Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-25T19:52:30.451Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Watson CP4D Data Stores",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "4.6.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service.  IBM X-Force ID:  248924.",
                  },
               ],
               value: "IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service.  IBM X-Force ID:  248924.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-770",
                     description: "CWE-770 Allocation of Resources Without Limits or Throttling",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-10T00:22:35.465Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7009883",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248924",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Watson CP4D Data Stores denial of service",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-27540",
      datePublished: "2023-07-10T00:22:35.465Z",
      dateReserved: "2023-03-02T20:39:09.417Z",
      dateUpdated: "2024-10-25T19:52:30.451Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3726
Vulnerability from cvelistv5
Published
2016-05-17 14:00
Modified
2024-08-06 00:03
Severity ?
Summary
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.536Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
               },
               {
                  name: "RHSA-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1206",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
            },
            {
               name: "RHSA-2016:1206",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1206",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-3726",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                  },
                  {
                     name: "RHSA-2016:1206",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1206",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3726",
      datePublished: "2016-05-17T14:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.536Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5317
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.278Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5317",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5317",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.278Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-15137
Vulnerability from cvelistv5
Published
2018-07-16 20:00
Modified
2024-08-05 19:50
Summary
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
References
Impacted products
Vendor Product Version
[UNKNOWN] atomic-openshift Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T19:50:16.136Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137",
               },
               {
                  name: "RHBA-2018:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHBA-2018:0489",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "atomic-openshift",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-07-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as \"oc tag\", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-07-17T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137",
            },
            {
               name: "RHBA-2018:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHBA-2018:0489",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2017-15137",
      datePublished: "2018-07-16T20:00:00",
      dateReserved: "2017-10-08T00:00:00",
      dateUpdated: "2024-08-05T19:50:16.136Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-10225
Vulnerability from cvelistv5
Published
2021-03-19 20:01
Modified
2024-08-04 22:17
Severity ?
Summary
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.
References
Impacted products
Vendor Product Version
n/a atomic-openshift Version: atomic-openshift of openshift-4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T22:17:20.149Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743073",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "atomic-openshift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "atomic-openshift of openshift-4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-522",
                     description: "CWE-522",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-03-19T20:01:33",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743073",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-10225",
      datePublished: "2021-03-19T20:01:33",
      dateReserved: "2019-03-27T00:00:00",
      dateUpdated: "2024-08-04T22:17:20.149Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-1000376
Vulnerability from cvelistv5
Published
2017-06-19 16:00
Modified
2024-08-05 22:00
Severity ?
Summary
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:00:41.083Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2017-1000376",
               },
               {
                  name: "DSA-3889",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2017/dsa-3889",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-06-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-15T19:15:20",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2017-1000376",
            },
            {
               name: "DSA-3889",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2017/dsa-3889",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-1000376",
               REQUESTER: "qsa@qualys.com",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
                     refsource: "MISC",
                     url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
                  },
                  {
                     name: "https://access.redhat.com/security/cve/CVE-2017-1000376",
                     refsource: "CONFIRM",
                     url: "https://access.redhat.com/security/cve/CVE-2017-1000376",
                  },
                  {
                     name: "DSA-3889",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2017/dsa-3889",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-1000376",
      datePublished: "2017-06-19T16:00:00",
      dateReserved: "2017-06-19T00:00:00",
      dateUpdated: "2024-08-05T22:00:41.083Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4253
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-06 16:38
Severity ?
Summary
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.
Impacted products
Vendor Product Version
n/a Red Hat Openshift Version: Red Hat Openshift 1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:38:01.711Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2014/06/05/19",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Red Hat Openshift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Red Hat Openshift 1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The deployment script in the unsupported \"OpenShift Extras\" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-377",
                     description: "CWE-377",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-19T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://www.openwall.com/lists/oss-security/2014/06/05/19",
            },
            {
               url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4253",
      datePublished: "2022-10-19T00:00:00",
      dateReserved: "2013-06-12T00:00:00",
      dateUpdated: "2024-08-06T16:38:01.711Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36769
Vulnerability from cvelistv5
Published
2023-04-26 02:52
Modified
2024-08-03 10:14
Summary
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.
Impacted products
Vendor Product Version
IBM Cloud Pak for Data Version: 4.5, 4.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:14:27.951Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6980959",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Cloud Pak for Data",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "4.5, 4.6",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.</span>\n\n",
                  },
               ],
               value: "\nIBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-77",
                     description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-26T02:52:02.470Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6980959",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Cloud Pak for Data file upload",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-36769",
      datePublished: "2023-04-26T02:52:02.470Z",
      dateReserved: "2022-07-26T14:04:17.544Z",
      dateUpdated: "2024-08-03T10:14:27.951Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3703
Vulnerability from cvelistv5
Published
2016-06-08 17:00
Modified
2024-08-06 00:03
Severity ?
Summary
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.
References
https://access.redhat.com/errata/RHSA-2016:1094vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2016:1095vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.425Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:1094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1094",
               },
               {
                  name: "RHSA-2016:1095",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1095",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-08T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:1094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1094",
            },
            {
               name: "RHSA-2016:1095",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1095",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3703",
      datePublished: "2016-06-08T17:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.425Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-2060
Vulnerability from cvelistv5
Published
2020-01-28 15:57
Modified
2024-08-06 15:20
Severity ?
Summary
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
Impacted products
Vendor Product Version
Red Hat OpenShift Origin Version: unknown
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:20:37.415Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=960363",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/05/07/1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/59687",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift Origin",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "unknown",
                  },
               ],
            },
         ],
         datePublic: "2013-05-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Metacharacters",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-28T15:57:58",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=960363",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/05/07/1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/bid/59687",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-2060",
      datePublished: "2020-01-28T15:57:58",
      dateReserved: "2013-02-19T00:00:00",
      dateUpdated: "2024-08-06T15:20:37.415Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1069
Vulnerability from cvelistv5
Published
2018-03-09 14:00
Modified
2024-08-05 03:51
Severity ?
Summary
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.
References
Impacted products
Vendor Product Version
Red Hat, Inc. OpenShift Enterprise Version: 3.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:51:47.337Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1552987",
               },
               {
                  name: "103364",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103364",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift Enterprise",
               vendor: "Red Hat, Inc.",
               versions: [
                  {
                     status: "affected",
                     version: "3.7",
                  },
               ],
            },
         ],
         datePublic: "2018-03-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "CWE-284 (Improper Access Control)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-13T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1552987",
            },
            {
               name: "103364",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103364",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2018-1069",
      datePublished: "2018-03-09T14:00:00Z",
      dateReserved: "2017-12-04T00:00:00",
      dateUpdated: "2024-08-05T03:51:47.337Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3636
Vulnerability from cvelistv5
Published
2021-07-30 19:27
Modified
2024-08-03 17:01
Severity ?
Summary
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.
References
Impacted products
Vendor Product Version
n/a openshift Version: openshift 4.8
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:01:07.589Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "openshift 4.8",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-295",
                     description: "CWE-295->CWE-287",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-30T19:27:06",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2021-3636",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "openshift",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "openshift 4.8",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-295->CWE-287",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3636",
      datePublished: "2021-07-30T19:27:06",
      dateReserved: "2021-07-02T00:00:00",
      dateUpdated: "2024-08-03T17:01:07.589Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1810
Vulnerability from cvelistv5
Published
2015-10-16 20:00
Modified
2024-08-06 04:54
Severity ?
Summary
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:54:16.404Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
               },
               {
                  name: "RHSA-2015:1844",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-02-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T15:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
            },
            {
               name: "RHSA-2015:1844",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-1810",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
                  },
                  {
                     name: "RHSA-2015:1844",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-1810",
      datePublished: "2015-10-16T20:00:00",
      dateReserved: "2015-02-17T00:00:00",
      dateUpdated: "2024-08-06T04:54:16.404Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5254
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-08-06 06:41
Severity ?
Summary
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:08.759Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-3524",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3524",
               },
               {
                  name: "RHSA-2016:2035",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html",
               },
               {
                  name: "FEDORA-2015-7ca4368b0c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html",
               },
               {
                  name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/12/08/6",
               },
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
               },
               {
                  name: "FEDORA-2015-eefc5a6762",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html",
               },
               {
                  name: "RHSA-2016:2036",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.apache.org/jira/browse/AMQ-6013",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt",
               },
               {
                  name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-12-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-03-27T19:06:06",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-3524",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3524",
            },
            {
               name: "RHSA-2016:2035",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html",
            },
            {
               name: "FEDORA-2015-7ca4368b0c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html",
            },
            {
               name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/12/08/6",
            },
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
            },
            {
               name: "FEDORA-2015-eefc5a6762",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html",
            },
            {
               name: "RHSA-2016:2036",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.apache.org/jira/browse/AMQ-6013",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt",
            },
            {
               name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5254",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-3524",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3524",
                  },
                  {
                     name: "RHSA-2016:2035",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html",
                  },
                  {
                     name: "FEDORA-2015-7ca4368b0c",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html",
                  },
                  {
                     name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/12/08/6",
                  },
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
                     refsource: "CONFIRM",
                     url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
                  },
                  {
                     name: "FEDORA-2015-eefc5a6762",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html",
                  },
                  {
                     name: "RHSA-2016:2036",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
                  },
                  {
                     name: "https://issues.apache.org/jira/browse/AMQ-6013",
                     refsource: "CONFIRM",
                     url: "https://issues.apache.org/jira/browse/AMQ-6013",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  },
                  {
                     name: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt",
                     refsource: "CONFIRM",
                     url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt",
                  },
                  {
                     name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5254",
      datePublished: "2016-01-08T19:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:08.759Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-38911
Vulnerability from cvelistv5
Published
2021-10-19 15:15
Modified
2024-09-17 02:52
Summary
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
Impacted products
Vendor Product Version
IBM Cloud Pak for Security Version: 1.7.2.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T01:51:20.358Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6505281",
               },
               {
                  name: "ibm-cprm-cve202138911-info-disc (209940)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cloud Pak for Security",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "1.7.2.0",
                  },
               ],
            },
         ],
         datePublic: "2021-10-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 3.9,
                  temporalSeverity: "LOW",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/PR:H/AC:H/AV:N/UI:N/I:N/C:H/A:N/S:U/RL:O/E:U/RC:C",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-19T15:15:16",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6505281",
            },
            {
               name: "ibm-cprm-cve202138911-info-disc (209940)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2021-10-18T00:00:00",
               ID: "CVE-2021-38911",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cloud Pak for Security",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.7.2.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "H",
                     AV: "N",
                     C: "H",
                     I: "N",
                     PR: "H",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6505281",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6505281 (Cloud Pak for Security)",
                     url: "https://www.ibm.com/support/pages/node/6505281",
                  },
                  {
                     name: "ibm-cprm-cve202138911-info-disc (209940)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2021-38911",
      datePublished: "2021-10-19T15:15:16.168555Z",
      dateReserved: "2021-08-16T00:00:00",
      dateUpdated: "2024-09-17T02:52:18.423Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-29906
Vulnerability from cvelistv5
Published
2021-10-08 17:20
Modified
2024-09-16 17:32
Summary
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
Impacted products
Vendor Product Version
IBM App Connect Enterprise Certified Container Version: 1.0.0
Version: 1.0.1
Version: 1.0.2
Version: 1.0.3
Version: 1.0.4
Version: 1.0.5
Version: 1.1
Version: 1.2
Version: 1.3
Version: 1.4
Version: 1.5
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T22:18:03.366Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6497177",
               },
               {
                  name: "ibm-appconnect-cve202129906-info-disc (207630)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "App Connect Enterprise Certified Container",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "1.0.0",
                  },
                  {
                     status: "affected",
                     version: "1.0.1",
                  },
                  {
                     status: "affected",
                     version: "1.0.2",
                  },
                  {
                     status: "affected",
                     version: "1.0.3",
                  },
                  {
                     status: "affected",
                     version: "1.0.4",
                  },
                  {
                     status: "affected",
                     version: "1.0.5",
                  },
                  {
                     status: "affected",
                     version: "1.1",
                  },
                  {
                     status: "affected",
                     version: "1.2",
                  },
                  {
                     status: "affected",
                     version: "1.3",
                  },
                  {
                     status: "affected",
                     version: "1.4",
                  },
                  {
                     status: "affected",
                     version: "1.5",
                  },
               ],
            },
         ],
         datePublic: "2021-10-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 4.5,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/I:N/S:U/A:N/C:H/AV:L/PR:N/UI:N/AC:H/E:U/RC:C/RL:O",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-08T17:20:13",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6497177",
            },
            {
               name: "ibm-appconnect-cve202129906-info-disc (207630)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2021-10-07T00:00:00",
               ID: "CVE-2021-29906",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "App Connect Enterprise Certified Container",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.0.0",
                                       },
                                       {
                                          version_value: "1.0.1",
                                       },
                                       {
                                          version_value: "1.0.2",
                                       },
                                       {
                                          version_value: "1.0.3",
                                       },
                                       {
                                          version_value: "1.0.4",
                                       },
                                       {
                                          version_value: "1.0.5",
                                       },
                                       {
                                          version_value: "1.1",
                                       },
                                       {
                                          version_value: "1.2",
                                       },
                                       {
                                          version_value: "1.3",
                                       },
                                       {
                                          version_value: "1.4",
                                       },
                                       {
                                          version_value: "1.5",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "H",
                     AV: "L",
                     C: "H",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6497177",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6497177 (App Connect Enterprise Certified Container)",
                     url: "https://www.ibm.com/support/pages/node/6497177",
                  },
                  {
                     name: "ibm-appconnect-cve202129906-info-disc (207630)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2021-29906",
      datePublished: "2021-10-08T17:20:13.582974Z",
      dateReserved: "2021-03-31T00:00:00",
      dateUpdated: "2024-09-16T17:32:49.745Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-5658
Vulnerability from cvelistv5
Published
2013-02-24 22:00
Modified
2024-08-06 21:14
Severity ?
Summary
rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:14:16.412Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2013:0220",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=889062",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-02-24T22:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2013:0220",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=889062",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-5658",
      datePublished: "2013-02-24T22:00:00Z",
      dateReserved: "2012-10-24T00:00:00Z",
      dateUpdated: "2024-08-06T21:14:16.412Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-41740
Vulnerability from cvelistv5
Published
2023-01-05 17:30
Modified
2024-08-03 12:49
Summary
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.
Impacted products
Vendor Product Version
IBM Robotic Process Automation Version: 20.12   
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T12:49:43.782Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6852657",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Robotic Process Automation",
               vendor: "IBM",
               versions: [
                  {
                     lessThan: "21.0.6",
                     status: "affected",
                     version: "20.12",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.</span>\n\n",
                  },
               ],
               value: "\nIBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "PHYSICAL",
                  availabilityImpact: "NONE",
                  baseScore: 4.6,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "316 Cleartext Storage of Sensitive Information in Memory",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-05T17:30:38.568Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/6852657",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Robotic Process Automation information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-41740",
      datePublished: "2023-01-05T17:30:38.568Z",
      dateReserved: "2022-09-28T17:18:53.377Z",
      dateUpdated: "2024-08-03T12:49:43.782Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-1707
Vulnerability from cvelistv5
Published
2020-03-20 00:00
Modified
2024-08-04 06:46
Summary
A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
[UNKNOWN] openshift/postgresql-apb Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T06:46:30.234Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/postgresql-apb",
               vendor: "[UNKNOWN]",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-732",
                     description: "CWE-732",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-07T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-1707",
      datePublished: "2020-03-20T00:00:00",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-04T06:46:30.234Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-5319
Vulnerability from cvelistv5
Published
2015-11-25 20:00
Modified
2024-08-06 06:41
Severity ?
Summary
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T06:41:09.531Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
               },
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-11-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
            },
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2015-5319",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2016:0489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
                  },
                  {
                     name: "RHSA-2016:0070",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:0070",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-5319",
      datePublished: "2015-11-25T20:00:00",
      dateReserved: "2015-07-01T00:00:00",
      dateUpdated: "2024-08-06T06:41:09.531Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-2126
Vulnerability from cvelistv5
Published
2013-10-01 17:00
Modified
2024-08-06 19:26
Severity ?
Summary
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
References
http://secunia.com/advisories/55381third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1582-1/vendor-advisory, x_refsource_UBUNTU
https://github.com/rubygems/rubygems/blob/1.8/History.txtx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-1203.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=814718x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/04/20/24mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1852.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-1441.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:26:08.437Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "55381",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/55381",
               },
               {
                  name: "USN-1582-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1582-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
               },
               {
                  name: "RHSA-2013:1203",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
               },
               {
                  name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in  upstream v1.8.23 version",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
               },
               {
                  name: "RHSA-2013:1852",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
               },
               {
                  name: "RHSA-2013:1441",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-04-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-01-07T13:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "55381",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/55381",
            },
            {
               name: "USN-1582-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1582-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
            },
            {
               name: "RHSA-2013:1203",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
            },
            {
               name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in  upstream v1.8.23 version",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
            },
            {
               name: "RHSA-2013:1852",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
            },
            {
               name: "RHSA-2013:1441",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2012-2126",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "55381",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/55381",
                  },
                  {
                     name: "USN-1582-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1582-1/",
                  },
                  {
                     name: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
                     refsource: "CONFIRM",
                     url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt",
                  },
                  {
                     name: "RHSA-2013:1203",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718",
                  },
                  {
                     name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in  upstream v1.8.23 version",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/04/20/24",
                  },
                  {
                     name: "RHSA-2013:1852",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html",
                  },
                  {
                     name: "RHSA-2013:1441",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-2126",
      datePublished: "2013-10-01T17:00:00",
      dateReserved: "2012-04-04T00:00:00",
      dateUpdated: "2024-08-06T19:26:08.437Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3722
Vulnerability from cvelistv5
Published
2016-05-17 14:00
Modified
2024-08-06 00:03
Severity ?
Summary
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:03:34.469Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
               },
               {
                  name: "RHSA-2016:1206",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1206",
               },
               {
                  name: "RHSA-2016:1773",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
            },
            {
               name: "RHSA-2016:1206",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1206",
            },
            {
               name: "RHSA-2016:1773",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-3722",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
                  },
                  {
                     name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                     refsource: "CONFIRM",
                     url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
                  },
                  {
                     name: "RHSA-2016:1206",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1206",
                  },
                  {
                     name: "RHSA-2016:1773",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-3722",
      datePublished: "2016-05-17T14:00:00",
      dateReserved: "2016-03-30T00:00:00",
      dateUpdated: "2024-08-06T00:03:34.469Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3697
Vulnerability from cvelistv5
Published
2022-07-06 15:06
Modified
2024-08-03 17:01
Severity ?
Summary
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Impacted products
Vendor Product Version
n/a grub2 Version: grub-2.06
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:01:08.539Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687",
               },
               {
                  name: "GLSA-202209-12",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-12",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "grub2",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "grub-2.06",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-30T15:06:20",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687",
            },
            {
               name: "GLSA-202209-12",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-12",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2021-3697",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "grub2",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "grub-2.06",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-787",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687",
                  },
                  {
                     name: "GLSA-202209-12",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-12",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220930-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220930-0001/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2021-3697",
      datePublished: "2022-07-06T15:06:47",
      dateReserved: "2021-08-10T00:00:00",
      dateUpdated: "2024-08-03T17:01:08.539Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-5392
Vulnerability from cvelistv5
Published
2016-08-05 15:00
Modified
2024-08-06 01:00
Severity ?
Summary
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
References
http://www.securityfocus.com/bid/91793vdb-entry, x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1356195x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1427vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:00:59.812Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "91793",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91793",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356195",
               },
               {
                  name: "RHSA-2016:1427",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1427",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-07-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-08-05T14:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "91793",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/91793",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356195",
            },
            {
               name: "RHSA-2016:1427",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1427",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-5392",
      datePublished: "2016-08-05T15:00:00",
      dateReserved: "2016-06-10T00:00:00",
      dateUpdated: "2024-08-06T01:00:59.812Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-0229
Vulnerability from cvelistv5
Published
2023-01-25 00:00
Modified
2024-08-02 05:02
Severity ?
Summary
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
Impacted products
Vendor Product Version
n/a github.com/openshift/apiserver-library-go Version: openshift/apiserver-library-go 4.11
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:02:44.191Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160349",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "github.com/openshift/apiserver-library-go",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "openshift/apiserver-library-go 4.11",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-25T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160349",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2023-0229",
      datePublished: "2023-01-25T00:00:00",
      dateReserved: "2023-01-12T00:00:00",
      dateUpdated: "2024-08-02T05:02:44.191Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19351
Vulnerability from cvelistv5
Published
2020-03-18 16:33
Modified
2024-08-05 02:16
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.
References
Impacted products
Vendor Product Version
Red Hat openshift Version: Openshift 4 and 3.11
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:16:47.395Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "Openshift 4 and 3.11",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-18T16:33:50",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-19351",
      datePublished: "2020-03-18T16:33:50",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-05T02:16:47.395Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6648
Vulnerability from cvelistv5
Published
2019-09-04 15:49
Modified
2024-08-04 20:23
Severity ?
Summary
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
Impacted products
Vendor Product Version
n/a F5 Container Ingress Service Version: 1.9.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:23:22.425Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.f5.com/csp/article/K74327432",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "F5 Container Ingress Service",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "1.9.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-09T19:07:38",
            orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            shortName: "f5",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.f5.com/csp/article/K74327432",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "f5sirt@f5.com",
               ID: "CVE-2019-6648",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "F5 Container Ingress Service",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.9.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.f5.com/csp/article/K74327432",
                     refsource: "MISC",
                     url: "https://support.f5.com/csp/article/K74327432",
                  },
                  {
                     name: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp;utm_medium=RSS",
                     refsource: "CONFIRM",
                     url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp;utm_medium=RSS",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
      assignerShortName: "f5",
      cveId: "CVE-2019-6648",
      datePublished: "2019-09-04T15:49:06",
      dateReserved: "2019-01-22T00:00:00",
      dateUpdated: "2024-08-04T20:23:22.425Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19355
Vulnerability from cvelistv5
Published
2020-03-18 16:35
Modified
2024-08-05 02:16
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.
References
Impacted products
Vendor Product Version
Red Hat openshift Version: Openshift 4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:16:47.078Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "Openshift 4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-18T16:35:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-19355",
      datePublished: "2020-03-18T16:35:00",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-05T02:16:47.078Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-1759
Vulnerability from cvelistv5
Published
2020-04-13 12:04
Modified
2024-08-04 06:46
Summary
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Impacted products
Vendor Product Version
The Ceph Project ceph Version: Red Hat Ceph Storage 4
Version: Red Hat Openshift Container Storage 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T06:46:30.894Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759",
               },
               {
                  name: "FEDORA-2020-81b9c6cddc",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/",
               },
               {
                  name: "GLSA-202105-39",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202105-39",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "ceph",
               vendor: "The Ceph Project",
               versions: [
                  {
                     status: "affected",
                     version: "Red Hat Ceph Storage 4",
                  },
                  {
                     status: "affected",
                     version: "Red Hat Openshift Container Storage 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-323",
                     description: "CWE-323",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-05-26T23:06:21",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759",
            },
            {
               name: "FEDORA-2020-81b9c6cddc",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/",
            },
            {
               name: "GLSA-202105-39",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202105-39",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2020-1759",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "ceph",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Red Hat Ceph Storage 4",
                                       },
                                       {
                                          version_value: "Red Hat Openshift Container Storage 4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "The Ceph Project",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "6.4/CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                        version: "3.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-323",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759",
                  },
                  {
                     name: "FEDORA-2020-81b9c6cddc",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/",
                  },
                  {
                     name: "GLSA-202105-39",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202105-39",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-1759",
      datePublished: "2020-04-13T12:04:04",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-04T06:46:30.894Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19349
Vulnerability from cvelistv5
Published
2021-03-24 15:32
Modified
2024-08-05 02:16
Severity ?
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Impacted products
Vendor Product Version
n/a operator-framework/operator-metering Version: as shipped in Red Hat Openshift 4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:16:47.170Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793284",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "operator-framework/operator-metering",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "as shipped in Red Hat Openshift 4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-03-24T15:32:35",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793284",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2019-19349",
      datePublished: "2021-03-24T15:32:35",
      dateReserved: "2019-11-27T00:00:00",
      dateUpdated: "2024-08-05T02:16:47.170Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3667
Vulnerability from cvelistv5
Published
2014-10-16 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:18.215Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T16:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3667",
      datePublished: "2014-10-16T19:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:18.215Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-0233
Vulnerability from cvelistv5
Published
2014-11-16 11:00
Modified
2024-08-06 09:05
Severity ?
Summary
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
References
http://rhn.redhat.com/errata/RHSA-2014-0530.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-0529.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1096955x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:05:39.283Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2014:0530",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0530.html",
               },
               {
                  name: "RHSA-2014:0529",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0529.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1096955",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-05-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-11-16T02:57:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2014:0530",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0530.html",
            },
            {
               name: "RHSA-2014:0529",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0529.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1096955",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-0233",
      datePublished: "2014-11-16T11:00:00",
      dateReserved: "2013-12-03T00:00:00",
      dateUpdated: "2024-08-06T09:05:39.283Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3259
Vulnerability from cvelistv5
Published
2022-12-09 00:00
Modified
2024-08-03 01:07
Severity ?
Summary
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.
Impacted products
Vendor Product Version
n/a OpenShift Version: 4.9.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:07:05.557Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103220",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "4.9.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-665",
                     description: "CWE-665",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-09T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103220",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2022-3259",
      datePublished: "2022-12-09T00:00:00",
      dateReserved: "2022-09-21T00:00:00",
      dateUpdated: "2024-08-03T01:07:05.557Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-3661
Vulnerability from cvelistv5
Published
2014-10-16 19:00
Modified
2024-08-06 10:50
Severity ?
Summary
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:50:18.247Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2016:0070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:0070",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-10-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-06-09T15:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2016:0070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:0070",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2014-3661",
      datePublished: "2014-10-16T19:00:00",
      dateReserved: "2014-05-14T00:00:00",
      dateUpdated: "2024-08-06T10:50:18.247Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-44487
Vulnerability from cvelistv5
Published
2023-10-10 00:00
Modified
2024-08-19 07:48
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
https://news.ycombinator.com/item?id=37831062
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/haproxy/haproxy/issues/2312
https://github.com/eclipse/jetty.project/issues/10679
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://github.com/caddyserver/caddy/issues/5877
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/grpc/grpc-go/pull/6703
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
https://my.f5.com/manage/s/article/K000137106
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
https://github.com/microsoft/CBL-Mariner/pull/6381
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
https://github.com/facebook/proxygen/pull/466
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
https://github.com/micrictor/http2-rst-stream
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
https://github.com/h2o/h2o/pull/3291
https://github.com/nodejs/node/pull/50121
https://github.com/dotnet/announcements/issues/277
https://github.com/golang/go/issues/63417
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/apache/trafficserver/pull/10564
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://www.openwall.com/lists/oss-security/2023/10/10/6
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/oqtane/oqtane.framework/discussions/3367
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
https://news.ycombinator.com/item?id=37837043
https://github.com/kazu-yamamoto/http2/issues/93
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
https://www.debian.org/security/2023/dsa-5522vendor-advisory
https://www.debian.org/security/2023/dsa-5521vendor-advisory
https://access.redhat.com/security/cve/cve-2023-44487
https://github.com/ninenines/cowboy/issues/1615
https://github.com/varnishcache/varnish-cache/issues/3996
https://github.com/tempesta-tech/tempesta/issues/1986
https://blog.vespa.ai/cve-2023-44487/
https://github.com/etcd-io/etcd/issues/16740
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
https://istio.io/latest/news/security/istio-security-2023-004/
https://github.com/junkurihara/rust-rpxy/issues/97
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://ubuntu.com/security/CVE-2023-44487
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/apache/httpd-site/pull/10
https://github.com/projectcontour/contour/pull/5826
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
https://github.com/line/armeria/pull/5232
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
https://security.paloaltonetworks.com/CVE-2023-44487
https://github.com/akka/akka-http/issues/4323
https://github.com/openresty/openresty/issues/930
https://github.com/apache/apisix/issues/10320
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.htmlmailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/4mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/9mailing-list
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/vendor-advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.htmlmailing-list
https://security.netapp.com/advisory/ntap-20231016-0001/
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.htmlmailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/4mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/8mailing-list
http://www.openwall.com/lists/oss-security/2023/10/19/6mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.htmlmailing-list
https://www.debian.org/security/2023/dsa-5540vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.htmlmailing-list
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.htmlmailing-list
https://www.debian.org/security/2023/dsa-5549vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/vendor-advisory
https://www.debian.org/security/2023/dsa-5558vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.htmlmailing-list
https://security.gentoo.org/glsa/202311-09vendor-advisory
https://www.debian.org/security/2023/dsa-5570vendor-advisory
https://security.netapp.com/advisory/ntap-20240426-0007/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20240621-0007/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "http",
                  vendor: "ietf",
                  versions: [
                     {
                        status: "affected",
                        version: "2.0",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 7.5,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "NONE",
                     integrityImpact: "NONE",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-44487",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-23T20:34:21.334116Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2023-10-10",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-400",
                        description: "CWE-400 Uncontrolled Resource Consumption",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-23T20:35:03.253Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-19T07:48:04.546Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=37831062",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/envoyproxy/envoy/pull/30055",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/haproxy/haproxy/issues/2312",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/eclipse/jetty.project/issues/10679",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/nghttp2/nghttp2/pull/1961",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/alibaba/tengine/issues/1872",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=37830987",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=37830998",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/caddyserver/caddy/issues/5877",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/bcdannyboy/CVE-2023-44487",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/grpc/grpc-go/pull/6703",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://my.f5.com/manage/s/article/K000137106",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/microsoft/CBL-Mariner/pull/6381",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/facebook/proxygen/pull/466",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/micrictor/http2-rst-stream",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/h2o/h2o/pull/3291",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/nodejs/node/pull/50121",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/dotnet/announcements/issues/277",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/golang/go/issues/63417",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-vx74-f528-fxqg",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/apache/trafficserver/pull/10564",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2023/10/10/6",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/opensearch-project/data-prepper/issues/3474",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/kubernetes/kubernetes/pull/121120",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/oqtane/oqtane.framework/discussions/3367",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://netty.io/news/2023/10/10/4-1-100-Final.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=37837043",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/kazu-yamamoto/http2/issues/93",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113",
               },
               {
                  name: "DSA-5522",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5522",
               },
               {
                  name: "DSA-5521",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5521",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2023-44487",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/ninenines/cowboy/issues/1615",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/varnishcache/varnish-cache/issues/3996",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/tempesta-tech/tempesta/issues/1986",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.vespa.ai/cve-2023-44487/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/etcd-io/etcd/issues/16740",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://istio.io/latest/news/security/istio-security-2023-004/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/junkurihara/rust-rpxy/issues/97",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://ubuntu.com/security/CVE-2023-44487",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/apache/httpd-site/pull/10",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/projectcontour/contour/pull/5826",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/line/armeria/pull/5232",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.paloaltonetworks.com/CVE-2023-44487",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/akka/akka-http/issues/4323",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/openresty/openresty/issues/930",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/apache/apisix/issues/10320",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Azure/AKS/issues/3947",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Kong/kong/discussions/11741",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5",
               },
               {
                  name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
               },
               {
                  name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/10/13/4",
               },
               {
                  name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/10/13/9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html",
               },
               {
                  name: "FEDORA-2023-ed2642fd58",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/",
               },
               {
                  name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20231016-0001/",
               },
               {
                  name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html",
               },
               {
                  name: "[oss-security] 20231018 Vulnerability in Jenkins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/10/18/4",
               },
               {
                  name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/10/18/8",
               },
               {
                  name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/10/19/6",
               },
               {
                  name: "FEDORA-2023-54fadada12",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/",
               },
               {
                  name: "FEDORA-2023-5ff7bf1dd8",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/",
               },
               {
                  name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/10/20/8",
               },
               {
                  name: "FEDORA-2023-17efd3f2cd",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/",
               },
               {
                  name: "FEDORA-2023-d5030c983c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
               },
               {
                  name: "FEDORA-2023-0259c3f26f",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
               },
               {
                  name: "FEDORA-2023-2a9214af5f",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/",
               },
               {
                  name: "FEDORA-2023-e9c04d81c1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
               },
               {
                  name: "FEDORA-2023-f66fc0f62a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
               },
               {
                  name: "FEDORA-2023-4d2fd884ea",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
               },
               {
                  name: "FEDORA-2023-b2c50535cb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/",
               },
               {
                  name: "FEDORA-2023-fe53e13b5b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
               },
               {
                  name: "FEDORA-2023-4bf641255e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
               },
               {
                  name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html",
               },
               {
                  name: "DSA-5540",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5540",
               },
               {
                  name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
               },
               {
                  name: "FEDORA-2023-1caffb88af",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/",
               },
               {
                  name: "FEDORA-2023-3f70b8d406",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/",
               },
               {
                  name: "FEDORA-2023-7b52921cae",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
               },
               {
                  name: "FEDORA-2023-7934802344",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/",
               },
               {
                  name: "FEDORA-2023-dbe64661af",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
               },
               {
                  name: "FEDORA-2023-822aab0a5a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
               },
               {
                  name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html",
               },
               {
                  name: "DSA-5549",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5549",
               },
               {
                  name: "FEDORA-2023-c0c6a91330",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
               },
               {
                  name: "FEDORA-2023-492b7be466",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
               },
               {
                  name: "DSA-5558",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5558",
               },
               {
                  name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html",
               },
               {
                  name: "GLSA-202311-09",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202311-09",
               },
               {
                  name: "DSA-5570",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5570",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240426-0007/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0007/",
               },
               {
                  url: "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:08:34.967324",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73",
            },
            {
               url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
            },
            {
               url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/",
            },
            {
               url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
            },
            {
               url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
            },
            {
               url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/",
            },
            {
               url: "https://news.ycombinator.com/item?id=37831062",
            },
            {
               url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
            },
            {
               url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
            },
            {
               url: "https://github.com/envoyproxy/envoy/pull/30055",
            },
            {
               url: "https://github.com/haproxy/haproxy/issues/2312",
            },
            {
               url: "https://github.com/eclipse/jetty.project/issues/10679",
            },
            {
               url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764",
            },
            {
               url: "https://github.com/nghttp2/nghttp2/pull/1961",
            },
            {
               url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
            },
            {
               url: "https://github.com/alibaba/tengine/issues/1872",
            },
            {
               url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2",
            },
            {
               url: "https://news.ycombinator.com/item?id=37830987",
            },
            {
               url: "https://news.ycombinator.com/item?id=37830998",
            },
            {
               url: "https://github.com/caddyserver/caddy/issues/5877",
            },
            {
               url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
            },
            {
               url: "https://github.com/bcdannyboy/CVE-2023-44487",
            },
            {
               url: "https://github.com/grpc/grpc-go/pull/6703",
            },
            {
               url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
            },
            {
               url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0",
            },
            {
               url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html",
            },
            {
               url: "https://my.f5.com/manage/s/article/K000137106",
            },
            {
               url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/",
            },
            {
               url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
            },
            {
               url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9",
            },
            {
               url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
            },
            {
               url: "https://github.com/microsoft/CBL-Mariner/pull/6381",
            },
            {
               url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
            },
            {
               url: "https://github.com/facebook/proxygen/pull/466",
            },
            {
               url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
            },
            {
               url: "https://github.com/micrictor/http2-rst-stream",
            },
            {
               url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
            },
            {
               url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
            },
            {
               url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf",
            },
            {
               url: "https://github.com/h2o/h2o/pull/3291",
            },
            {
               url: "https://github.com/nodejs/node/pull/50121",
            },
            {
               url: "https://github.com/dotnet/announcements/issues/277",
            },
            {
               url: "https://github.com/golang/go/issues/63417",
            },
            {
               url: "https://github.com/advisories/GHSA-vx74-f528-fxqg",
            },
            {
               url: "https://github.com/apache/trafficserver/pull/10564",
            },
            {
               url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487",
            },
            {
               url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
            },
            {
               url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
            },
            {
               url: "https://www.openwall.com/lists/oss-security/2023/10/10/6",
            },
            {
               url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
            },
            {
               url: "https://github.com/opensearch-project/data-prepper/issues/3474",
            },
            {
               url: "https://github.com/kubernetes/kubernetes/pull/121120",
            },
            {
               url: "https://github.com/oqtane/oqtane.framework/discussions/3367",
            },
            {
               url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p",
            },
            {
               url: "https://netty.io/news/2023/10/10/4-1-100-Final.html",
            },
            {
               url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
            },
            {
               url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/",
            },
            {
               url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
            },
            {
               url: "https://news.ycombinator.com/item?id=37837043",
            },
            {
               url: "https://github.com/kazu-yamamoto/http2/issues/93",
            },
            {
               url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html",
            },
            {
               url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1",
            },
            {
               url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113",
            },
            {
               name: "DSA-5522",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2023/dsa-5522",
            },
            {
               name: "DSA-5521",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2023/dsa-5521",
            },
            {
               url: "https://access.redhat.com/security/cve/cve-2023-44487",
            },
            {
               url: "https://github.com/ninenines/cowboy/issues/1615",
            },
            {
               url: "https://github.com/varnishcache/varnish-cache/issues/3996",
            },
            {
               url: "https://github.com/tempesta-tech/tempesta/issues/1986",
            },
            {
               url: "https://blog.vespa.ai/cve-2023-44487/",
            },
            {
               url: "https://github.com/etcd-io/etcd/issues/16740",
            },
            {
               url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event",
            },
            {
               url: "https://istio.io/latest/news/security/istio-security-2023-004/",
            },
            {
               url: "https://github.com/junkurihara/rust-rpxy/issues/97",
            },
            {
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
            },
            {
               url: "https://ubuntu.com/security/CVE-2023-44487",
            },
            {
               url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125",
            },
            {
               url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3",
            },
            {
               url: "https://github.com/apache/httpd-site/pull/10",
            },
            {
               url: "https://github.com/projectcontour/contour/pull/5826",
            },
            {
               url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632",
            },
            {
               url: "https://github.com/line/armeria/pull/5232",
            },
            {
               url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/",
            },
            {
               url: "https://security.paloaltonetworks.com/CVE-2023-44487",
            },
            {
               url: "https://github.com/akka/akka-http/issues/4323",
            },
            {
               url: "https://github.com/openresty/openresty/issues/930",
            },
            {
               url: "https://github.com/apache/apisix/issues/10320",
            },
            {
               url: "https://github.com/Azure/AKS/issues/3947",
            },
            {
               url: "https://github.com/Kong/kong/discussions/11741",
            },
            {
               url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487",
            },
            {
               url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/",
            },
            {
               url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5",
            },
            {
               name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
            },
            {
               name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/10/13/4",
            },
            {
               name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/10/13/9",
            },
            {
               url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/",
            },
            {
               url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html",
            },
            {
               name: "FEDORA-2023-ed2642fd58",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
            },
            {
               url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/",
            },
            {
               name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20231016-0001/",
            },
            {
               name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html",
            },
            {
               name: "[oss-security] 20231018 Vulnerability in Jenkins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/10/18/4",
            },
            {
               name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/10/18/8",
            },
            {
               name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/10/19/6",
            },
            {
               name: "FEDORA-2023-54fadada12",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/",
            },
            {
               name: "FEDORA-2023-5ff7bf1dd8",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/",
            },
            {
               name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/10/20/8",
            },
            {
               name: "FEDORA-2023-17efd3f2cd",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/",
            },
            {
               name: "FEDORA-2023-d5030c983c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
            },
            {
               name: "FEDORA-2023-0259c3f26f",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
            },
            {
               name: "FEDORA-2023-2a9214af5f",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/",
            },
            {
               name: "FEDORA-2023-e9c04d81c1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
            },
            {
               name: "FEDORA-2023-f66fc0f62a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
            },
            {
               name: "FEDORA-2023-4d2fd884ea",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
            },
            {
               name: "FEDORA-2023-b2c50535cb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/",
            },
            {
               name: "FEDORA-2023-fe53e13b5b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/",
            },
            {
               name: "FEDORA-2023-4bf641255e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/",
            },
            {
               name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html",
            },
            {
               name: "DSA-5540",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2023/dsa-5540",
            },
            {
               name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html",
            },
            {
               url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
            },
            {
               name: "FEDORA-2023-1caffb88af",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/",
            },
            {
               name: "FEDORA-2023-3f70b8d406",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/",
            },
            {
               name: "FEDORA-2023-7b52921cae",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
            },
            {
               name: "FEDORA-2023-7934802344",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/",
            },
            {
               name: "FEDORA-2023-dbe64661af",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
            },
            {
               name: "FEDORA-2023-822aab0a5a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/",
            },
            {
               name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html",
            },
            {
               name: "DSA-5549",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2023/dsa-5549",
            },
            {
               name: "FEDORA-2023-c0c6a91330",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
            },
            {
               name: "FEDORA-2023-492b7be466",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
            },
            {
               name: "DSA-5558",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2023/dsa-5558",
            },
            {
               name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html",
            },
            {
               name: "GLSA-202311-09",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202311-09",
            },
            {
               name: "DSA-5570",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2023/dsa-5570",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240426-0007/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0007/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-44487",
      datePublished: "2023-10-10T00:00:00",
      dateReserved: "2023-09-29T00:00:00",
      dateUpdated: "2024-08-19T07:48:04.546Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-0238
Vulnerability from cvelistv5
Published
2017-09-25 19:00
Modified
2024-08-06 04:03
Severity ?
Summary
selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:03:10.646Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2015-0238",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1184739",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-01-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-25T18:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2015-0238",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1184739",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2015-0238",
      datePublished: "2017-09-25T19:00:00",
      dateReserved: "2014-11-18T00:00:00",
      dateUpdated: "2024-08-06T04:03:10.646Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-8651
Vulnerability from cvelistv5
Published
2018-08-01 16:00
Modified
2024-08-06 02:27
Summary
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
References
http://www.securityfocus.com/bid/94935vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2016:2915vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651x_refsource_CONFIRM
Impacted products
Vendor Product Version
Red Hat OpenShift Enterprise Version: 3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T02:27:41.203Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "94935",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/94935",
               },
               {
                  name: "RHSA-2016:2915",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:2915",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenShift Enterprise",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "3",
                  },
               ],
            },
         ],
         datePublic: "2016-12-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.1,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-08-02T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "94935",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/94935",
            },
            {
               name: "RHSA-2016:2915",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:2915",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-8651",
      datePublished: "2018-08-01T16:00:00",
      dateReserved: "2016-10-12T00:00:00",
      dateUpdated: "2024-08-06T02:27:41.203Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4281
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-06 16:38
Severity ?
Summary
In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.
Impacted products
Vendor Product Version
n/a Red Hat Openshift Version: Red Hat Openshift 1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:38:01.908Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2014/06/05/19",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Red Hat Openshift",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Red Hat Openshift 1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-276",
                     description: "CWE-276",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-19T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://www.openwall.com/lists/oss-security/2014/06/05/19",
            },
            {
               url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4281",
      datePublished: "2022-10-19T00:00:00",
      dateReserved: "2013-06-12T00:00:00",
      dateUpdated: "2024-08-06T16:38:01.908Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-9592
Vulnerability from cvelistv5
Published
2018-04-16 14:00
Modified
2024-08-06 02:59
Summary
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.
References
Impacted products
Vendor Product Version
unspecified openshift Version: openshift 3.3.1.11
Version: openshift 3.2.1.23
Version: openshift 3.4
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T02:59:02.472Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592",
               },
               {
                  name: "94991",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/94991",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift",
               vendor: "unspecified",
               versions: [
                  {
                     status: "affected",
                     version: "openshift 3.3.1.11",
                  },
                  {
                     status: "affected",
                     version: " openshift 3.2.1.23",
                  },
                  {
                     status: "affected",
                     version: " openshift 3.4",
                  },
               ],
            },
         ],
         datePublic: "2016-12-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-460",
                     description: "CWE-460",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-04-17T09:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592",
            },
            {
               name: "94991",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/94991",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2016-9592",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "openshift",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "openshift 3.3.1.11",
                                       },
                                       {
                                          version_value: " openshift 3.2.1.23",
                                       },
                                       {
                                          version_value: " openshift 3.4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.",
                  },
               ],
            },
            impact: {
               cvss: [
                  [
                     {
                        vectorString: "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                        version: "3.0",
                     },
                  ],
                  [
                     {
                        vectorString: "3.5/AV:N/AC:M/Au:S/C:N/I:N/A:P",
                        version: "2.0",
                     },
                  ],
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-460",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592",
                  },
                  {
                     name: "94991",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/94991",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-9592",
      datePublished: "2018-04-16T14:00:00",
      dateReserved: "2016-11-23T00:00:00",
      dateUpdated: "2024-08-06T02:59:02.472Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10715
Vulnerability from cvelistv5
Published
2020-09-16 18:00
Modified
2024-08-04 11:14
Severity ?
Summary
A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.
Impacted products
Vendor Product Version
n/a openshift/console Version: 3.11 and 4.x
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:14:14.279Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/openshift/origin-web-console/pull/3173",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "openshift/console",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "3.11 and 4.x",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-16T18:00:27",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/openshift/origin-web-console/pull/3173",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2020-10715",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "openshift/console",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "3.11 and 4.x",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-20",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/openshift/origin-web-console/pull/3173",
                     refsource: "MISC",
                     url: "https://github.com/openshift/origin-web-console/pull/3173",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-10715",
      datePublished: "2020-09-16T18:00:27",
      dateReserved: "2020-03-20T00:00:00",
      dateUpdated: "2024-08-04T11:14:14.279Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

var-201607-0547
Vulnerability from variot

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Open vSwitch is prone to multiple remote buffer-overflow vulnerabilities because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow attackers to execute arbitrary code or cause denial-of-service conditions. It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. The following versions are affected: OVS Version 2.2.x, Version 2.3.x, Version 2.4.x.

Background

Open vSwitch is a production quality multilayer virtual switch.

Workaround

There is no known workaround at this time.

Resolution

All Open vSwitch users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.5.0"

References

[ 1 ] CVE-2016-2074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2074

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-07

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--FOwRaKoxFb5txc6jCpaFu8xVgvCjK1wAH--

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: openvswitch security update Advisory ID: RHSA-2016:0615-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:0615 Issue date: 2016-04-11 CVE Names: CVE-2016-2074 =====================================================================

  1. Summary:

Updated openvswitch packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1.

Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

  1. Relevant releases/architectures:

Red Hat OpenShift Enterprise 3.1 - noarch, x86_64

  1. Description:

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. (CVE-2016-2074)

Red Hat would like to thank the Open vSwitch Project for reporting these issues. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the original reporters of CVE-2016-2074.

This update includes the following images:

openshift3/openvswitch:v3.1.1.6-9 aep3_beta/openvswitch:v3.1.1.6-9 openshift3/node:v3.1.1.6-16 aep3_beta/node:v3.1.1.6-16

All openvswitch users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability

  1. Package List:

Red Hat OpenShift Enterprise 3.1:

Source: openvswitch-2.4.0-2.el7_2.src.rpm

noarch: openvswitch-test-2.4.0-2.el7_2.noarch.rpm python-openvswitch-2.4.0-2.el7_2.noarch.rpm

x86_64: openvswitch-2.4.0-2.el7_2.x86_64.rpm openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm openvswitch-devel-2.4.0-2.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2016-2074 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXDKHJXlSAg2UNWIIRArVMAJ9kWC3bedooegoZ6ADWrLKD9xKzCQCfUQmK /IpUBYvFD22Fc2VwgoAoq2g= =EyZn -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

For the stable distribution (jessie), this problem has been fixed in version 2.3.0+git20140819-3+deb8u1.

For the unstable distribution (sid), this problem has been fixed in version 2.3.0+git20140819-4.

We recommend that you upgrade your openvswitch packages. Description:

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0547",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "openshift",
            scope: "eq",
            trust: 1.6,
            vendor: "redhat",
            version: "3.1",
         },
         {
            model: "openvswitch",
            scope: "eq",
            trust: 1,
            vendor: "openvswitch",
            version: "2.3.0",
         },
         {
            model: "openvswitch",
            scope: "eq",
            trust: 1,
            vendor: "openvswitch",
            version: "2.4.0",
         },
         {
            model: "openvswitch",
            scope: "eq",
            trust: 1,
            vendor: "openvswitch",
            version: "2.3.1",
         },
         {
            model: "openvswitch",
            scope: "eq",
            trust: 1,
            vendor: "openvswitch",
            version: "2.2.0",
         },
         {
            model: "openvswitch",
            scope: "eq",
            trust: 1,
            vendor: "openvswitch",
            version: "2.3.2",
         },
         {
            model: "open vswitch",
            scope: "lt",
            trust: 0.8,
            vendor: "open vswitch",
            version: "2.4.x",
         },
         {
            model: "open vswitch",
            scope: "lt",
            trust: 0.8,
            vendor: "open vswitch",
            version: "2.3.x",
         },
         {
            model: "openshift",
            scope: "eq",
            trust: 0.8,
            vendor: "red hat",
            version: "enterprise",
         },
         {
            model: "open vswitch",
            scope: "eq",
            trust: 0.8,
            vendor: "open vswitch",
            version: "2.3.3",
         },
         {
            model: "open vswitch",
            scope: "eq",
            trust: 0.8,
            vendor: "open vswitch",
            version: "2.2.x",
         },
         {
            model: "open vswitch",
            scope: "eq",
            trust: 0.8,
            vendor: "open vswitch",
            version: "2.4.1",
         },
         {
            model: "openstack",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "7.0",
         },
         {
            model: "enterprise linux openstack platform for rhel",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "75.0",
         },
         {
            model: "vswitch open vswitch",
            scope: "eq",
            trust: 0.3,
            vendor: "open",
            version: "2.4",
         },
         {
            model: "vswitch open vswitch",
            scope: "eq",
            trust: 0.3,
            vendor: "open",
            version: "2.3",
         },
         {
            model: "vswitch open vswitch",
            scope: "eq",
            trust: 0.3,
            vendor: "open",
            version: "2.2",
         },
         {
            model: "linux",
            scope: null,
            trust: 0.3,
            vendor: "gentoo",
            version: null,
         },
         {
            model: "linux sparc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux s/390",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux mips",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux ia-64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux ia-32",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "xenserver cu1",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "7.1",
         },
         {
            model: "xenserver",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "7.0",
         },
         {
            model: "vswitch open vswitch",
            scope: "ne",
            trust: 0.3,
            vendor: "open",
            version: "2.5",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "85700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            db: "NVD",
            id: "CVE-2016-2074",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201603-406",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.3.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.3.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.3.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2016-2074",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat",
      sources: [
         {
            db: "PACKETSTORM",
            id: "136659",
         },
         {
            db: "PACKETSTORM",
            id: "136470",
         },
         {
            db: "PACKETSTORM",
            id: "136469",
         },
         {
            db: "PACKETSTORM",
            id: "136483",
         },
      ],
      trust: 0.4,
   },
   cve: "CVE-2016-2074",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2016-2074",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "VHN-90893",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2016-2074",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2016-2074",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201603-406",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULHUB",
                  id: "VHN-90893",
                  trust: 0.1,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2016-2074",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-90893",
         },
         {
            db: "VULMON",
            id: "CVE-2016-2074",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            db: "NVD",
            id: "CVE-2016-2074",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201603-406",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Open vSwitch is prone to multiple remote buffer-overflow vulnerabilities because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. \nSuccessful exploits may allow attackers to execute arbitrary code or cause denial-of-service conditions. It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. The following versions are affected: OVS Version 2.2.x, Version 2.3.x, Version 2.4.x. \n\nBackground\n==========\n\nOpen vSwitch is a production quality multilayer virtual switch. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Open vSwitch users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=net-misc/openvswitch-2.5.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2074\n      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2074\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--FOwRaKoxFb5txc6jCpaFu8xVgvCjK1wAH--\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: openvswitch security update\nAdvisory ID:       RHSA-2016:0615-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2016:0615\nIssue date:        2016-04-11\nCVE Names:         CVE-2016-2074 \n=====================================================================\n\n1. Summary:\n\nUpdated openvswitch packages that fix one security issue are now available \nfor Red Hat OpenShift Enterprise 3.1. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Enterprise 3.1 - noarch, x86_64\n\n3. Description:\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or private\ncloud deployments. \n\nA buffer overflow flaw was discovered in the OVS processing of MPLS labels. \nA remote attacker able to deliver a frame containing a malicious MPLS label\nthat would be processed by OVS could trigger the flaw and use the resulting\nmemory corruption to cause a denial of service (DoS) or, possibly, execute \narbitrary code. (CVE-2016-2074)\n\nRed Hat would like to thank the Open vSwitch Project for reporting these \nissues. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as \nthe original reporters of CVE-2016-2074. \n\nThis update includes the following images:\n\nopenshift3/openvswitch:v3.1.1.6-9\naep3_beta/openvswitch:v3.1.1.6-9\nopenshift3/node:v3.1.1.6-16\naep3_beta/node:v3.1.1.6-16\n\nAll openvswitch users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability\n\n6. Package List:\n\nRed Hat OpenShift Enterprise 3.1:\n\nSource:\nopenvswitch-2.4.0-2.el7_2.src.rpm\n\nnoarch:\nopenvswitch-test-2.4.0-2.el7_2.noarch.rpm\npython-openvswitch-2.4.0-2.el7_2.noarch.rpm\n\nx86_64:\nopenvswitch-2.4.0-2.el7_2.x86_64.rpm\nopenvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm\nopenvswitch-devel-2.4.0-2.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2074\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXDKHJXlSAg2UNWIIRArVMAJ9kWC3bedooegoZ6ADWrLKD9xKzCQCfUQmK\n/IpUBYvFD22Fc2VwgoAoq2g=\n=EyZn\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.3.0+git20140819-3+deb8u1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.0+git20140819-4. \n\nWe recommend that you upgrade your openvswitch packages. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic",
      sources: [
         {
            db: "NVD",
            id: "CVE-2016-2074",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            db: "BID",
            id: "85700",
         },
         {
            db: "VULHUB",
            id: "VHN-90893",
         },
         {
            db: "VULMON",
            id: "CVE-2016-2074",
         },
         {
            db: "PACKETSTORM",
            id: "140320",
         },
         {
            db: "PACKETSTORM",
            id: "136659",
         },
         {
            db: "PACKETSTORM",
            id: "136470",
         },
         {
            db: "PACKETSTORM",
            id: "136464",
         },
         {
            db: "PACKETSTORM",
            id: "136469",
         },
         {
            db: "PACKETSTORM",
            id: "136483",
         },
      ],
      trust: 2.61,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2016-2074",
            trust: 3.5,
         },
         {
            db: "BID",
            id: "85700",
            trust: 1.5,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
            trust: 0.8,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2016/03/29/1",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201603-406",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "136483",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "136470",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "136659",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "136469",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "136464",
            trust: 0.2,
         },
         {
            db: "VULHUB",
            id: "VHN-90893",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2016-2074",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "140320",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-90893",
         },
         {
            db: "VULMON",
            id: "CVE-2016-2074",
         },
         {
            db: "BID",
            id: "85700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            db: "PACKETSTORM",
            id: "140320",
         },
         {
            db: "PACKETSTORM",
            id: "136659",
         },
         {
            db: "PACKETSTORM",
            id: "136470",
         },
         {
            db: "PACKETSTORM",
            id: "136464",
         },
         {
            db: "PACKETSTORM",
            id: "136469",
         },
         {
            db: "PACKETSTORM",
            id: "136483",
         },
         {
            db: "NVD",
            id: "CVE-2016-2074",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201603-406",
         },
      ],
   },
   id: "VAR-201607-0547",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-90893",
         },
      ],
      trust: 0.725,
   },
   last_update_date: "2023-12-18T13:19:40.697000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "[ovs-announce] Open vSwitch 2.4.1 and 2.3.3 Available",
            trust: 0.8,
            url: "http://openvswitch.org/pipermail/announce/2016-march/000083.html",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://openvswitch.org/",
         },
         {
            title: "[ovs-announce] CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch",
            trust: 0.8,
            url: "http://openvswitch.org/pipermail/announce/2016-march/000082.html",
         },
         {
            title: "Bug 1318553",
            trust: 0.8,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
         },
         {
            title: "RHSA-2016:0615",
            trust: 0.8,
            url: "https://access.redhat.com/errata/rhsa-2016:0615",
         },
         {
            title: "CVE-2016-2074",
            trust: 0.8,
            url: "https://security-tracker.debian.org/tracker/cve-2016-2074",
         },
         {
            title: "Debian Security Advisories: DSA-3533-1 openvswitch -- security update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=315e4d420e18888a1f323d0bb1f6011f",
         },
         {
            title: "Red Hat: CVE-2016-2074",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2016-2074",
         },
         {
            title: "Citrix Security Bulletins: Citrix XenServer Multiple Security Updates",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=181b7d97210e9284f8fa51fda2290181",
         },
         {
            title: "secure-vhost",
            trust: 0.1,
            url: "https://github.com/ictyangye/secure-vhost ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2016-2074",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-119",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-90893",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            db: "NVD",
            id: "CVE-2016-2074",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.8,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
         },
         {
            trust: 1.8,
            url: "https://security-tracker.debian.org/tracker/cve-2016-2074",
         },
         {
            trust: 1.8,
            url: "http://openvswitch.org/pipermail/announce/2016-march/000082.html",
         },
         {
            trust: 1.8,
            url: "http://openvswitch.org/pipermail/announce/2016-march/000083.html",
         },
         {
            trust: 1.5,
            url: "https://support.citrix.com/article/ctx232655",
         },
         {
            trust: 1.3,
            url: "http://www.securityfocus.com/bid/85700",
         },
         {
            trust: 1.3,
            url: "https://security.gentoo.org/glsa/201701-07",
         },
         {
            trust: 1.3,
            url: "http://rhn.redhat.com/errata/rhsa-2016-0523.html",
         },
         {
            trust: 1.3,
            url: "http://rhn.redhat.com/errata/rhsa-2016-0524.html",
         },
         {
            trust: 1.3,
            url: "http://rhn.redhat.com/errata/rhsa-2016-0537.html",
         },
         {
            trust: 1.3,
            url: "https://access.redhat.com/errata/rhsa-2016:0615",
         },
         {
            trust: 1.2,
            url: "http://www.debian.org/security/2016/dsa-3533",
         },
         {
            trust: 0.9,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2074",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2074",
         },
         {
            trust: 0.6,
            url: "http://www.openwall.com/lists/oss-security/2016/03/29/1",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2016-2074",
         },
         {
            trust: 0.4,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.4,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.4,
            url: "https://access.redhat.com/security/team/key/",
         },
         {
            trust: 0.4,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.4,
            url: "https://access.redhat.com/security/cve/cve-2016-2074",
         },
         {
            trust: 0.4,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.4,
            url: "https://access.redhat.com/security/updates/classification/#important",
         },
         {
            trust: 0.3,
            url: "http://openvswitch.org/",
         },
         {
            trust: 0.3,
            url: "http://seclists.org/oss-sec/2016/q1/706",
         },
         {
            trust: 0.3,
            url: "https://access.redhat.com/errata/rhsa-2016:0537",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/119.html",
         },
         {
            trust: 0.1,
            url: "https://github.com/ictyangye/secure-vhost",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/./dsa-3533",
         },
         {
            trust: 0.1,
            url: "http://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-90893",
         },
         {
            db: "VULMON",
            id: "CVE-2016-2074",
         },
         {
            db: "BID",
            id: "85700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            db: "PACKETSTORM",
            id: "140320",
         },
         {
            db: "PACKETSTORM",
            id: "136659",
         },
         {
            db: "PACKETSTORM",
            id: "136470",
         },
         {
            db: "PACKETSTORM",
            id: "136464",
         },
         {
            db: "PACKETSTORM",
            id: "136469",
         },
         {
            db: "PACKETSTORM",
            id: "136483",
         },
         {
            db: "NVD",
            id: "CVE-2016-2074",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201603-406",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-90893",
         },
         {
            db: "VULMON",
            id: "CVE-2016-2074",
         },
         {
            db: "BID",
            id: "85700",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            db: "PACKETSTORM",
            id: "140320",
         },
         {
            db: "PACKETSTORM",
            id: "136659",
         },
         {
            db: "PACKETSTORM",
            id: "136470",
         },
         {
            db: "PACKETSTORM",
            id: "136464",
         },
         {
            db: "PACKETSTORM",
            id: "136469",
         },
         {
            db: "PACKETSTORM",
            id: "136483",
         },
         {
            db: "NVD",
            id: "CVE-2016-2074",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201603-406",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2016-07-03T00:00:00",
            db: "VULHUB",
            id: "VHN-90893",
         },
         {
            date: "2016-07-03T00:00:00",
            db: "VULMON",
            id: "CVE-2016-2074",
         },
         {
            date: "2016-03-28T00:00:00",
            db: "BID",
            id: "85700",
         },
         {
            date: "2016-07-11T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            date: "2017-01-02T16:48:46",
            db: "PACKETSTORM",
            id: "140320",
         },
         {
            date: "2016-04-12T15:13:15",
            db: "PACKETSTORM",
            id: "136659",
         },
         {
            date: "2016-03-30T15:10:59",
            db: "PACKETSTORM",
            id: "136470",
         },
         {
            date: "2016-03-29T15:15:27",
            db: "PACKETSTORM",
            id: "136464",
         },
         {
            date: "2016-03-30T15:10:48",
            db: "PACKETSTORM",
            id: "136469",
         },
         {
            date: "2016-03-30T23:29:15",
            db: "PACKETSTORM",
            id: "136483",
         },
         {
            date: "2016-07-03T21:59:10.837000",
            db: "NVD",
            id: "CVE-2016-2074",
         },
         {
            date: "2016-03-29T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201603-406",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-23T00:00:00",
            db: "VULHUB",
            id: "VHN-90893",
         },
         {
            date: "2018-03-23T00:00:00",
            db: "VULMON",
            id: "CVE-2016-2074",
         },
         {
            date: "2018-03-23T08:00:00",
            db: "BID",
            id: "85700",
         },
         {
            date: "2016-09-05T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
         {
            date: "2018-03-23T01:29:00.523000",
            db: "NVD",
            id: "CVE-2016-2074",
         },
         {
            date: "2016-07-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201603-406",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "140320",
         },
         {
            db: "PACKETSTORM",
            id: "136659",
         },
         {
            db: "PACKETSTORM",
            id: "136470",
         },
         {
            db: "PACKETSTORM",
            id: "136464",
         },
         {
            db: "PACKETSTORM",
            id: "136469",
         },
         {
            db: "PACKETSTORM",
            id: "136483",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201603-406",
         },
      ],
      trust: 1.2,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Open vSwitch of  ovs-vswitchd of  lib/flow.c Vulnerable to buffer overflow",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2016-003485",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "overflow, arbitrary",
      sources: [
         {
            db: "PACKETSTORM",
            id: "140320",
         },
         {
            db: "PACKETSTORM",
            id: "136659",
         },
         {
            db: "PACKETSTORM",
            id: "136470",
         },
         {
            db: "PACKETSTORM",
            id: "136464",
         },
         {
            db: "PACKETSTORM",
            id: "136469",
         },
         {
            db: "PACKETSTORM",
            id: "136483",
         },
      ],
      trust: 0.6,
   },
}

var-201805-1189
Vulnerability from variot

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Spring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description:

Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. For further information, refer to the Release Notes linked to in the References section.

Security Fix(es):

  • spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)

  • spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)

  • spring-security-oauth2: Remote Code Execution with spring-security-oauth2 (CVE-2018-1260)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat Fuse 7.2 security update Advisory ID: RHSA-2018:3768-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:3768 Issue date: 2018-12-04 CVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 =====================================================================

  1. Summary:

An update is now available for Red Hat Fuse.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions.

Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently.

This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • xmlrpc: Deserialization of untrusted Java object through tag (CVE-2016-5003)

  • tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)

  • ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint (CVE-2018-8018)

  • apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)

  • xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002)

  • undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)

  • spring-data-commons: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)

  • kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass (CVE-2018-1288)

  • tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)

  • camel-mail: path traversal vulnerability (CVE-2018-8041)

  • vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537)

  • spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Eedo Shapira (GE Digital) for reporting CVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat).

  1. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Installation instructions are located in the download section of the customer portal.

The References section of this erratum contains a download link (you must log in to download the update).

  1. Bugs fixed (https://bugzilla.redhat.com/):

1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through tag 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins 1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint 1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass 1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability

  1. References:

https://access.redhat.com/security/cve/CVE-2016-5002 https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2018-1257 https://access.redhat.com/security/cve/CVE-2018-1259 https://access.redhat.com/security/cve/CVE-2018-1288 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-8014 https://access.redhat.com/security/cve/CVE-2018-8018 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-8041 https://access.redhat.com/security/cve/CVE-2018-12537 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/ https://access.redhat.com/articles/2939351

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B RWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI 87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF Ea+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/ BVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4 ahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H bcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S WlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf dbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9 1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA e4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g UOgTm4iHIhQ= =RCpd -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1189",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "openshift",
            scope: "eq",
            trust: 1.6,
            vendor: "redhat",
            version: null,
         },
         {
            model: "enterprise manager ops center",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.3.3",
         },
         {
            model: "goldengate for big data",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.3.2.1",
         },
         {
            model: "hospitality guest access",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "4.2.0",
         },
         {
            model: "flexcube private banking",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "2.0.0.0",
         },
         {
            model: "primavera gateway",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "17.12",
         },
         {
            model: "agile product lifecycle management",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "9.3.4",
         },
         {
            model: "flexcube private banking",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.0.3.0",
         },
         {
            model: "insurance rules palette",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "10.1",
         },
         {
            model: "retail predictive application server",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "16.0",
         },
         {
            model: "communications performance intelligence center",
            scope: "lt",
            trust: 1,
            vendor: "oracle",
            version: "10.2.1",
         },
         {
            model: "insurance rules palette",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "10.2",
         },
         {
            model: "tape library acsls",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "8.4",
         },
         {
            model: "insurance calculation engine",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "10.2.1",
         },
         {
            model: "agile product lifecycle management",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "9.3.6",
         },
         {
            model: "big data discovery",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "1.6.0",
         },
         {
            model: "weblogic server",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "10.3.6.0.0",
         },
         {
            model: "communications services gatekeeper",
            scope: "lt",
            trust: 1,
            vendor: "oracle",
            version: "6.1.0.4.0",
         },
         {
            model: "retail open commerce platform",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "6.0.1",
         },
         {
            model: "enterprise manager base platform",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.1.0.5.0",
         },
         {
            model: "utilities network management system",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "1.12.0.3",
         },
         {
            model: "retail customer insights",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "15.0",
         },
         {
            model: "application testing suite",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.5.0.3",
         },
         {
            model: "endeca information discovery integrator",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "3.2.0",
         },
         {
            model: "application testing suite",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "13.2.0.1",
         },
         {
            model: "retail order broker",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "16.0",
         },
         {
            model: "retail predictive application server",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "14.1",
         },
         {
            model: "service architecture leveraging tuxedo",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.1.3.0.0",
         },
         {
            model: "retail open commerce platform",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "6.0.0",
         },
         {
            model: "communications converged application server",
            scope: "lt",
            trust: 1,
            vendor: "oracle",
            version: "7.0.0.1",
         },
         {
            model: "communications unified inventory management",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "7.3.2",
         },
         {
            model: "application testing suite",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "13.1.0.1",
         },
         {
            model: "healthcare master person index",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "4.0",
         },
         {
            model: "spring framework",
            scope: "lt",
            trust: 1,
            vendor: "vmware",
            version: "4.3.17",
         },
         {
            model: "agile product lifecycle management",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "9.3.5",
         },
         {
            model: "communications unified inventory management",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "7.3.5",
         },
         {
            model: "enterprise manager base platform",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "13.2.0.0.0",
         },
         {
            model: "insurance rules palette",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "10.0",
         },
         {
            model: "retail order broker",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "5.1",
         },
         {
            model: "flexcube private banking",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "2.2.0.1",
         },
         {
            model: "flexcube private banking",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.0.1.0",
         },
         {
            model: "insurance rules palette",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "11.0",
         },
         {
            model: "retail predictive application server",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "14.0",
         },
         {
            model: "goldengate for big data",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.3.1.1",
         },
         {
            model: "retail predictive application server",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "15.0",
         },
         {
            model: "spring framework",
            scope: "lt",
            trust: 1,
            vendor: "vmware",
            version: "5.0.6",
         },
         {
            model: "weblogic server",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.1.3.0.0",
         },
         {
            model: "weblogic server",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.2.1.3.0",
         },
         {
            model: "retail open commerce platform",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "5.3.0",
         },
         {
            model: "enterprise manager for mysql database",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "13.2",
         },
         {
            model: "service architecture leveraging tuxedo",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.2.2.0.0",
         },
         {
            model: "insurance rules palette",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "11.1",
         },
         {
            model: "primavera gateway",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "15.2",
         },
         {
            model: "primavera gateway",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "16.2",
         },
         {
            model: "healthcare master person index",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "3.0",
         },
         {
            model: "agile product lifecycle management",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "9.3.3",
         },
         {
            model: "goldengate for big data",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.2.0.1",
         },
         {
            model: "insurance calculation engine",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "10.2",
         },
         {
            model: "communications unified inventory management",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "7.3.4",
         },
         {
            model: "retail order broker",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "5.2",
         },
         {
            model: "insurance calculation engine",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "10.1.1",
         },
         {
            model: "application testing suite",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "13.3.0.1",
         },
         {
            model: "enterprise manager base platform",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "13.3.0.0.0",
         },
         {
            model: "communications diameter signaling router",
            scope: "lt",
            trust: 1,
            vendor: "oracle",
            version: "8.3",
         },
         {
            model: "spring framework",
            scope: "gte",
            trust: 1,
            vendor: "vmware",
            version: "5.0.0",
         },
         {
            model: "endeca information discovery integrator",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "3.1.0",
         },
         {
            model: "flexcube private banking",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "12.1.0.0",
         },
         {
            model: "hospitality guest access",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "4.2.1",
         },
         {
            model: "communications unified inventory management",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "7.4.0",
         },
         {
            model: "retail customer insights",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "16.0",
         },
         {
            model: "retail order broker",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "15.0",
         },
         {
            model: "health sciences information manager",
            scope: "eq",
            trust: 1,
            vendor: "oracle",
            version: "3.0",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.8,
            vendor: "pivotal",
            version: "4.3.17",
         },
         {
            model: "openshift",
            scope: null,
            trust: 0.8,
            vendor: "red hat",
            version: null,
         },
         {
            model: "spring framework",
            scope: "lt",
            trust: 0.8,
            vendor: "pivotal",
            version: "4.3.x",
         },
         {
            model: "spring framework",
            scope: "lt",
            trust: 0.8,
            vendor: "pivotal",
            version: "5.0.x",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.8,
            vendor: "pivotal",
            version: "5.0.6",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "4.3",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "5.0.1",
         },
         {
            model: "spring framework",
            scope: "ne",
            trust: 0.3,
            vendor: "pivotal",
            version: "4.3.17",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "5.0.4",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "5.0.2",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "5.0",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "5.0.3",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "4.3.15",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "4.3.14",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "5.0.5",
         },
         {
            model: "spring framework",
            scope: "ne",
            trust: 0.3,
            vendor: "pivotal",
            version: "5.0.6",
         },
         {
            model: "spring framework",
            scope: "eq",
            trust: 0.3,
            vendor: "pivotal",
            version: "4.3.16",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "104260",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            db: "NVD",
            id: "CVE-2018-1257",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "4.3.17",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "5.0.6",
                        versionStartIncluding: "5.0.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "8.3",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.2.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "6.1.0.4.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "7.0.0.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-1257",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.",
      sources: [
         {
            db: "BID",
            id: "104260",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2018-1257",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "Single",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2018-1257",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8,
                  id: "VHN-122542",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:S/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.8,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 6.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2018-1257",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "Low",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2018-1257",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201805-405",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-122542",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2018-1257",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-122542",
         },
         {
            db: "VULMON",
            id: "CVE-2018-1257",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            db: "NVD",
            id: "CVE-2018-1257",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. \nSpring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description:\n\nRed Hat Openshift Application Runtimes provides an application platform\nthat reduces the complexity of developing and operating applications\n(monoliths and microservices) for OpenShift as a containerized platform. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)\n\n* spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)\n\n* spring-security-oauth2: Remote Code Execution with spring-security-oauth2\n(CVE-2018-1260)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging\n1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration\n1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat Fuse 7.2 security update\nAdvisory ID:       RHSA-2018:3768-01\nProduct:           Red Hat JBoss Fuse\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:3768\nIssue date:        2018-12-04\nCVE Names:         CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 \n                   CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 \n                   CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 \n                   CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat Fuse. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse enables integration experts, application developers, and\nbusiness users to collaborate and independently develop connected\nsolutions. \n\nFuse is part of an agile integration solution. Its distributed approach\nallows teams to deploy integrated services where required. The API-centric,\ncontainer-based architecture decouples services so they can be created,\nextended, and deployed independently. \n\nThis release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse\n7.1, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* xmlrpc: Deserialization of untrusted Java object through\n<ex:serializable> tag (CVE-2016-5003)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* ignite: Improper deserialization allows for code execution via\nGridClientJdkMarshaller endpoint (CVE-2018-8018)\n\n* apache-cxf: TLS hostname verification does not work correctly with\ncom.sun.net.ssl.* (CVE-2018-8039)\n\n* xmlrpc: XML external entity vulnerability SSRF via a crafted DTD\n(CVE-2016-5002)\n\n* undertow: Client can use bogus uri in Digest authentication\n(CVE-2017-12196)\n\n* spring-data-commons: XXE with Spring Dataas XMLBeam integration\n(CVE-2018-1259)\n\n* kafka: Users can perform Broker actions via crafted fetch requests,\ninterfering with data replication and causing data lass (CVE-2018-1288)\n\n* tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for\nall origins (CVE-2018-8014)\n\n* camel-mail: path traversal vulnerability (CVE-2018-8041)\n\n* vertx: Improper neutralization of CRLF sequences allows remote attackers\nto inject arbitrary HTTP response headers (CVE-2018-12537)\n\n* spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Eedo Shapira (GE Digital) for reporting\nCVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red\nHat). \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication\n1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD\n1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag\n1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging\n1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration\n1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins\n1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers\n1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*\n1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS\n1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint\n1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass\n1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-5002\nhttps://access.redhat.com/security/cve/CVE-2016-5003\nhttps://access.redhat.com/security/cve/CVE-2017-12196\nhttps://access.redhat.com/security/cve/CVE-2018-1257\nhttps://access.redhat.com/security/cve/CVE-2018-1259\nhttps://access.redhat.com/security/cve/CVE-2018-1288\nhttps://access.redhat.com/security/cve/CVE-2018-1336\nhttps://access.redhat.com/security/cve/CVE-2018-8014\nhttps://access.redhat.com/security/cve/CVE-2018-8018\nhttps://access.redhat.com/security/cve/CVE-2018-8039\nhttps://access.redhat.com/security/cve/CVE-2018-8041\nhttps://access.redhat.com/security/cve/CVE-2018-12537\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/\nhttps://access.redhat.com/articles/2939351\n\n6. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B\nRWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI\n87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF\nEa+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/\nBVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4\nahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H\nbcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S\nWlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf\ndbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9\n1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA\ne4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g\nUOgTm4iHIhQ=\n=RCpd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-1257",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            db: "BID",
            id: "104260",
         },
         {
            db: "VULHUB",
            id: "VHN-122542",
         },
         {
            db: "VULMON",
            id: "CVE-2018-1257",
         },
         {
            db: "PACKETSTORM",
            id: "148079",
         },
         {
            db: "PACKETSTORM",
            id: "150645",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2018-1257",
            trust: 3.1,
         },
         {
            db: "BID",
            id: "104260",
            trust: 2.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "148079",
            trust: 0.2,
         },
         {
            db: "VULHUB",
            id: "VHN-122542",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2018-1257",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "150645",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-122542",
         },
         {
            db: "VULMON",
            id: "CVE-2018-1257",
         },
         {
            db: "BID",
            id: "104260",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            db: "PACKETSTORM",
            id: "148079",
         },
         {
            db: "PACKETSTORM",
            id: "150645",
         },
         {
            db: "NVD",
            id: "CVE-2018-1257",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
   },
   id: "VAR-201805-1189",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-122542",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T11:14:21.447000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "CVE-2018-1257: ReDoS Attack with spring-messaging",
            trust: 0.8,
            url: "https://pivotal.io/security/cve-2018-1257",
         },
         {
            title: "RHSA-2018:1809",
            trust: 0.8,
            url: "https://access.redhat.com/errata/rhsa-2018:1809",
         },
         {
            title: "Pivotal Spring Framework Security vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80032",
         },
         {
            title: "Red Hat: Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20181809 - security advisory",
         },
         {
            title: "Red Hat: CVE-2018-1257",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2018-1257",
         },
         {
            title: "Red Hat: Important: Red Hat Fuse 7.2 security update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20183768 - security advisory",
         },
         {
            title: "Oracle: Oracle Critical Patch Update Advisory - January 2019",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b",
         },
         {
            title: "Oracle: Oracle Critical Patch Update Advisory - October 2018",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385",
         },
         {
            title: "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dea47d76eee003a50f853f241578c37",
         },
         {
            title: "cybsec",
            trust: 0.1,
            url: "https://github.com/ilmari666/cybsec ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2018-1257",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "NVD-CWE-noinfo",
            trust: 1,
         },
         {
            problemtype: "CWE-20",
            trust: 0.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-122542",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            db: "NVD",
            id: "CVE-2018-1257",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "http://www.securityfocus.com/bid/104260",
         },
         {
            trust: 2.1,
            url: "https://pivotal.io/security/cve-2018-1257",
         },
         {
            trust: 2,
            url: "https://access.redhat.com/errata/rhsa-2018:1809",
         },
         {
            trust: 1.9,
            url: "https://access.redhat.com/errata/rhsa-2018:3768",
         },
         {
            trust: 1.8,
            url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
         },
         {
            trust: 1.8,
            url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
         },
         {
            trust: 1.8,
            url: "https://www.oracle.com/security-alerts/cpujan2020.html",
         },
         {
            trust: 1.8,
            url: "https://www.oracle.com/security-alerts/cpujul2020.html",
         },
         {
            trust: 1.8,
            url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
         },
         {
            trust: 1.8,
            url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
         },
         {
            trust: 1.8,
            url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
         },
         {
            trust: 1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-1257",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1257",
         },
         {
            trust: 0.6,
            url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/",
         },
         {
            trust: 0.3,
            url: "http://pivotal.io/",
         },
         {
            trust: 0.2,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.2,
            url: "https://access.redhat.com/security/cve/cve-2018-1259",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-1259",
         },
         {
            trust: 0.2,
            url: "https://access.redhat.com/security/cve/cve-2018-1257",
         },
         {
            trust: 0.2,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.2,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.2,
            url: "https://access.redhat.com/security/updates/classification/#important",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://github.com/ilmari666/cybsec",
         },
         {
            trust: 0.1,
            url: "https://tools.cisco.com/security/center/viewalert.x?alertid=57884",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=catrhoar.spring.boot&downloadtype=distributions&version=1.5.13",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-1260",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-1260",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-8018",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2016-5003",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-12537",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-8014",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=distributions&version=7.2.0",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-8041",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-1288",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2016-5002",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-1336",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2016-5002",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2016-5003",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-12196",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-8039",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-8018",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-8039",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-1288",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-12537",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/articles/2939351",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-1336",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-8014",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-8041",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2017-12196",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-122542",
         },
         {
            db: "VULMON",
            id: "CVE-2018-1257",
         },
         {
            db: "BID",
            id: "104260",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            db: "PACKETSTORM",
            id: "148079",
         },
         {
            db: "PACKETSTORM",
            id: "150645",
         },
         {
            db: "NVD",
            id: "CVE-2018-1257",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-122542",
         },
         {
            db: "VULMON",
            id: "CVE-2018-1257",
         },
         {
            db: "BID",
            id: "104260",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            db: "PACKETSTORM",
            id: "148079",
         },
         {
            db: "PACKETSTORM",
            id: "150645",
         },
         {
            db: "NVD",
            id: "CVE-2018-1257",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-05-11T00:00:00",
            db: "VULHUB",
            id: "VHN-122542",
         },
         {
            date: "2018-05-11T00:00:00",
            db: "VULMON",
            id: "CVE-2018-1257",
         },
         {
            date: "2018-05-09T00:00:00",
            db: "BID",
            id: "104260",
         },
         {
            date: "2018-07-05T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            date: "2018-06-07T15:16:13",
            db: "PACKETSTORM",
            id: "148079",
         },
         {
            date: "2018-12-06T02:15:34",
            db: "PACKETSTORM",
            id: "150645",
         },
         {
            date: "2018-05-11T20:29:00.213000",
            db: "NVD",
            id: "CVE-2018-1257",
         },
         {
            date: "2018-05-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-08-24T00:00:00",
            db: "VULHUB",
            id: "VHN-122542",
         },
         {
            date: "2022-06-23T00:00:00",
            db: "VULMON",
            id: "CVE-2018-1257",
         },
         {
            date: "2018-05-09T00:00:00",
            db: "BID",
            id: "104260",
         },
         {
            date: "2018-07-05T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
         {
            date: "2022-06-23T16:31:30.630000",
            db: "NVD",
            id: "CVE-2018-1257",
         },
         {
            date: "2021-10-21T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Spring Framework Input validation vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2018-005091",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Input Validation Error",
      sources: [
         {
            db: "BID",
            id: "104260",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201805-405",
         },
      ],
      trust: 0.9,
   },
}

var-202310-0175
Vulnerability from variot

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Description:

AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section.

Description:

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

Description:

nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

  • Packet Storm Staff

==================================================================== Red Hat Security Advisory

Synopsis: Important: dotnet6.0 security update Advisory ID: RHSA-2023:5710-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5710 Issue date: 2023-10-16 Revision: 01 CVE Names: CVE-2023-44487 ====================================================================

Summary:

An update for dotnet6.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23.

Security Fix(es):

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-44487

References:

https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024

nghttp2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in nghttp2.

Software Description: - nghttp2: HTTP/2 C Library and tools

Details:

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2

Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2

Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-5558-1 security@debian.org https://www.debian.org/security/ Markus Koschany November 18, 2023 https://www.debian.org/security/faq

Package : netty CVE ID : CVE-2023-34462 CVE-2023-44487 Debian Bug : 1038947 1054234

Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.

CVE-2023-34462

It might be possible for a remote peer to send a client hello packet during
a TLS handshake which lead the server to buffer up to 16 MB of data per
connection. This could lead to a OutOfMemoryError and so result in a denial
of service. 
This problem is also known as Rapid Reset Attack.

For the oldstable distribution (bullseye), these problems have been fixed in version 1:4.1.48-4+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in version 1:4.1.48-7+deb12u1.

We recommend that you upgrade your netty packages.

For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97 UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0 eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH 1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1 g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0 P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI= =4ExT -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "node maintenance operator",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "jboss core services",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "go",
            scope: "gte",
            trust: 1,
            vendor: "golang",
            version: "1.21.0",
         },
         {
            model: "istio",
            scope: "lt",
            trust: 1,
            vendor: "istio",
            version: "1.19.1",
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "crosswork zero touch provisioning",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "6.0.0",
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "integration camel for spring boot",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "windows 10 1809",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "10.0.17763.4974",
         },
         {
            model: "big-ip global traffic manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "big-ip application security manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "advanced cluster security",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "4.0",
         },
         {
            model: "expressway",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "x14.3.3",
         },
         {
            model: "ultra cloud core - policy control function",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "2024.01.0",
         },
         {
            model: "traffic server",
            scope: "gte",
            trust: 1,
            vendor: "apache",
            version: "9.0.0",
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "visual studio 2022",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "17.6",
         },
         {
            model: "big-ip domain name system",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "11.0",
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "openshift container platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "4.0",
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "satellite",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "6.0",
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "crosswork data gateway",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "4.1.3",
         },
         {
            model: "big-ip application security manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "nx-os",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "10.2\\(7\\)",
         },
         {
            model: "nginx plus",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "r25",
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "big-ip websafe",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "service interconnect",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "1.0",
         },
         {
            model: "fog director",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "1.22",
         },
         {
            model: "unified contact center domain manager",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: null,
         },
         {
            model: "big-ip access policy manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "asp.net core",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "7.0.12",
         },
         {
            model: "migration toolkit for applications",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "6.0",
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "crosswork data gateway",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: "5.0",
         },
         {
            model: "big-ip global traffic manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "go",
            scope: "lt",
            trust: 1,
            vendor: "golang",
            version: "1.20.10",
         },
         {
            model: "big-ip link controller",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "big-ip local traffic manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "big-ip webaccelerator",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: ".net",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "6.0.23",
         },
         {
            model: "ultra cloud core - policy control function",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "2024.01.0",
         },
         {
            model: "big-ip domain name system",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "enterprise chat and email",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: null,
         },
         {
            model: "tomcat",
            scope: "lte",
            trust: 1,
            vendor: "apache",
            version: "8.5.93",
         },
         {
            model: "proxygen",
            scope: "lt",
            trust: 1,
            vendor: "facebook",
            version: "2023.10.16.00",
         },
         {
            model: "big-ip application acceleration manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "big-ip link controller",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "process automation",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7.0",
         },
         {
            model: "big-ip local traffic manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "big-ip application acceleration manager",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "build of optaplanner",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.0",
         },
         {
            model: "jenkins",
            scope: "lte",
            trust: 1,
            vendor: "jenkins",
            version: "2.427",
         },
         {
            model: "visual studio 2022",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "17.7.5",
         },
         {
            model: "telepresence video communication server",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "x14.3.3",
         },
         {
            model: "big-ip analytics",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "big-ip fraud protection service",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "big-ip global traffic manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "big-ip webaccelerator",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "nginx plus",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "r30",
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "node.js",
            scope: "lt",
            trust: 1,
            vendor: "nodejs",
            version: "20.8.1",
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "swiftnio http\\/2",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "1.28.0",
         },
         {
            model: "linkerd",
            scope: "eq",
            trust: 1,
            vendor: "linkerd",
            version: "2.13.0",
         },
         {
            model: "caddy",
            scope: "lt",
            trust: 1,
            vendor: "caddyserver",
            version: "2.7.5",
         },
         {
            model: "tomcat",
            scope: "gte",
            trust: 1,
            vendor: "apache",
            version: "10.1.0",
         },
         {
            model: "astra control center",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "fence agents remediation operator",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "cert-manager operator for red hat openshift",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "advanced cluster management for kubernetes",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "2.0",
         },
         {
            model: "big-ip analytics",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "solr",
            scope: "lt",
            trust: 1,
            vendor: "apache",
            version: "9.4.0",
         },
         {
            model: "big-ip webaccelerator",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "big-ip local traffic manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "secure web appliance",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "15.1.0",
         },
         {
            model: "big-ip local traffic manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "big-ip websafe",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip global traffic manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "3scale api management platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "2.0",
         },
         {
            model: "big-ip fraud protection service",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "http",
            scope: "eq",
            trust: 1,
            vendor: "ietf",
            version: "2.0",
         },
         {
            model: "openshift",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip access policy manager",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "certification for red hat enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.0",
         },
         {
            model: "big-ip analytics",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "big-ip application acceleration manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "migration toolkit for containers",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: ".net",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "7.0.12",
         },
         {
            model: "big-ip global traffic manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "big-ip link controller",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "visual studio 2022",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "17.2.20",
         },
         {
            model: "big-ip local traffic manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "go",
            scope: "lt",
            trust: 1,
            vendor: "golang",
            version: "1.21.3",
         },
         {
            model: "windows 11 21h2",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "10.0.22000.2538",
         },
         {
            model: "jetty",
            scope: "lt",
            trust: 1,
            vendor: "eclipse",
            version: "9.4.53",
         },
         {
            model: "big-ip fraud protection service",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip webaccelerator",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "jenkins",
            scope: "lte",
            trust: 1,
            vendor: "jenkins",
            version: "2.414.2",
         },
         {
            model: "traffic server",
            scope: "lt",
            trust: 1,
            vendor: "apache",
            version: "8.1.9",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1,
            vendor: "apache",
            version: "11.0.0",
         },
         {
            model: "apisix",
            scope: "lt",
            trust: 1,
            vendor: "apache",
            version: "3.6.1",
         },
         {
            model: "certification for red hat enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "9.0",
         },
         {
            model: "big-ip websafe",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "jboss a-mq streams",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip domain name system",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "ios xr",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "7.11.2",
         },
         {
            model: "ultra cloud core - session management function",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "2024.02.0",
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "varnish cache",
            scope: "lt",
            trust: 1,
            vendor: "varnish cache",
            version: "2023-10-10",
         },
         {
            model: "single sign-on",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7.0",
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "windows 10 1607",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "10.0.14393.6351",
         },
         {
            model: "linkerd",
            scope: "eq",
            trust: 1,
            vendor: "linkerd",
            version: "2.14.1",
         },
         {
            model: "envoy",
            scope: "eq",
            trust: 1,
            vendor: "envoyproxy",
            version: "1.25.9",
         },
         {
            model: "jboss data grid",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7.0.0",
         },
         {
            model: "big-ip global traffic manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "12.0",
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "machine deletion remediation operator",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip application acceleration manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "big-ip websafe",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "visual studio 2022",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "17.4",
         },
         {
            model: "nginx plus",
            scope: "lt",
            trust: 1,
            vendor: "f5",
            version: "r29",
         },
         {
            model: "big-ip application acceleration manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "grpc",
            scope: "lt",
            trust: 1,
            vendor: "grpc",
            version: "1.56.3",
         },
         {
            model: "big-ip application security manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "openresty",
            scope: "lt",
            trust: 1,
            vendor: "openresty",
            version: "1.21.4.3",
         },
         {
            model: "nginx",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "1.9.5",
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "big-ip webaccelerator",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "nginx plus",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "r29",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "38",
         },
         {
            model: "big-ip webaccelerator",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "windows 10 21h2",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "10.0.19044.3570",
         },
         {
            model: "big-ip application security manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "istio",
            scope: "lt",
            trust: 1,
            vendor: "istio",
            version: "1.17.6",
         },
         {
            model: "advanced cluster security",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "3.0",
         },
         {
            model: "big-ip application security manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "big-ip domain name system",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "openstack platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "17.1",
         },
         {
            model: "windows server 2022",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: null,
         },
         {
            model: "big-ip analytics",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "big-ip webaccelerator",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "big-ip websafe",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "cbl-mariner",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "2023-10-11",
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "traefik",
            scope: "lt",
            trust: 1,
            vendor: "traefik",
            version: "2.10.5",
         },
         {
            model: "openshift data science",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip global traffic manager",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "node healthcheck operator",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "openshift gitops",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip access policy manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "data center network manager",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: null,
         },
         {
            model: "openshift container platform assisted installer",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "ultra cloud core - serving gateway function",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "2024.02.0",
         },
         {
            model: "jetty",
            scope: "lt",
            trust: 1,
            vendor: "eclipse",
            version: "12.0.2",
         },
         {
            model: "opensearch data prepper",
            scope: "lt",
            trust: 1,
            vendor: "amazon",
            version: "2.5.0",
         },
         {
            model: "prime network registrar",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "11.2",
         },
         {
            model: "nx-os",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "10.3\\(5\\)",
         },
         {
            model: "linkerd",
            scope: "eq",
            trust: 1,
            vendor: "linkerd",
            version: "2.13.1",
         },
         {
            model: "big-ip next service proxy for kubernetes",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "1.5.0",
         },
         {
            model: "openshift serverless",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "http2",
            scope: "lt",
            trust: 1,
            vendor: "golang",
            version: "0.17.0",
         },
         {
            model: "big-ip access policy manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "istio",
            scope: "gte",
            trust: 1,
            vendor: "istio",
            version: "1.18.0",
         },
         {
            model: "big-ip analytics",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "oncommand insight",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip link controller",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "big-ip local traffic manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "jboss fuse",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "6.0.0",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "10.0",
         },
         {
            model: "node.js",
            scope: "gte",
            trust: 1,
            vendor: "nodejs",
            version: "18.0.0",
         },
         {
            model: "traefik",
            scope: "eq",
            trust: 1,
            vendor: "traefik",
            version: "3.0.0",
         },
         {
            model: "big-ip fraud protection service",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "windows 10 22h2",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "10.0.19045.3570",
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "http server",
            scope: "lt",
            trust: 1,
            vendor: "akka",
            version: "10.5.3",
         },
         {
            model: "big-ip global traffic manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "ansible automation platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "2.0",
         },
         {
            model: "envoy",
            scope: "eq",
            trust: 1,
            vendor: "envoyproxy",
            version: "1.24.10",
         },
         {
            model: "http2",
            scope: "lt",
            trust: 1,
            vendor: "kazu yamamoto",
            version: "4.2.2",
         },
         {
            model: "big-ip access policy manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "cryostat",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "2.0",
         },
         {
            model: "openshift distributed tracing",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "unified contact center management portal",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: null,
         },
         {
            model: "big-ip fraud protection service",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "kong gateway",
            scope: "lt",
            trust: 1,
            vendor: "konghq",
            version: "3.4.2",
         },
         {
            model: "istio",
            scope: "gte",
            trust: 1,
            vendor: "istio",
            version: "1.19.0",
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "big-ip link controller",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "big-ip local traffic manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "tomcat",
            scope: "gte",
            trust: 1,
            vendor: "apache",
            version: "8.5.0",
         },
         {
            model: "support for spring boot",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "jboss fuse",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7.0.0",
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "windows server 2016",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: null,
         },
         {
            model: "big-ip access policy manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "big-ip websafe",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "grpc",
            scope: "gte",
            trust: 1,
            vendor: "grpc",
            version: "1.58.0",
         },
         {
            model: "build of quarkus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "logging subsystem for red hat openshift",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "jetty",
            scope: "lt",
            trust: 1,
            vendor: "eclipse",
            version: "11.0.17",
         },
         {
            model: "big-ip fraud protection service",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "cost management",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "traffic server",
            scope: "gte",
            trust: 1,
            vendor: "apache",
            version: "8.0.0",
         },
         {
            model: "service telemetry framework",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "1.5",
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "big-ip application security manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "visual studio 2022",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "17.6.8",
         },
         {
            model: "secure malware analytics",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "2.19.2",
         },
         {
            model: "quay",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "3.0.0",
         },
         {
            model: "linkerd",
            scope: "eq",
            trust: 1,
            vendor: "linkerd",
            version: "2.14.0",
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "windows 11 22h2",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "10.0.22621.2428",
         },
         {
            model: "big-ip application security manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "decision manager",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7.0",
         },
         {
            model: "grpc",
            scope: "lte",
            trust: 1,
            vendor: "grpc",
            version: "1.59.2",
         },
         {
            model: "nghttp2",
            scope: "lt",
            trust: 1,
            vendor: "nghttp2",
            version: "1.57.0",
         },
         {
            model: "openshift service mesh",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "2.0",
         },
         {
            model: "big-ip domain name system",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "grpc",
            scope: "lt",
            trust: 1,
            vendor: "grpc",
            version: "1.58.3",
         },
         {
            model: "openstack platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "16.2",
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "big-ip access policy manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "prime cable provisioning",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "7.2.1",
         },
         {
            model: "visual studio 2022",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "17.0",
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "tomcat",
            scope: "gte",
            trust: 1,
            vendor: "apache",
            version: "9.0.0",
         },
         {
            model: "openshift virtualization",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "4",
         },
         {
            model: "big-ip access policy manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "6.0",
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "openshift secondary scheduler operator",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "jboss enterprise application platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "6.0.0",
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "big-ip access policy manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "linkerd",
            scope: "gte",
            trust: 1,
            vendor: "linkerd",
            version: "2.12.0",
         },
         {
            model: "openshift api for data protection",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip global traffic manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "node.js",
            scope: "lt",
            trust: 1,
            vendor: "nodejs",
            version: "18.18.2",
         },
         {
            model: "jboss a-mq",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "37",
         },
         {
            model: "prime access registrar",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "9.3.3",
         },
         {
            model: "unified contact center enterprise - live data server",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "12.6.2",
         },
         {
            model: "networking",
            scope: "lt",
            trust: 1,
            vendor: "golang",
            version: "0.17.0",
         },
         {
            model: "armeria",
            scope: "lt",
            trust: 1,
            vendor: "linecorp",
            version: "1.26.0",
         },
         {
            model: "big-ip websafe",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "big-ip analytics",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "big-ip next",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "20.0.1",
         },
         {
            model: "ios xe",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "17.15.1",
         },
         {
            model: "nx-os",
            scope: "gte",
            trust: 1,
            vendor: "cisco",
            version: "10.3\\(1\\)",
         },
         {
            model: "openstack platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "16.1",
         },
         {
            model: "grpc",
            scope: "eq",
            trust: 1,
            vendor: "grpc",
            version: "1.57.0",
         },
         {
            model: "big-ip application acceleration manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "openshift dev spaces",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "jetty",
            scope: "gte",
            trust: 1,
            vendor: "eclipse",
            version: "12.0.0",
         },
         {
            model: "big-ip analytics",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "prime infrastructure",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "3.10.4",
         },
         {
            model: "h2o",
            scope: "lt",
            trust: 1,
            vendor: "dena",
            version: "2023-10-10",
         },
         {
            model: "nginx ingress controller",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "3.0.0",
         },
         {
            model: "openshift pipelines",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip webaccelerator",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip local traffic manager",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "jetty",
            scope: "gte",
            trust: 1,
            vendor: "eclipse",
            version: "10.0.0",
         },
         {
            model: "big-ip application security manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip fraud protection service",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "big-ip fraud protection service",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "jboss enterprise application platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7.0.0",
         },
         {
            model: "unified contact center enterprise",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: null,
         },
         {
            model: "big-ip domain name system",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "istio",
            scope: "lt",
            trust: 1,
            vendor: "istio",
            version: "1.18.3",
         },
         {
            model: "big-ip websafe",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "secure dynamic attributes connector",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "2.2.0",
         },
         {
            model: "big-ip websafe",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "ceph storage",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "5.0",
         },
         {
            model: "run once duration override operator",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip link controller",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "big-ip local traffic manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "integration camel k",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "visual studio 2022",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "17.7",
         },
         {
            model: "big-ip carrier-grade nat",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip analytics",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "envoy",
            scope: "eq",
            trust: 1,
            vendor: "envoyproxy",
            version: "1.27.0",
         },
         {
            model: "nginx ingress controller",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "2.4.2",
         },
         {
            model: "big-ip application acceleration manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "integration service registry",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "firepower threat defense",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "7.4.2",
         },
         {
            model: "big-ip analytics",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "node.js",
            scope: "gte",
            trust: 1,
            vendor: "nodejs",
            version: "20.0.0",
         },
         {
            model: "tomcat",
            scope: "lte",
            trust: 1,
            vendor: "apache",
            version: "9.0.80",
         },
         {
            model: "iot field network director",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "4.11.0",
         },
         {
            model: "big-ip link controller",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "asp.net core",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "6.0.0",
         },
         {
            model: "migration toolkit for virtualization",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip link controller",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "big-ip ssl orchestrator",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "big-ip fraud protection service",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: ".net",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "6.0.0",
         },
         {
            model: "jetty",
            scope: "gte",
            trust: 1,
            vendor: "eclipse",
            version: "11.0.0",
         },
         {
            model: "big-ip application acceleration manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "unified attendant console advanced",
            scope: "eq",
            trust: 1,
            vendor: "cisco",
            version: null,
         },
         {
            model: "big-ip advanced web application firewall",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "big-ip domain name system",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "14.1.5",
         },
         {
            model: "web terminal",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip domain name system",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "13.1.5",
         },
         {
            model: "traffic server",
            scope: "lt",
            trust: 1,
            vendor: "apache",
            version: "9.2.3",
         },
         {
            model: "windows server 2019",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: null,
         },
         {
            model: "linkerd",
            scope: "lte",
            trust: 1,
            vendor: "linkerd",
            version: "2.12.5",
         },
         {
            model: "jetty",
            scope: "lt",
            trust: 1,
            vendor: "eclipse",
            version: "10.0.17",
         },
         {
            model: "network observability operator",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "16.1.0",
         },
         {
            model: "visual studio 2022",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "17.4.12",
         },
         {
            model: "azure kubernetes service",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "2023-10-08",
         },
         {
            model: "openshift sandboxed containers",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.0",
         },
         {
            model: "big-ip domain name system",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "tomcat",
            scope: "lte",
            trust: 1,
            vendor: "apache",
            version: "10.1.13",
         },
         {
            model: "big-ip application visibility and reporting",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "big-ip application acceleration manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "14.1.0",
         },
         {
            model: "big-ip application security manager",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "17.1.0",
         },
         {
            model: "big-ip next service proxy for kubernetes",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "1.8.2",
         },
         {
            model: "asp.net core",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "7.0.0",
         },
         {
            model: "big-ip ddos hybrid defender",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "15.1.0",
         },
         {
            model: "nginx ingress controller",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "2.0.0",
         },
         {
            model: "asp.net core",
            scope: "lt",
            trust: 1,
            vendor: "microsoft",
            version: "6.0.23",
         },
         {
            model: "openshift developer tools and services",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "connected mobile experiences",
            scope: "lt",
            trust: 1,
            vendor: "cisco",
            version: "11.1",
         },
         {
            model: "nginx ingress controller",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "3.3.0",
         },
         {
            model: ".net",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "7.0.0",
         },
         {
            model: "contour",
            scope: "lt",
            trust: 1,
            vendor: "projectcontour",
            version: "2023-10-11",
         },
         {
            model: "big-ip policy enforcement manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "16.1.4",
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "gte",
            trust: 1,
            vendor: "f5",
            version: "13.1.0",
         },
         {
            model: "self node remediation operator",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "9.0",
         },
         {
            model: "nginx",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "1.25.2",
         },
         {
            model: "big-ip advanced firewall manager",
            scope: "lte",
            trust: 1,
            vendor: "f5",
            version: "15.1.10",
         },
         {
            model: "envoy",
            scope: "eq",
            trust: 1,
            vendor: "envoyproxy",
            version: "1.26.4",
         },
         {
            model: "netty",
            scope: "lt",
            trust: 1,
            vendor: "netty",
            version: "4.1.100",
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.57.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "4.1.100",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "12.0.2",
                        versionStartIncluding: "12.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "11.0.17",
                        versionStartIncluding: "11.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.17",
                        versionStartIncluding: "10.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "9.4.53",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.7.5",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.17.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.21.3",
                        versionStartIncluding: "1.21.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.20.10",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.17.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "13.1.5",
                        versionStartIncluding: "13.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "14.1.5",
                        versionStartIncluding: "14.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "15.1.10",
                        versionStartIncluding: "15.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "16.1.4",
                        versionStartIncluding: "16.1.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "r29",
                        versionStartIncluding: "r25",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "1.8.2",
                        versionStartIncluding: "1.5.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "1.25.2",
                        versionStartIncluding: "1.9.5",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "2.4.2",
                        versionStartIncluding: "2.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "3.3.0",
                        versionStartIncluding: "3.0.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "9.0.80",
                        versionStartIncluding: "9.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "8.5.93",
                        versionStartIncluding: "8.5.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "10.1.13",
                        versionStartIncluding: "10.1.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.28.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.58.3",
                        versionStartIncluding: "1.58.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.56.3",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*",
                        cpe_name: [],
                        versionEndIncluding: "1.59.2",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.19045.3570",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.17763.4974",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.22000.2538",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.22621.2428",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.14393.6351",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.14393.6351",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "7.0.12",
                        versionStartIncluding: "7.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.19044.3570",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "17.7.5",
                        versionStartIncluding: "17.7",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "17.6.8",
                        versionStartIncluding: "17.6",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "17.4.12",
                        versionStartIncluding: "17.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "17.2.20",
                        versionStartIncluding: "17.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "6.0.23",
                        versionStartIncluding: "6.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "7.0.12",
                        versionStartIncluding: "7.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "6.0.23",
                        versionStartIncluding: "6.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2023-10-08",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "18.18.2",
                        versionStartIncluding: "18.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "20.8.1",
                        versionStartIncluding: "20.0.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2023-10-11",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2023-10-10",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2023.10.16.00",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "9.2.3",
                        versionStartIncluding: "9.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "8.1.9",
                        versionStartIncluding: "8.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "3.6.1",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.5.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "4.2.2",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.19.1",
                        versionStartIncluding: "1.19.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.18.3",
                        versionStartIncluding: "1.18.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.17.6",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2023-10-10",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.10.5",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2023-10-11",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*",
                        cpe_name: [],
                        versionEndIncluding: "2.12.5",
                        versionStartIncluding: "2.12.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.26.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.5.3",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "3.4.2",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "2.427",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "2.414.2",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "9.4.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.21.4.3",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "3.10.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.19.2",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.2.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "7.4.2",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.22",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "17.15.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "11.2",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "7.2.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "9.3.3",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "4.11.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "7.11.2",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "6.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "4.1.3",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "x14.3.3",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "11.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "x14.3.3",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "12.6.2",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2024.02.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2024.02.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2024.01.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "15.1.0",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "10.2\\(7\\)",
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "10.3\\(5\\)",
                              versionStartIncluding: "10.3\\(1\\)",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "10.2\\(7\\)",
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "10.3\\(5\\)",
                              versionStartIncluding: "10.3\\(1\\)",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat",
      sources: [
         {
            db: "PACKETSTORM",
            id: "175239",
         },
         {
            db: "PACKETSTORM",
            id: "175234",
         },
         {
            db: "PACKETSTORM",
            id: "175230",
         },
         {
            db: "PACKETSTORM",
            id: "175126",
         },
         {
            db: "PACKETSTORM",
            id: "175160",
         },
         {
            db: "PACKETSTORM",
            id: "175376",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2023-44487",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 3.9,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2023-44487",
                  trust: 1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\n\n\n\nDescription:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. \n\n\n\n\nDescription:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. \n\n\n\n\nDescription:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. \n\n\n\n\nDescription:\n\nnghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. \n\nThe following data is constructed from data provided by Red Hat's json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis:           Important: dotnet6.0 security update\nAdvisory ID:        RHSA-2023:5710-01\nProduct:            Red Hat Enterprise Linux\nAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:5710\nIssue date:         2023-10-16\nRevision:           01\nCVE Names:          CVE-2023-44487\n====================================================================\n\nSummary: \n\nAn update for dotnet6.0 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\n\n. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n   libnghttp2-14                   1.55.1-1ubuntu0.2\n   nghttp2                         1.55.1-1ubuntu0.2\n   nghttp2-client                  1.55.1-1ubuntu0.2\n   nghttp2-proxy                   1.55.1-1ubuntu0.2\n   nghttp2-server                  1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n   libnghttp2-14                   1.43.0-1ubuntu0.2\n   nghttp2                         1.43.0-1ubuntu0.2\n   nghttp2-client                  1.43.0-1ubuntu0.2\n   nghttp2-proxy                   1.43.0-1ubuntu0.2\n   nghttp2-server                  1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n   libnghttp2-14                   1.40.0-1ubuntu0.3\n   nghttp2                         1.40.0-1ubuntu0.3\n   nghttp2-client                  1.40.0-1ubuntu0.3\n   nghttp2-proxy                   1.40.0-1ubuntu0.3\n   nghttp2-server                  1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.30.0-1ubuntu1+esm2\n   nghttp2                         1.30.0-1ubuntu1+esm2\n   nghttp2-client                  1.30.0-1ubuntu1+esm2\n   nghttp2-proxy                   1.30.0-1ubuntu1+esm2\n   nghttp2-server                  1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.7.1-1ubuntu0.1~esm2\n   nghttp2                         1.7.1-1ubuntu0.1~esm2\n   nghttp2-client                  1.7.1-1ubuntu0.1~esm2\n   nghttp2-proxy                   1.7.1-1ubuntu0.1~esm2\n   nghttp2-server                  1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5558-1                   security@debian.org\nhttps://www.debian.org/security/                          Markus Koschany\nNovember 18, 2023                     https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : netty\nCVE ID         : CVE-2023-34462 CVE-2023-44487\nDebian Bug     : 1038947 1054234\n\nTwo security vulnerabilities have been discovered in Netty, a Java NIO\nclient/server socket framework. \n\nCVE-2023-34462\n\n    It might be possible for a remote peer to send a client hello packet during\n    a TLS handshake which lead the server to buffer up to 16 MB of data per\n    connection. This could lead to a OutOfMemoryError and so result in a denial\n    of service. \n    This problem is also known as Rapid Reset Attack. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:4.1.48-4+deb11u2. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 1:4.1.48-7+deb12u1. \n\nWe recommend that you upgrade your netty packages. \n\nFor the detailed security status of netty please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/netty\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97\nUNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0\neamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH\n1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB\neAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g\nSUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza\nDa8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1\ng6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom\nrrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0\nP3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg\nO6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=\n=4ExT\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience",
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-44487",
         },
         {
            db: "PACKETSTORM",
            id: "175239",
         },
         {
            db: "PACKETSTORM",
            id: "175234",
         },
         {
            db: "PACKETSTORM",
            id: "175230",
         },
         {
            db: "PACKETSTORM",
            id: "175126",
         },
         {
            db: "PACKETSTORM",
            id: "175160",
         },
         {
            db: "PACKETSTORM",
            id: "178284",
         },
         {
            db: "PACKETSTORM",
            id: "175875",
         },
         {
            db: "PACKETSTORM",
            id: "175807",
         },
         {
            db: "PACKETSTORM",
            id: "175376",
         },
      ],
      trust: 1.71,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2023-44487",
            trust: 1.9,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2023/10/18/8",
            trust: 1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2023/10/10/6",
            trust: 1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2023/10/19/6",
            trust: 1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2023/10/18/4",
            trust: 1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2023/10/13/4",
            trust: 1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2023/10/13/9",
            trust: 1,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2023/10/20/8",
            trust: 1,
         },
         {
            db: "PACKETSTORM",
            id: "175239",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "175234",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "175230",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "175126",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "175160",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "178284",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "175875",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "175807",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "175376",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "PACKETSTORM",
            id: "175239",
         },
         {
            db: "PACKETSTORM",
            id: "175234",
         },
         {
            db: "PACKETSTORM",
            id: "175230",
         },
         {
            db: "PACKETSTORM",
            id: "175126",
         },
         {
            db: "PACKETSTORM",
            id: "175160",
         },
         {
            db: "PACKETSTORM",
            id: "178284",
         },
         {
            db: "PACKETSTORM",
            id: "175875",
         },
         {
            db: "PACKETSTORM",
            id: "175807",
         },
         {
            db: "PACKETSTORM",
            id: "175376",
         },
         {
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   id: "VAR-202310-0175",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.465728264,
   },
   last_update_date: "2024-07-23T21:36:24.758000Z",
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-400",
            trust: 1,
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1,
            url: "http://www.openwall.com/lists/oss-security/2023/10/13/4",
         },
         {
            trust: 1,
            url: "http://www.openwall.com/lists/oss-security/2023/10/13/9",
         },
         {
            trust: 1,
            url: "http://www.openwall.com/lists/oss-security/2023/10/18/4",
         },
         {
            trust: 1,
            url: "http://www.openwall.com/lists/oss-security/2023/10/18/8",
         },
         {
            trust: 1,
            url: "http://www.openwall.com/lists/oss-security/2023/10/19/6",
         },
         {
            trust: 1,
            url: "http://www.openwall.com/lists/oss-security/2023/10/20/8",
         },
         {
            trust: 1,
            url: "https://access.redhat.com/security/cve/cve-2023-44487",
         },
         {
            trust: 1,
            url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/",
         },
         {
            trust: 1,
            url: "https://aws.amazon.com/security/security-bulletins/aws-2023-011/",
         },
         {
            trust: 1,
            url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/",
         },
         {
            trust: 1,
            url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
         },
         {
            trust: 1,
            url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/",
         },
         {
            trust: 1,
            url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
         },
         {
            trust: 1,
            url: "https://blog.vespa.ai/cve-2023-44487/",
         },
         {
            trust: 1,
            url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
         },
         {
            trust: 1,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803",
         },
         {
            trust: 1,
            url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123",
         },
         {
            trust: 1,
            url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9",
         },
         {
            trust: 1,
            url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/",
         },
         {
            trust: 1,
            url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack",
         },
         {
            trust: 1,
            url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125",
         },
         {
            trust: 1,
            url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
         },
         {
            trust: 1,
            url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
         },
         {
            trust: 1,
            url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764",
         },
         {
            trust: 1,
            url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088",
         },
         {
            trust: 1,
            url: "https://github.com/azure/aks/issues/3947",
         },
         {
            trust: 1,
            url: "https://github.com/kong/kong/discussions/11741",
         },
         {
            trust: 1,
            url: "https://github.com/advisories/ghsa-qppj-fm5r-hxr3",
         },
         {
            trust: 1,
            url: "https://github.com/advisories/ghsa-vx74-f528-fxqg",
         },
         {
            trust: 1,
            url: "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p",
         },
         {
            trust: 1,
            url: "https://github.com/akka/akka-http/issues/4323",
         },
         {
            trust: 1,
            url: "https://github.com/alibaba/tengine/issues/1872",
         },
         {
            trust: 1,
            url: "https://github.com/apache/apisix/issues/10320",
         },
         {
            trust: 1,
            url: "https://github.com/apache/httpd-site/pull/10",
         },
         {
            trust: 1,
            url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113",
         },
         {
            trust: 1,
            url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2",
         },
         {
            trust: 1,
            url: "https://github.com/apache/trafficserver/pull/10564",
         },
         {
            trust: 1,
            url: "https://github.com/arkrwn/poc/tree/main/cve-2023-44487",
         },
         {
            trust: 1,
            url: "https://github.com/bcdannyboy/cve-2023-44487",
         },
         {
            trust: 1,
            url: "https://github.com/caddyserver/caddy/issues/5877",
         },
         {
            trust: 1,
            url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5",
         },
         {
            trust: 1,
            url: "https://github.com/dotnet/announcements/issues/277",
         },
         {
            trust: 1,
            url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73",
         },
         {
            trust: 1,
            url: "https://github.com/eclipse/jetty.project/issues/10679",
         },
         {
            trust: 1,
            url: "https://github.com/envoyproxy/envoy/pull/30055",
         },
         {
            trust: 1,
            url: "https://github.com/etcd-io/etcd/issues/16740",
         },
         {
            trust: 1,
            url: "https://github.com/facebook/proxygen/pull/466",
         },
         {
            trust: 1,
            url: "https://github.com/golang/go/issues/63417",
         },
         {
            trust: 1,
            url: "https://github.com/grpc/grpc-go/pull/6703",
         },
         {
            trust: 1,
            url: "https://github.com/h2o/h2o/pull/3291",
         },
         {
            trust: 1,
            url: "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf",
         },
         {
            trust: 1,
            url: "https://github.com/haproxy/haproxy/issues/2312",
         },
         {
            trust: 1,
            url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244",
         },
         {
            trust: 1,
            url: "https://github.com/junkurihara/rust-rpxy/issues/97",
         },
         {
            trust: 1,
            url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1",
         },
         {
            trust: 1,
            url: "https://github.com/kazu-yamamoto/http2/issues/93",
         },
         {
            trust: 1,
            url: "https://github.com/kubernetes/kubernetes/pull/121120",
         },
         {
            trust: 1,
            url: "https://github.com/line/armeria/pull/5232",
         },
         {
            trust: 1,
            url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632",
         },
         {
            trust: 1,
            url: "https://github.com/micrictor/http2-rst-stream",
         },
         {
            trust: 1,
            url: "https://github.com/microsoft/cbl-mariner/pull/6381",
         },
         {
            trust: 1,
            url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61",
         },
         {
            trust: 1,
            url: "https://github.com/nghttp2/nghttp2/pull/1961",
         },
         {
            trust: 1,
            url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0",
         },
         {
            trust: 1,
            url: "https://github.com/ninenines/cowboy/issues/1615",
         },
         {
            trust: 1,
            url: "https://github.com/nodejs/node/pull/50121",
         },
         {
            trust: 1,
            url: "https://github.com/openresty/openresty/issues/930",
         },
         {
            trust: 1,
            url: "https://github.com/opensearch-project/data-prepper/issues/3474",
         },
         {
            trust: 1,
            url: "https://github.com/oqtane/oqtane.framework/discussions/3367",
         },
         {
            trust: 1,
            url: "https://github.com/projectcontour/contour/pull/5826",
         },
         {
            trust: 1,
            url: "https://github.com/tempesta-tech/tempesta/issues/1986",
         },
         {
            trust: 1,
            url: "https://github.com/varnishcache/varnish-cache/issues/3996",
         },
         {
            trust: 1,
            url: "https://groups.google.com/g/golang-announce/c/innxdtcjzvo",
         },
         {
            trust: 1,
            url: "https://istio.io/latest/news/security/istio-security-2023-004/",
         },
         {
            trust: 1,
            url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/",
         },
         {
            trust: 1,
            url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
         },
         {
            trust: 1,
            url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html",
         },
         {
            trust: 1,
            url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
         },
         {
            trust: 1,
            url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html",
         },
         {
            trust: 1,
            url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html",
         },
         {
            trust: 1,
            url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html",
         },
         {
            trust: 1,
            url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html",
         },
         {
            trust: 1,
            url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/",
         },
         {
            trust: 1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/",
         },
         {
            trust: 1,
            url: "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html",
         },
         {
            trust: 1,
            url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html",
         },
         {
            trust: 1,
            url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html",
         },
         {
            trust: 1,
            url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/",
         },
         {
            trust: 1,
            url: "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487",
         },
         {
            trust: 1,
            url: "https://my.f5.com/manage/s/article/k000137106",
         },
         {
            trust: 1,
            url: "https://netty.io/news/2023/10/10/4-1-100-final.html",
         },
         {
            trust: 1,
            url: "https://news.ycombinator.com/item?id=37830987",
         },
         {
            trust: 1,
            url: "https://news.ycombinator.com/item?id=37830998",
         },
         {
            trust: 1,
            url: "https://news.ycombinator.com/item?id=37831062",
         },
         {
            trust: 1,
            url: "https://news.ycombinator.com/item?id=37837043",
         },
         {
            trust: 1,
            url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
         },
         {
            trust: 1,
            url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
         },
         {
            trust: 1,
            url: "https://security.gentoo.org/glsa/202311-09",
         },
         {
            trust: 1,
            url: "https://security.netapp.com/advisory/ntap-20231016-0001/",
         },
         {
            trust: 1,
            url: "https://security.netapp.com/advisory/ntap-20240426-0007/",
         },
         {
            trust: 1,
            url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
         },
         {
            trust: 1,
            url: "https://security.netapp.com/advisory/ntap-20240621-0007/",
         },
         {
            trust: 1,
            url: "https://security.paloaltonetworks.com/cve-2023-44487",
         },
         {
            trust: 1,
            url: "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14",
         },
         {
            trust: 1,
            url: "https://ubuntu.com/security/cve-2023-44487",
         },
         {
            trust: 1,
            url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
         },
         {
            trust: 1,
            url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
         },
         {
            trust: 1,
            url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event",
         },
         {
            trust: 1,
            url: "https://www.debian.org/security/2023/dsa-5521",
         },
         {
            trust: 1,
            url: "https://www.debian.org/security/2023/dsa-5522",
         },
         {
            trust: 1,
            url: "https://www.debian.org/security/2023/dsa-5540",
         },
         {
            trust: 1,
            url: "https://www.debian.org/security/2023/dsa-5549",
         },
         {
            trust: 1,
            url: "https://www.debian.org/security/2023/dsa-5558",
         },
         {
            trust: 1,
            url: "https://www.debian.org/security/2023/dsa-5570",
         },
         {
            trust: 1,
            url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
         },
         {
            trust: 1,
            url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/",
         },
         {
            trust: 1,
            url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
         },
         {
            trust: 1,
            url: "https://www.openwall.com/lists/oss-security/2023/10/10/6",
         },
         {
            trust: 1,
            url: "https://www.phoronix.com/news/http2-rapid-reset-attack",
         },
         {
            trust: 1,
            url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/",
         },
         {
            trust: 0.9,
            url: "https://nvd.nist.gov/vuln/detail/cve-2023-44487",
         },
         {
            trust: 0.6,
            url: "https://access.redhat.com/security/updates/classification/#important",
         },
         {
            trust: 0.5,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.5,
            url: "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5945.json",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.10.4",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/errata/rhsa-2023:5945",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5928.json",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/errata/rhsa-2023:5928",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=appplatform&version=7.4",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5922.json",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/errata/rhsa-2023:5922",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/errata/rhsa-2023:5766",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5766.json",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/errata/rhsa-2023:5710",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3",
         },
         {
            trust: 0.1,
            url: "https://ubuntu.com/security/notices/usn-6754-1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-9513",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-9511",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2024-28182",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.1",
         },
         {
            trust: 0.1,
            url: "https://ubuntu.com/security/notices/usn-6505-1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/nghttp2/1.52.0-1ubuntu0.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.1",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2023-34462",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/netty",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6105.json",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/errata/rhsa-2023:6105",
         },
      ],
      sources: [
         {
            db: "PACKETSTORM",
            id: "175239",
         },
         {
            db: "PACKETSTORM",
            id: "175234",
         },
         {
            db: "PACKETSTORM",
            id: "175230",
         },
         {
            db: "PACKETSTORM",
            id: "175126",
         },
         {
            db: "PACKETSTORM",
            id: "175160",
         },
         {
            db: "PACKETSTORM",
            id: "178284",
         },
         {
            db: "PACKETSTORM",
            id: "175875",
         },
         {
            db: "PACKETSTORM",
            id: "175807",
         },
         {
            db: "PACKETSTORM",
            id: "175376",
         },
         {
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "PACKETSTORM",
            id: "175239",
         },
         {
            db: "PACKETSTORM",
            id: "175234",
         },
         {
            db: "PACKETSTORM",
            id: "175230",
         },
         {
            db: "PACKETSTORM",
            id: "175126",
         },
         {
            db: "PACKETSTORM",
            id: "175160",
         },
         {
            db: "PACKETSTORM",
            id: "178284",
         },
         {
            db: "PACKETSTORM",
            id: "175875",
         },
         {
            db: "PACKETSTORM",
            id: "175807",
         },
         {
            db: "PACKETSTORM",
            id: "175376",
         },
         {
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-10-20T14:34:30",
            db: "PACKETSTORM",
            id: "175239",
         },
         {
            date: "2023-10-20T14:33:16",
            db: "PACKETSTORM",
            id: "175234",
         },
         {
            date: "2023-10-20T14:32:33",
            db: "PACKETSTORM",
            id: "175230",
         },
         {
            date: "2023-10-17T15:39:55",
            db: "PACKETSTORM",
            id: "175126",
         },
         {
            date: "2023-10-18T16:23:08",
            db: "PACKETSTORM",
            id: "175160",
         },
         {
            date: "2024-04-26T15:13:40",
            db: "PACKETSTORM",
            id: "178284",
         },
         {
            date: "2023-11-22T16:28:02",
            db: "PACKETSTORM",
            id: "175875",
         },
         {
            date: "2023-11-20T16:25:51",
            db: "PACKETSTORM",
            id: "175807",
         },
         {
            date: "2023-10-27T12:55:12",
            db: "PACKETSTORM",
            id: "175376",
         },
         {
            date: "2023-10-10T14:15:10.883000",
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2024-06-27T18:34:22.110000",
            db: "NVD",
            id: "CVE-2023-44487",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "178284",
         },
         {
            db: "PACKETSTORM",
            id: "175875",
         },
      ],
      trust: 0.2,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat Security Advisory 2023-5945-01",
      sources: [
         {
            db: "PACKETSTORM",
            id: "175239",
         },
      ],
      trust: 0.1,
   },
}

var-201606-0115
Vulnerability from variot

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party access_token Through Web Browser localStorage of API Credentials may be accessed. Red Hat OpenShift is a platform-as-a-service (PaaS) cloud computing platform that builds, tests, deploys, and runs applications. OpenShift Enterprise is an open source private cloud version. Red Hat OpenShift Enterprise is prone to a security-bypass vulnerability. Successful exploits may allow an attackers to bypass certain intended security restrictions and perform unauthorized actions, which may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat OpenShift Enterprise 3.2 security update Advisory ID: RHSA-2016:1094-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1094 Issue date: 2016-05-19 CVE Names: CVE-2016-3703 CVE-2016-3708 CVE-2016-3738 =====================================================================

  1. In addition, all images have been rebuilt on the new RHEL 7.2.4 base image.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Security Fix(es):

  • A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges. (CVE-2016-3703)

  • A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it.

This update includes the following images:

openshift3/ose:v3.2.0.44-2 openshift3/ose-deployer:v3.2.0.44-2 openshift3/ose-docker-builder:v3.2.0.44-2 openshift3/ose-docker-registry:v3.2.0.44-2 openshift3/ose-f5-router:v3.2.0.44-2 openshift3/ose-haproxy-router:v3.2.0.44-2 openshift3/ose-keepalived-ipfailover:v3.2.0.44-2 openshift3/ose-pod:v3.2.0.44-2 openshift3/ose-recycler:v3.2.0.44-2 openshift3/ose-sti-builder:v3.2.0.44-2 openshift3/jenkins-1-rhel7:1.642-32 openshift3/logging-auth-proxy:3.2.0-4 openshift3/logging-deployment:3.2.0-9 openshift3/logging-elasticsearch:3.2.0-8 openshift3/logging-fluentd:3.2.0-8 openshift3/logging-kibana:3.2.0-4 openshift3/metrics-deployer:3.2.0-6 openshift3/metrics-heapster:3.2.0-6 openshift3/mongodb-24-rhel7:2.4-28 openshift3/mysql-55-rhel7:5.5-26 openshift3/nodejs-010-rhel7:0.10-35 openshift3/node:v3.2.0.44-2 openshift3/openvswitch:v3.2.0.44-2 openshift3/perl-516-rhel7:5.16-38 openshift3/php-55-rhel7:5.5-35 openshift3/postgresql-92-rhel7:9.2-25 openshift3/python-33-rhel7:3.3-35 openshift3/ruby-20-rhel7:2.0-35

aep3_beta/aep:v3.2.0.44-2 aep3_beta/aep-deployer:v3.2.0.44-2 aep3_beta/aep-docker-registry:v3.2.0.44-2 aep3_beta/aep-f5-router:v3.2.0.44-2 aep3_beta/aep-haproxy-router:v3.2.0.44-2 aep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2 aep3_beta/aep-pod:v3.2.0.44-2 aep3_beta/aep-recycler:v3.2.0.44-2 aep3_beta/logging-auth-proxy:3.2.0-4 aep3_beta/logging-deployment:3.2.0-9 aep3_beta/logging-elasticsearch:3.2.0-8 aep3_beta/logging-fluentd:3.2.0-8 aep3_beta/logging-kibana:3.2.0-4 aep3_beta/metrics-deployer:3.2.0-6 aep3_beta/metrics-heapster:3.2.0-6 aep3_beta/node:v3.2.0.44-2 aep3_beta/openvswitch:v3.2.0.44-2

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1306011 - Deployer pods incorrectly using the host entry from openshiftLoopbackKubeconfig 1318974 - Creating pods on OSE with awsElasticBlockStore only assigns devices /dev/xvdb - /dev/xvdp to openshift node 1324996 - JSON message fields are getting overwritten 1329044 - console.dev-preview-int.openshift.com setting of memory limit confusing 1330233 - CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain 1330364 - Should update the role name in the prompt on the web console 1331229 - CVE-2016-3708 OpenShiftEnterprise 3: s2i builds implicitly perform docker builds 1333168 - Node.js images crash with DEV_MODE=true 1333461 - CVE-2016-3738 origin: pod update allows docker socket access via build-pod

  1. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  2. References:

https://access.redhat.com/security/cve/CVE-2016-3703 https://access.redhat.com/security/cve/CVE-2016-3708 https://access.redhat.com/security/cve/CVE-2016-3738 https://access.redhat.com/security/updates/classification/#important

  1. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXPkiKXlSAg2UNWIIRAsa4AKDBVV9n5rX0BrQhspq/Kd1wNoTr8wCguVmp 9WTmxUn/XuRDJFzqxtZpCVI= =n+fK -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0115",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "openshift",
            scope: "eq",
            trust: 1.6,
            vendor: "redhat",
            version: "3.2",
         },
         {
            model: "openshift",
            scope: "eq",
            trust: 1.6,
            vendor: "redhat",
            version: "3.1",
         },
         {
            model: "openshift",
            scope: "eq",
            trust: 0.8,
            vendor: "red hat",
            version: "enterprise 3.1",
         },
         {
            model: "openshift",
            scope: "eq",
            trust: 0.8,
            vendor: "red hat",
            version: "enterprise 3.2",
         },
         {
            model: "hat openshift enterprise x86 64",
            scope: "eq",
            trust: 0.6,
            vendor: "red",
            version: "3.2",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            db: "NVD",
            id: "CVE-2016-3703",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2016-3703",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Jordan Liggitt (Red Hat)",
      sources: [
         {
            db: "BID",
            id: "90817",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2016-3703",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 3.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 6.8,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "LOW",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "Single",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 3.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2016-3703",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Low",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2016-03447",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.6,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5.3,
                  baseSeverity: "Medium",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2016-3703",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "Low",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2016-3703",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2016-03447",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201605-556",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            db: "NVD",
            id: "CVE-2016-3703",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party access_token Through Web Browser localStorage of API Credentials may be accessed. Red Hat OpenShift is a platform-as-a-service (PaaS) cloud computing platform that builds, tests, deploys, and runs applications. OpenShift Enterprise is an open source private cloud version. Red Hat OpenShift Enterprise is prone to a security-bypass vulnerability. \nSuccessful exploits may allow an attackers to bypass certain  intended security restrictions and perform unauthorized actions, which may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat OpenShift Enterprise 3.2 security update\nAdvisory ID:       RHSA-2016:1094-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2016:1094\nIssue date:        2016-05-19\nCVE Names:         CVE-2016-3703 CVE-2016-3708 CVE-2016-3738 \n=====================================================================\n\n1. In addition, all images have been rebuilt\non the new RHEL 7.2.4 base image. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. \n\nSecurity Fix(es):\n\n* A vulnerability was found in the STI build process in OpenShift\nEnterprise. Access to STI builds was not properly restricted, allowing an\nattacker to use STI builds to access the Docker socket and escalate their\nprivileges. (CVE-2016-3703)\n\n* A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled\nand a build is run within a namespace that would normally be isolated from\npods in other namespaces. If an s2i build is run in such an environment the\ncontainer being built can access network resources on pods that should not\nbe available to it. \n\nThis update includes the following images:\n\nopenshift3/ose:v3.2.0.44-2\nopenshift3/ose-deployer:v3.2.0.44-2\nopenshift3/ose-docker-builder:v3.2.0.44-2\nopenshift3/ose-docker-registry:v3.2.0.44-2\nopenshift3/ose-f5-router:v3.2.0.44-2\nopenshift3/ose-haproxy-router:v3.2.0.44-2\nopenshift3/ose-keepalived-ipfailover:v3.2.0.44-2\nopenshift3/ose-pod:v3.2.0.44-2\nopenshift3/ose-recycler:v3.2.0.44-2\nopenshift3/ose-sti-builder:v3.2.0.44-2\nopenshift3/jenkins-1-rhel7:1.642-32\nopenshift3/logging-auth-proxy:3.2.0-4\nopenshift3/logging-deployment:3.2.0-9\nopenshift3/logging-elasticsearch:3.2.0-8\nopenshift3/logging-fluentd:3.2.0-8\nopenshift3/logging-kibana:3.2.0-4\nopenshift3/metrics-deployer:3.2.0-6\nopenshift3/metrics-heapster:3.2.0-6\nopenshift3/mongodb-24-rhel7:2.4-28\nopenshift3/mysql-55-rhel7:5.5-26\nopenshift3/nodejs-010-rhel7:0.10-35\nopenshift3/node:v3.2.0.44-2\nopenshift3/openvswitch:v3.2.0.44-2\nopenshift3/perl-516-rhel7:5.16-38\nopenshift3/php-55-rhel7:5.5-35\nopenshift3/postgresql-92-rhel7:9.2-25\nopenshift3/python-33-rhel7:3.3-35\nopenshift3/ruby-20-rhel7:2.0-35\n\naep3_beta/aep:v3.2.0.44-2\naep3_beta/aep-deployer:v3.2.0.44-2\naep3_beta/aep-docker-registry:v3.2.0.44-2\naep3_beta/aep-f5-router:v3.2.0.44-2\naep3_beta/aep-haproxy-router:v3.2.0.44-2\naep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2\naep3_beta/aep-pod:v3.2.0.44-2\naep3_beta/aep-recycler:v3.2.0.44-2\naep3_beta/logging-auth-proxy:3.2.0-4\naep3_beta/logging-deployment:3.2.0-9\naep3_beta/logging-elasticsearch:3.2.0-8\naep3_beta/logging-fluentd:3.2.0-8\naep3_beta/logging-kibana:3.2.0-4\naep3_beta/metrics-deployer:3.2.0-6\naep3_beta/metrics-heapster:3.2.0-6\naep3_beta/node:v3.2.0.44-2\naep3_beta/openvswitch:v3.2.0.44-2\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306011 - Deployer pods incorrectly using the host entry from openshiftLoopbackKubeconfig\n1318974 - Creating pods on OSE with awsElasticBlockStore only assigns devices /dev/xvdb - /dev/xvdp to openshift node\n1324996 - JSON message fields are getting overwritten\n1329044 - console.dev-preview-int.openshift.com setting of memory limit confusing\n1330233 - CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain\n1330364 - Should update the role name in  the prompt on the web console\n1331229 - CVE-2016-3708 OpenShiftEnterprise 3: s2i builds implicitly perform docker builds\n1333168 - Node.js images crash with DEV_MODE=true\n1333461 - CVE-2016-3738 origin: pod update allows docker socket access via build-pod\n\n6.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-3703\nhttps://access.redhat.com/security/cve/CVE-2016-3708\nhttps://access.redhat.com/security/cve/CVE-2016-3738\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXPkiKXlSAg2UNWIIRAsa4AKDBVV9n5rX0BrQhspq/Kd1wNoTr8wCguVmp\n9WTmxUn/XuRDJFzqxtZpCVI=\n=n+fK\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2016-3703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            db: "BID",
            id: "90817",
         },
         {
            db: "PACKETSTORM",
            id: "137133",
         },
         {
            db: "PACKETSTORM",
            id: "137134",
         },
      ],
      trust: 2.61,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2016-3703",
            trust: 3.5,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
            trust: 0.6,
         },
         {
            db: "BID",
            id: "90817",
            trust: 0.3,
         },
         {
            db: "PACKETSTORM",
            id: "137133",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "137134",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            db: "BID",
            id: "90817",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            db: "PACKETSTORM",
            id: "137133",
         },
         {
            db: "PACKETSTORM",
            id: "137134",
         },
         {
            db: "NVD",
            id: "CVE-2016-3703",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
   },
   id: "VAR-201606-0115",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
      ],
      trust: 0.06,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
      ],
   },
   last_update_date: "2023-12-18T12:30:01.414000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "RHSA-2016:1094",
            trust: 0.8,
            url: "https://access.redhat.com/errata/rhsa-2016:1094",
         },
         {
            title: "RHSA-2016:1095",
            trust: 0.8,
            url: "https://access.redhat.com/errata/rhsa-2016:1095",
         },
         {
            title: "Patch for Red Hat OpenShift Enterprise certificate acquisition vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/76307",
         },
         {
            title: "Red Hat OpenShift Enterprise Security vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61870",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-284",
            trust: 1,
         },
         {
            problemtype: "CWE-Other",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            db: "NVD",
            id: "CVE-2016-3703",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "https://access.redhat.com/errata/rhsa-2016:1095",
         },
         {
            trust: 1.7,
            url: "https://access.redhat.com/errata/rhsa-2016:1094",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3703",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3703",
         },
         {
            trust: 0.8,
            url: "https://access.redhat.com/security/cve/cve-2016-3703",
         },
         {
            trust: 0.6,
            url: "https://access.redhat.com/errata/rhsa-2016",
         },
         {
            trust: 0.6,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1330233",
         },
         {
            trust: 0.2,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2016-3703",
         },
         {
            trust: 0.2,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.2,
            url: "https://access.redhat.com/security/team/key/",
         },
         {
            trust: 0.2,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.2,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2016-3708",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2016-3708",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2016-3738",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2016-3738",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/updates/classification/#important",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            db: "PACKETSTORM",
            id: "137133",
         },
         {
            db: "PACKETSTORM",
            id: "137134",
         },
         {
            db: "NVD",
            id: "CVE-2016-3703",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            db: "BID",
            id: "90817",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            db: "PACKETSTORM",
            id: "137133",
         },
         {
            db: "PACKETSTORM",
            id: "137134",
         },
         {
            db: "NVD",
            id: "CVE-2016-3703",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2016-05-24T00:00:00",
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            date: "2016-05-19T00:00:00",
            db: "BID",
            id: "90817",
         },
         {
            date: "2016-06-10T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            date: "2016-05-20T22:49:22",
            db: "PACKETSTORM",
            id: "137133",
         },
         {
            date: "2016-05-20T22:49:30",
            db: "PACKETSTORM",
            id: "137134",
         },
         {
            date: "2016-06-08T17:59:04.703000",
            db: "NVD",
            id: "CVE-2016-3703",
         },
         {
            date: "2016-05-20T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2016-05-24T00:00:00",
            db: "CNVD",
            id: "CNVD-2016-03447",
         },
         {
            date: "2016-05-19T00:00:00",
            db: "BID",
            id: "90817",
         },
         {
            date: "2016-06-10T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
         {
            date: "2023-02-12T23:18:27.953000",
            db: "NVD",
            id: "CVE-2016-3703",
         },
         {
            date: "2023-04-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat OpenShift Enterprise In  Web Browser  localStorage of  API Credential access vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2016-003070",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "access control error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201605-556",
         },
      ],
      trust: 0.6,
   },
}

var-201909-0069
Vulnerability from variot

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. F5 Container Ingress Services is a product of the US company F5 that provides application services for container deployment. This product mainly provides functions such as Ingress control HTTP routing, load balancing and application delivery. An attacker could exploit this vulnerability to retrieve this information

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0069",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "openshift",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: null,
         },
         {
            model: "container ingress service",
            scope: "eq",
            trust: 1,
            vendor: "f5",
            version: "1.9.0",
         },
         {
            model: "container ingress services",
            scope: "eq",
            trust: 0.8,
            vendor: "f5",
            version: "1.9.0",
         },
         {
            model: "openshift",
            scope: null,
            trust: 0.8,
            vendor: "red hat",
            version: null,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            db: "NVD",
            id: "CVE-2019-6648",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:f5:container_ingress_service:1.9.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-6648",
         },
      ],
   },
   cve: "CVE-2019-6648",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 1.9,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 3.4,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "LOW",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Local",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 1.9,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2019-6648",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Low",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 1.9,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 3.4,
                  id: "VHN-158083",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "LOW",
                  trust: 0.1,
                  vectorString: "AV:L/AC:M/AU:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 0.8,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.4,
                  baseSeverity: "Medium",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2019-6648",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "High",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2019-6648",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201908-668",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-158083",
                  trust: 0.1,
                  value: "LOW",
               },
               {
                  author: "VULMON",
                  id: "CVE-2019-6648",
                  trust: 0.1,
                  value: "LOW",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-158083",
         },
         {
            db: "VULMON",
            id: "CVE-2019-6648",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            db: "NVD",
            id: "CVE-2019-6648",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. F5 Container Ingress Services is a product of the US company F5 that provides application services for container deployment. This product mainly provides functions such as Ingress control HTTP routing, load balancing and application delivery. An attacker could exploit this vulnerability to retrieve this information",
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-6648",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            db: "VULHUB",
            id: "VHN-158083",
         },
         {
            db: "VULMON",
            id: "CVE-2019-6648",
         },
      ],
      trust: 1.8,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2019-6648",
            trust: 2.6,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201908-668",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.3055",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-158083",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2019-6648",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-158083",
         },
         {
            db: "VULMON",
            id: "CVE-2019-6648",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            db: "NVD",
            id: "CVE-2019-6648",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
   },
   id: "VAR-201909-0069",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-158083",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T13:23:36.729000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Red Hat OpenShift",
            trust: 0.8,
            url: "https://www.redhat.com/ja/technologies/cloud-computing/openshift",
         },
         {
            title: "K74327432",
            trust: 0.8,
            url: "https://support.f5.com/csp/article/k74327432",
         },
         {
            title: "F5 Container Ingress Services Security vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96365",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2019-6648 ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6648",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-532",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-158083",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            db: "NVD",
            id: "CVE-2019-6648",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://support.f5.com/csp/article/k74327432",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6648",
         },
         {
            trust: 1,
            url: "https://support.f5.com/csp/article/k74327432?utm_source=f5support&amp%3butm_medium=rss",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6648",
         },
         {
            trust: 0.7,
            url: "https://support.f5.com/csp/article/k74327432?utm_source=f5support&utm_medium=rss",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.3055/",
         },
         {
            trust: 0.1,
            url: "https://support.f5.com/csp/article/k74327432?utm_source=f5support&amp;amp;utm_medium=rss",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/532.html",
         },
         {
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2019-6648",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-158083",
         },
         {
            db: "VULMON",
            id: "CVE-2019-6648",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            db: "NVD",
            id: "CVE-2019-6648",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-158083",
         },
         {
            db: "VULMON",
            id: "CVE-2019-6648",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            db: "NVD",
            id: "CVE-2019-6648",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-09-04T00:00:00",
            db: "VULHUB",
            id: "VHN-158083",
         },
         {
            date: "2019-09-04T00:00:00",
            db: "VULMON",
            id: "CVE-2019-6648",
         },
         {
            date: "2019-09-06T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            date: "2019-09-04T16:15:11.060000",
            db: "NVD",
            id: "CVE-2019-6648",
         },
         {
            date: "2019-08-12T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-02-03T00:00:00",
            db: "VULHUB",
            id: "VHN-158083",
         },
         {
            date: "2023-02-03T00:00:00",
            db: "VULMON",
            id: "CVE-2019-6648",
         },
         {
            date: "2019-09-06T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
         {
            date: "2023-11-07T03:13:13.693000",
            db: "NVD",
            id: "CVE-2019-6648",
         },
         {
            date: "2019-10-17T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "F5 Container Ingress Service and  Red Hat OpenShift Vulnerable to information disclosure from log files",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-008869",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "log information leak",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201908-668",
         },
      ],
      trust: 0.6,
   },
}