github - ghsa-x59m-44wq-64w5

ghsa-x59m-44wq-64w5

Vulnerability from github

Published

2023-12-05 18:30

Modified

2023-12-12 18:31

Severity ?

3.2 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

Details

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.

This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-45085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-05T17:15:08Z",
    "severity": "LOW"
  },
  "details": "An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.\u00a0 In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.\n\nThis issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.\n\n",
  "id": "GHSA-x59m-44wq-64w5",
  "modified": "2023-12-12T18:31:30Z",
  "published": "2023-12-05T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45085"
    },
    {
      "type": "WEB",
      "url": "https://advisories.softiron.cloud"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-45085

Vulnerability from cvelistv5

Published

2023-12-05 16:15

Modified

2024-08-02 20:14

Severity ?

3.2 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

Summary

References

▼	URL	Tags
	https://advisories.softiron.cloud

Impacted products

Vendor

Product

Version

▼

SoftIron

HyperCloud

Version: 2.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:19.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://advisories.softiron.cloud"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HyperCloud",
          "vendor": "SoftIron",
          "versions": [
            {
              "lessThan": "2.0.3",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eAn issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.\u0026nbsp; In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.\u00a0 In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.\n\nThis issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.\n\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Availability of recently deployed instances"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1419",
              "description": "CWE-1419: Incorrect Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-05T18:16:33.397Z",
        "orgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
        "shortName": "SoftIron"
      },
      "references": [
        {
          "url": "https://advisories.softiron.cloud"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "When compute hosts are disabled and reenabled, they immediately transition to \"ON\", not \"INIT\"",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
    "assignerShortName": "SoftIron",
    "cveId": "CVE-2023-45085",
    "datePublished": "2023-12-05T16:15:45.986Z",
    "dateReserved": "2023-10-03T19:37:55.180Z",
    "dateUpdated": "2024-08-02T20:14:19.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted