github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Publish Advisories 

GHSA-5fq8-3q2f-4m5g
GHSA-gg57-587f-h5v6
GHSA-gg57-587f-h5v6
This commit is contained in:
advisory-database[bot] 2024-09-16 22:01:32 +00:00
Родитель 1b96334eaf
Коммит d8f611f5f6
3 изменённых файлов: 396 добавлений и 52 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

16
advisories/github-reviewed/2020/01/GHSA-5fq8-3q2f-4m5g/GHSA-5fq8-3q2f-4m5g.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5fq8-3q2f-4m5g",
"modified": "2021-01-08T20:33:14Z",
"modified": "2024-09-16T21:59:21Z",
"published": "2020-01-24T19:56:59Z",
"aliases": [
"CVE-2020-5224"
@ -12,6 +12,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N"
}
],
"affected": [
@ -47,13 +51,21 @@
{
"type": "WEB",
"url": "https://github.com/jazzband/django-user-sessions/commit/f0c4077e7d1436ba6d721af85cee89222ca5d2d9"
},
{
"type": "PACKAGE",
"url": "https://github.com/Bouke/django-user-sessions"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-user-sessions/PYSEC-2020-230.yaml"
}
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"severity": "LOW",
"severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2020-01-24T19:56:37Z",
"nvd_published_at": null

382
advisories/github-reviewed/2023/12/GHSA-gg57-587f-h5v6/GHSA-gg57-587f-h5v6.json Normal file
Просмотреть файл

@ -0,0 +1,382 @@
{
"schema_version": "1.4.0",
"id": "GHSA-gg57-587f-h5v6",
"modified": "2024-09-16T22:00:09Z",
"published": "2023-12-28T18:30:32Z",
"aliases": [
"CVE-2023-5384"
],
"summary": "Infinispan caches credentials in clear text",
"details": "A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-core"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.0.0.Dev01"
},
{
"fixed": "15.0.0.Dev07"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-core"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.25.Final"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-commons"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.0.0.Dev01"
},
{
"fixed": "15.0.0.Dev07"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-commons"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.25.Final"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-hotrod"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.0.0.Dev01"
},
{
"fixed": "15.0.0.Dev07"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-hotrod"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.25.Final"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-client-hotrod"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.0.0.Dev01"
},
{
"fixed": "15.0.0.Dev07"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-client-hotrod"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.25.Final"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-cachestore-jdbc-common"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.0.0.Dev01"
},
{
"fixed": "15.0.0.Dev07"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-cachestore-jdbc-common"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.25.Final"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-cachestore-remote"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.0.0.Dev01"
},
{
"fixed": "15.0.0.Dev07"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-cachestore-remote"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.25.Final"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-cachestore-sql"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.0.0.Dev01"
},
{
"fixed": "15.0.0.Dev07"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-cachestore-sql"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.25.Final"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-cachestore-jdbc"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "15.0.0.Dev01"
},
{
"fixed": "15.0.0.Dev07"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.infinispan:infinispan-cachestore-jdbc"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.25.Final"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5384"
},
{
"type": "WEB",
"url": "https://github.com/infinispan/infinispan/pull/11555"
},
{
"type": "WEB",
"url": "https://github.com/infinispan/infinispan/pull/11995"
},
{
"type": "WEB",
"url": "https://github.com/infinispan/infinispan/commit/7140fc9b026ec55786c1aa78bb3cd8bf951fad47"
},
{
"type": "WEB",
"url": "https://github.com/infinispan/infinispan/commit/fd3e18ec3b1a4e7fcfd79392f5bf78792a2b8c61"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7676"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-5384"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242156"
},
{
"type": "PACKAGE",
"url": "https://github.com/infinispan/infinispan"
},
{
"type": "WEB",
"url": "https://issues.redhat.com/browse/ISPN-15202"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240125-0004"
}
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"severity": "LOW",
"github_reviewed": true,
"github_reviewed_at": "2024-09-16T22:00:09Z",
"nvd_published_at": "2023-12-18T14:15:11Z"
}
}

50
advisories/unreviewed/2023/12/GHSA-gg57-587f-h5v6/GHSA-gg57-587f-h5v6.json
Просмотреть файл

@ -1,50 +0,0 @@
{
"schema_version": "1.4.0",
"id": "GHSA-gg57-587f-h5v6",
"modified": "2024-09-16T18:31:18Z",
"published": "2023-12-28T18:30:32Z",
"aliases": [
"CVE-2023-5384"
],
"details": "A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5384"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7676"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-5384"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242156"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240125-0004"
}
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-18T14:15:11Z"
}
}