From f03b364235cc33c7cc53f19aec93f1f0c530653f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 24 Sep 2023 02:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-24T02:00:24.779550+00:00 --- CVE-2023/CVE-2023-12xx/CVE-2023-1260.json | 63 +++++++++++++++++++++++ CVE-2023/CVE-2023-16xx/CVE-2023-1625.json | 55 ++++++++++++++++++++ CVE-2023/CVE-2023-16xx/CVE-2023-1633.json | 47 +++++++++++++++++ CVE-2023/CVE-2023-16xx/CVE-2023-1636.json | 47 +++++++++++++++++ README.md | 18 ++++--- 5 files changed, 222 insertions(+), 8 deletions(-) create mode 100644 CVE-2023/CVE-2023-12xx/CVE-2023-1260.json create mode 100644 CVE-2023/CVE-2023-16xx/CVE-2023-1625.json create mode 100644 CVE-2023/CVE-2023-16xx/CVE-2023-1633.json create mode 100644 CVE-2023/CVE-2023-16xx/CVE-2023-1636.json diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json new file mode 100644 index 00000000000..8fce64e5499 --- /dev/null +++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-1260", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-09-24T01:15:42.707", + "lastModified": "2023-09-24T01:15:42.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:3976", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:4093", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:4312", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:4898", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-1260", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176267", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1625.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1625.json new file mode 100644 index 00000000000..1c6f2bb01e8 --- /dev/null +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1625.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-1625", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-09-24T01:15:43.577", + "lastModified": "2023-09-24T01:15:43.577", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-1625", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb", + "source": "secalert@redhat.com" + }, + { + "url": "https://launchpad.net/bugs/1999665", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json new file mode 100644 index 00000000000..2bca852b329 --- /dev/null +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-1633", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-09-24T01:15:43.760", + "lastModified": "2023-09-24T01:15:43.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-1633", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json new file mode 100644 index 00000000000..2ff6958df75 --- /dev/null +++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-1636", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-09-24T01:15:43.920", + "lastModified": "2023-09-24T01:15:43.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-1636", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bf6223c3697..5e15e42d171 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-23T22:00:24.565644+00:00 +2023-09-24T02:00:24.779550+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-23T20:15:10.747000+00:00 +2023-09-24T01:15:43.920000+00:00 ``` ### Last Data Feed Release @@ -23,27 +23,29 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-09-23T00:00:13.567925+00:00 +2023-09-24T00:00:13.541318+00:00 ``` ### Total Number of included CVEs ```plain -226070 +226074 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `4` -* [CVE-2022-3962](CVE-2022/CVE-2022-39xx/CVE-2022-3962.json) (`2023-09-23T20:15:10.747`) +* [CVE-2023-1260](CVE-2023/CVE-2023-12xx/CVE-2023-1260.json) (`2023-09-24T01:15:42.707`) +* [CVE-2023-1625](CVE-2023/CVE-2023-16xx/CVE-2023-1625.json) (`2023-09-24T01:15:43.577`) +* [CVE-2023-1633](CVE-2023/CVE-2023-16xx/CVE-2023-1633.json) (`2023-09-24T01:15:43.760`) +* [CVE-2023-1636](CVE-2023/CVE-2023-16xx/CVE-2023-1636.json) (`2023-09-24T01:15:43.920`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2020-21047](CVE-2020/CVE-2020-210xx/CVE-2020-21047.json) (`2023-09-23T20:15:10.297`) ## Download and Usage