Auto-Update: 2023-09-24T02:00:24.779550+00:00

2025-07-09 16:05:11 +00:00 · 2023-09-24 02:00:28 +00:00 · 2023-09-24 02:00:28 +00:00 · f03b364235
commit f03b364235
parent 4124cc6df3
5 changed files with 222 additions and 8 deletions
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-1260",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-09-24T01:15:42.707",
+  "lastModified": "2023-09-24T01:15:42.707",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:3976",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:4093",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:4312",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:4898",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-1260",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176267",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1625.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1625.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-1625",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-09-24T01:15:43.577",
+  "lastModified": "2023-09-24T01:15:43.577",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-1625",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://launchpad.net/bugs/1999665",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1633.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-1633",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-09-24T01:15:43.760",
+  "lastModified": "2023-09-24T01:15:43.760",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-1633",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1636.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2023-1636",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-09-24T01:15:43.920",
+  "lastModified": "2023-09-24T01:15:43.920",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.0,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-1636",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-23T22:00:24.565644+00:00
+2023-09-24T02:00:24.779550+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-23T20:15:10.747000+00:00
+2023-09-24T01:15:43.920000+00:00
 ```

 ### Last Data Feed Release
@ -23,27 +23,29 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-09-23T00:00:13.567925+00:00
+2023-09-24T00:00:13.541318+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-226070
+226074
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `4`

-* [CVE-2022-3962](CVE-2022/CVE-2022-39xx/CVE-2022-3962.json) (`2023-09-23T20:15:10.747`)
+* [CVE-2023-1260](CVE-2023/CVE-2023-12xx/CVE-2023-1260.json) (`2023-09-24T01:15:42.707`)
+* [CVE-2023-1625](CVE-2023/CVE-2023-16xx/CVE-2023-1625.json) (`2023-09-24T01:15:43.577`)
+* [CVE-2023-1633](CVE-2023/CVE-2023-16xx/CVE-2023-1633.json) (`2023-09-24T01:15:43.760`)
+* [CVE-2023-1636](CVE-2023/CVE-2023-16xx/CVE-2023-1636.json) (`2023-09-24T01:15:43.920`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2020-21047](CVE-2020/CVE-2020-210xx/CVE-2020-21047.json) (`2023-09-23T20:15:10.297`)


 ## Download and Usage