admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-24T02:00:24.779550+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-24 02:00:28 +00:00
parent 4124cc6df3
commit f03b364235
5 changed files with 222 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2023/CVE-2023-12xx/CVE-2023-1260.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-1260",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:42.707",
"lastModified": "2023-09-24T01:15:42.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions \"update, patch\" the \"pods/ephemeralcontainers\" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:3976",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4093",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4312",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:4898",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1260",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176267",
"source": "secalert@redhat.com"
}
]
}

55
CVE-2023/CVE-2023-16xx/CVE-2023-1625.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-1625",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:43.577",
"lastModified": "2023-09-24T01:15:43.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1625",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb",
"source": "secalert@redhat.com"
},
{
"url": "https://launchpad.net/bugs/1999665",
"source": "secalert@redhat.com"
}
]
}

47
CVE-2023/CVE-2023-16xx/CVE-2023-1633.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-1633",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:43.760",
"lastModified": "2023-09-24T01:15:43.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1633",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761",
"source": "secalert@redhat.com"
}
]
}

47
CVE-2023/CVE-2023-16xx/CVE-2023-1636.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-1636",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:43.920",
"lastModified": "2023-09-24T01:15:43.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1636",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765",
"source": "secalert@redhat.com"
}
]
}

18
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-23T22:00:24.565644+00:00
2023-09-24T02:00:24.779550+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-23T20:15:10.747000+00:00
2023-09-24T01:15:43.920000+00:00
```
### Last Data Feed Release
@ -23,27 +23,29 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-09-23T00:00:13.567925+00:00
2023-09-24T00:00:13.541318+00:00
```
### Total Number of included CVEs
```plain
226070
226074
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `4`
* [CVE-2022-3962](CVE-2022/CVE-2022-39xx/CVE-2022-3962.json) (`2023-09-23T20:15:10.747`)
* [CVE-2023-1260](CVE-2023/CVE-2023-12xx/CVE-2023-1260.json) (`2023-09-24T01:15:42.707`)
* [CVE-2023-1625](CVE-2023/CVE-2023-16xx/CVE-2023-1625.json) (`2023-09-24T01:15:43.577`)
* [CVE-2023-1633](CVE-2023/CVE-2023-16xx/CVE-2023-1633.json) (`2023-09-24T01:15:43.760`)
* [CVE-2023-1636](CVE-2023/CVE-2023-16xx/CVE-2023-1636.json) (`2023-09-24T01:15:43.920`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
* [CVE-2020-21047](CVE-2020/CVE-2020-210xx/CVE-2020-21047.json) (`2023-09-23T20:15:10.297`)
## Download and Usage