pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f9ca6c802
vuln-list-alt/oval/c10f2/ALT-PU-2024-3089/definitions.json

130 lines
5.2 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-04-16 17:26:14 +03:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243089",
"Version": "oval:org.altlinux.errata:def:20243089",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3089: package `ansible-core` update to version 2.15.9-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3089",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3089",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-07854",
"RefURL": "https://bdu.fstec.ru/vul/2023-07854",
"Source": "BDU"
},
{
"RefID": "BDU:2024-01561",
"RefURL": "https://bdu.fstec.ru/vul/2024-01561",
"Source": "BDU"
},
{
"RefID": "CVE-2023-5764",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764",
"Source": "CVE"
},
{
"RefID": "CVE-2024-0690",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690",
"Source": "CVE"
}
],
ALT Vulnerability
2024-04-26 12:03:04 +03:00
"Description": "This update upgrades ansible-core to version 2.15.9-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2023-07854: Уязвимость системы управления конфигурациями Ansible, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-01561: Уязвимость компонента ansible-core системы управления конфигурациями Red Hat Ansible, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2023-5764: A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.\n\n * CVE-2024-0690: An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.\n\n * #48091: apt_rpm не обновляет пакеты",
ALT Vulnerability
2024-04-16 17:26:14 +03:00
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-29"
},
"Updated": {
"Date": "2024-02-29"
},
"BDUs": [
{
"ID": "BDU:2023-07854",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2023-07854",
"Impact": "Low",
"Public": "20231102"
},
{
"ID": "BDU:2024-01561",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-116, CWE-117",
"Href": "https://bdu.fstec.ru/vul/2024-01561",
"Impact": "Low",
"Public": "20240118"
}
],
"CVEs": [
{
"ID": "CVE-2023-5764",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764",
"Impact": "High",
"Public": "20231212"
},
{
"ID": "CVE-2024-0690",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690",
"Impact": "Low",
"Public": "20240206"
}
],
"Bugzilla": [
{
"ID": "48091",
"Href": "https://bugzilla.altlinux.org/48091",
"Data": "apt_rpm не обновляет пакеты"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243089001",
"Comment": "ansible-core is earlier than 0:2.15.9-alt0.p10.1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink