pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9a236ac382
vuln-list-alt/oval/p11/ALT-PU-2024-10201/definitions.json

120 lines
4.5 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-12-12 21:07:30 +00:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202410201",
"Version": "oval:org.altlinux.errata:def:202410201",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-10201: package `kubernetes1.30` update to version 1.30.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-10201",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-10201",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-05549",
"RefURL": "https://bdu.fstec.ru/vul/2024-05549",
"Source": "BDU"
},
{
"RefID": "CVE-2024-5321",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Source": "CVE"
}
],
"Description": "This update upgrades kubernetes1.30 to version 1.30.3-alt1. \nSecurity Fix(es):\n\n * BDU:2024-05549: Уязвимость утилиты kubelet программного средства управления кластерами виртуальных машин Kubernetes для операционных систем Windows, связанная с некорректно используемыми стандартными разрешениями, позволяющая нарушителю изменить информацию, хранящуюся в журналах контейнеров\n\n * CVE-2024-5321: A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users may be able to read container logs and NT AUTHORITY\\Authenticated Users may be able to modify container logs.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-07-25"
},
"Updated": {
"Date": "2024-07-25"
},
"BDUs": [
{
"ID": "BDU:2024-05549",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"CWE": "CWE-276",
"Href": "https://bdu.fstec.ru/vul/2024-05549",
"Impact": "Low",
"Public": "20240717"
}
],
"CVEs": [
{
"ID": "CVE-2024-5321",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321",
"Impact": "None",
"Public": "20240718"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202410201001",
"Comment": "kubernetes1.30-client is earlier than 0:1.30.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410201002",
"Comment": "kubernetes1.30-common is earlier than 0:1.30.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410201003",
"Comment": "kubernetes1.30-crio is earlier than 0:1.30.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410201004",
"Comment": "kubernetes1.30-kubeadm is earlier than 0:1.30.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410201005",
"Comment": "kubernetes1.30-kubelet is earlier than 0:1.30.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410201006",
"Comment": "kubernetes1.30-master is earlier than 0:1.30.3-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202410201007",
"Comment": "kubernetes1.30-node is earlier than 0:1.30.3-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink