pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f9ca6c802
vuln-list-alt/oval/c10f2/ALT-PU-2024-3089/definitions.json
pepelyaevip 4e0845594a ALT Vulnerability
2024-04-26 09:03:04 +00:00

130 lines
5.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243089",
"Version": "oval:org.altlinux.errata:def:20243089",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3089: package `ansible-core` update to version 2.15.9-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3089",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3089",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-07854",
"RefURL": "https://bdu.fstec.ru/vul/2023-07854",
"Source": "BDU"
},
{
"RefID": "BDU:2024-01561",
"RefURL": "https://bdu.fstec.ru/vul/2024-01561",
"Source": "BDU"
},
{
"RefID": "CVE-2023-5764",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764",
"Source": "CVE"
},
{
"RefID": "CVE-2024-0690",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690",
"Source": "CVE"
}
],
"Description": "This update upgrades ansible-core to version 2.15.9-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2023-07854: Уязвимость системы управления конфигурациями Ansible, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-01561: Уязвимость компонента ansible-core системы управления конфигурациями Red Hat Ansible, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2023-5764: A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.\n\n * CVE-2024-0690: An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.\n\n * #48091: apt_rpm не обновляет пакеты",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-02-29"
},
"Updated": {
"Date": "2024-02-29"
},
"BDUs": [
{
"ID": "BDU:2023-07854",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"CWE": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2023-07854",
"Impact": "Low",
"Public": "20231102"
},
{
"ID": "BDU:2024-01561",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-116, CWE-117",
"Href": "https://bdu.fstec.ru/vul/2024-01561",
"Impact": "Low",
"Public": "20240118"
}
],
"CVEs": [
{
"ID": "CVE-2023-5764",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764",
"Impact": "High",
"Public": "20231212"
},
{
"ID": "CVE-2024-0690",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690",
"Impact": "Low",
"Public": "20240206"
}
],
"Bugzilla": [
{
"ID": "48091",
"Href": "https://bugzilla.altlinux.org/48091",
"Data": "apt_rpm не обновляет пакеты"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243089001",
"Comment": "ansible-core is earlier than 0:2.15.9-alt0.p10.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink