vuln-list-alt/oval/p11/ALT-PU-2024-5961/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20245961",
      "Version": "oval:org.altlinux.errata:def:20245961",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2024-5961: package `netbox` update to version 3.7.4-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2024-5961",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2024-5961",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2024-0948",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0948",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades netbox to version 3.7.4-alt1. \nSecurity Fix(es):\n\n * CVE-2024-0948: ** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input \u003c\u003ch1 onload=alert(1)\u003e\u003etest\u003c/h1\u003e leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2024-04-05"
          },
          "Updated": {
            "Date": "2024-04-05"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2024-0948",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0948",
              "Impact": "Low",
              "Public": "20240126"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20245961001",
                "Comment": "netbox is earlier than 0:3.7.4-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20245961002",
                "Comment": "netbox-apache2 is earlier than 0:3.7.4-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20245961003",
                "Comment": "netbox-nginx is earlier than 0:3.7.4-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}