pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9854201840
vuln-list-alt/oval/p10/ALT-PU-2022-2559/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

129 lines
4.7 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222559",
"Version": "oval:org.altlinux.errata:def:20222559",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2559: package `ignition` update to version 2.14.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2559",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2559",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-04103",
"RefURL": "https://bdu.fstec.ru/vul/2022-04103",
"Source": "BDU"
},
{
"RefID": "CVE-2022-1706",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1706",
"Source": "CVE"
}
],
"Description": "This update upgrades ignition to version 2.14.0-alt1. \nSecurity Fix(es):\n\n * BDU:2022-04103: Уязвимость реализации конфигурации info-get guestinfo.ignition.config.data библиотеки Ignition, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * CVE-2022-1706: A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-09-05"
},
"Updated": {
"Date": "2022-09-05"
},
"BDUs": [
{
"ID": "BDU:2022-04103",
"CVSS": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-863",
"Href": "https://bdu.fstec.ru/vul/2022-04103",
"Impact": "Low",
"Public": "20220111"
}
],
"CVEs": [
{
"ID": "CVE-2022-1706",
"CVSS": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-863",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1706",
"Impact": "Low",
"Public": "20220517"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222559001",
"Comment": "ignition is earlier than 0:2.14.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222559002",
"Comment": "ignition-validate is earlier than 0:2.14.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink