From 2465328703dd0a1d39c9a70e0c215d2d6bd2e66d Mon Sep 17 00:00:00 2001
From: Weston Steimel <commits@weston.slmail.me>
Date: Mon, 20 May 2024 18:05:15 +0100
Subject: [PATCH] conversion for hashicorp records

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
---
 data/anchore/2024/CVE-2024-2048.json | 50 ++++++++++++++++++++++++++++
 data/anchore/2024/CVE-2024-2660.json | 50 ++++++++++++++++++++++++++++
 data/anchore/2024/CVE-2024-2877.json | 33 ++++++++++++++++++
 3 files changed, 133 insertions(+)
 create mode 100644 data/anchore/2024/CVE-2024-2048.json
 create mode 100644 data/anchore/2024/CVE-2024-2660.json
 create mode 100644 data/anchore/2024/CVE-2024-2877.json

diff --git a/data/anchore/2024/CVE-2024-2048.json b/data/anchore/2024/CVE-2024-2048.json
new file mode 100644
index 00000000..fc28d348
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-2048.json
@@ -0,0 +1,50 @@
+{
+  "additionalMetadata": {
+    "cna": "hashicorp",
+    "cveId": "CVE-2024-2048",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Vault",
+        "repo": "https://github.com/hashicorp/vault",
+        "vendor": "HashiCorp",
+        "versions": [
+          {
+            "lessThan": "1.16.0",
+            "status": "affected",
+            "version": "1.15.5",
+            "versionType": "semver"
+          }
+        ]
+      },
+      {
+        "cpes": [
+          "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Vault Enterprise",
+        "repo": "https://github.com/hashicorp/vault",
+        "vendor": "HashiCorp",
+        "versions": [
+          {
+            "lessThan": "1.16.0",
+            "status": "affected",
+            "version": "1.15.5",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-2660.json b/data/anchore/2024/CVE-2024-2660.json
new file mode 100644
index 00000000..64257d61
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-2660.json
@@ -0,0 +1,50 @@
+{
+  "additionalMetadata": {
+    "cna": "hashicorp",
+    "cveId": "CVE-2024-2660",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Vault",
+        "repo": "https://github.com/hashicorp/vault",
+        "vendor": "HashiCorp",
+        "versions": [
+          {
+            "lessThan": "1.16.0",
+            "status": "affected",
+            "version": "1.14.0",
+            "versionType": "semver"
+          }
+        ]
+      },
+      {
+        "cpes": [
+          "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Vault Enterprise",
+        "repo": "https://github.com/hashicorp/vault",
+        "vendor": "HashiCorp",
+        "versions": [
+          {
+            "lessThan": "1.16.0",
+            "status": "affected",
+            "version": "1.14.0",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-2877.json b/data/anchore/2024/CVE-2024-2877.json
new file mode 100644
index 00000000..e7fcc916
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-2877.json
@@ -0,0 +1,33 @@
+{
+  "additionalMetadata": {
+    "cna": "hashicorp",
+    "cveId": "CVE-2024-2877",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*"
+        ],
+        "product": "Vault Enterprise",
+        "vendor": "HashiCorp",
+        "versions": [
+          {
+            "lessThan": "1.15.8",
+            "status": "affected",
+            "version": "1.15.0",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
\ No newline at end of file