diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41725.md b/docs/docs-content/security-bulletins/reports/cve-2022-41725.md index c0c05fdae5..90fe263cf4 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2022-41725.md +++ b/docs/docs-content/security-bulletins/reports/cve-2022-41725.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -09/15/2024 +09/19/2024 ## NIST CVE Summary @@ -39,7 +39,10 @@ consumed by temporary files. Callers can limit the size of form data with http.M ## Our Official Summary -Investigation is ongoing to determine how this vulnerability affects our products. +A denial-of-service vulnerability has been identified in the Go standard library affecting the mime/multipart package. +This vulnerability could allow an attacker to conduct a denial-of-service attack through excessive resource consumption +in net/http and mime/multipart. This vulnerability affects multiple 3rd party images. Images will be upgraded to newer +versions available. ## CVE Severity diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-24539.md b/docs/docs-content/security-bulletins/reports/cve-2023-24539.md index cd468f1d76..c7db92bc2d 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-24539.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-24539.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -09/15/2024 +09/19/2024 ## NIST CVE Summary @@ -24,7 +24,10 @@ injection of unexpected HTML, if executed with untrusted input. ## Our Official Summary -Investigation is ongoing to determine how this vulnerability affects our products. +A vulnerability was found in html-template up to 1.19.8/1.20.3 on Go. The affected component is the CSS Handler. +Manipulation with an unknown input could lead to a cross-site scripting vulnerability. If the input contains special +characters such as `"<", ">"`, and `"&"` that could be interpreted as web-scripting elements when they are sent to a +downstream component that processes web pages. A fix for the images affected will be investigated. ## CVE Severity diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45287.md b/docs/docs-content/security-bulletins/reports/cve-2023-45287.md index 0846b971c2..6b62dbaf0e 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-45287.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-45287.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -09/15/2024 +09/19/2024 ## NIST CVE Summary @@ -26,7 +26,10 @@ exhibits any timing side channels. ## Our Official Summary -Investigation is ongoing to determine how this vulnerability affects our products. +This vulnerability exists in older versions of Golang for RSA based TLS exchanges. All the images in which this is +detected are using older versions of Golang with updates available with a fix. In order to exploit the vulnerability, +attackers need to obtain privileged access to the cluster and handcraft specific calls to these containers. Images will +be upgraded to newer versions. ## CVE Severity diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-49569.md b/docs/docs-content/security-bulletins/reports/cve-2023-49569.md index 896d3feba1..3dd4664a33 100644 --- a/docs/docs-content/security-bulletins/reports/cve-2023-49569.md +++ b/docs/docs-content/security-bulletins/reports/cve-2023-49569.md @@ -14,7 +14,7 @@ tags: ["security", "cve"] ## Last Update -9/6/24 +9/19/24 ## NIST CVE Summary @@ -43,8 +43,9 @@ Ongoing ## Affected Products & Versions -- Palette Enterprise 4.4.15 +- Palette Enterprise 4.4.14 ## Revision History - 1.0 9/6/24 Initial Publication +- 2.0 9/19/24 Added Palette Enterprise 4.4.14 to Affected Products diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md index bde77eb892..e4a1d2437a 100644 --- a/docs/docs-content/security-bulletins/reports/reports.md +++ b/docs/docs-content/security-bulletins/reports/reports.md @@ -149,19 +149,20 @@ Click on the CVE ID to view the full details of the vulnerability. | [CVE-2022-28357](./cve-2022-28357.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: NATS | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2022-28357) | :mag: Ongoing | | [CVE-2022-28948](./cve-2022-28948.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go-Yaml | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-28948) | :mag: Ongoing | | [CVE-2022-41724](./cve-2022-41724.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41724) | :mag: Ongoing | -| [CVE-2022-41725](./cve-2022-41725.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41725) | :mag: Ongoing | +| [CVE-2022-41725](./cve-2022-41725.md) | 9/15/24 | 9/19/24 | 4.4.18 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41725) | :mag: Ongoing | | [CVE-2023-24534](./cve-2023-24534.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24534) | :mag: Ongoing | | [CVE-2023-24536](./cve-2023-24536.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24536) | :mag: Ongoing | | [CVE-2023-24537](./cve-2023-24537.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24537) | :mag: Ongoing | | [CVE-2023-24538](./cve-2023-24538.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-24538) | :mag: Ongoing | -| [CVE-2023-24539](./cve-2023-24539.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.3](https://nvd.nist.gov/vuln/detail/CVE-2023-24539) | :mag: Ongoing | +| [CVE-2023-24539](./cve-2023-24539.md) | 9/15/24 | 9/19/24 | 4.4.18 | Third-party component: Go Project | [7.3](https://nvd.nist.gov/vuln/detail/CVE-2023-24539) | :mag: Ongoing | | [CVE-2023-24540](./cve-2023-24540.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-24540) | :mag: Ongoing | | [CVE-2023-29400](./cve-2023-29400.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.3](https://nvd.nist.gov/vuln/detail/CVE-2023-29400) | :mag: Ongoing | | [CVE-2023-29403](./cve-2023-29403.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403) | :mag: Ongoing | -| [CVE-2023-45287](./cve-2023-45287.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | :mag: Ongoing | +| [CVE-2023-45287](./cve-2023-45287.md) | 9/15/24 | 9/19/24 | 4.4.18 | Third-party component: Go Project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | :mag: Ongoing | | [CVE-2023-52356](./cve-2023-52356.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Libtiff | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52356) | :mag: Ongoing | | [CVE-2024-0743](./cve-2024-0743.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Mozilla | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | :mag: Ongoing | | [CVE-2024-32002](./cve-2024-32002.md) | 9/15/24 | 9/15/24 | 4.4.18 | Third-party component: Github | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | :mag: Ongoing | +| [CVE-2023-49569](./cve-2023-49569.md) | 9/15/24 | 9/19/24 | 4.4.14 | Third-party component: Bitdefender | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-49569) | :mag: Ongoing |