From ef336cca1d0fbdb1d45925fb4d55e5544fac69e7 Mon Sep 17 00:00:00 2001 From: frederickjoi <153292280+frederickjoi@users.noreply.github.com> Date: Wed, 21 Aug 2024 15:12:04 -0700 Subject: [PATCH] docs: removed N/A cves 8-21-24 (#3691) * Removed N/A cves 8-21-24 * chore: added redirects --------- Co-authored-by: Karl Cardenas --- .../reports/cve-2020-1971.md | 51 ------------------- .../reports/cve-2021-3449.md | 41 --------------- .../reports/cve-2021-3711.md | 46 ----------------- .../reports/cve-2021-45079.md | 37 -------------- .../reports/cve-2022-0778.md | 41 --------------- .../reports/cve-2022-4450.md | 44 ---------------- .../reports/cve-2023-0215.md | 37 -------------- .../reports/cve-2023-0286.md | 37 -------------- .../reports/cve-2023-52425.md | 34 ------------- .../reports/cve-2023-5528.md | 35 ------------- .../reports/cve-2024-0743.md | 34 ------------- .../reports/prisma-2022-0227.md | 35 ------------- .../security-bulletins/reports/reports.md | 12 ----- redirects.js | 17 +++++++ 14 files changed, 17 insertions(+), 484 deletions(-) delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2020-1971.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2021-3449.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2021-3711.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2021-45079.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-0778.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-4450.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0215.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0286.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-52425.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-5528.md delete mode 100644 docs/docs-content/security-bulletins/reports/cve-2024-0743.md delete mode 100644 docs/docs-content/security-bulletins/reports/prisma-2022-0227.md diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-1971.md b/docs/docs-content/security-bulletins/reports/cve-2020-1971.md deleted file mode 100644 index d9212b124b..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2020-1971.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -sidebar_label: "CVE-2020-1971" -title: "CVE-2020-1971" -description: "Lifecycle of CVE-2020-1971" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known -as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to -see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL -pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the -GENERAL_NAME_cmp function for two purposes: 1\) Comparing CRL distribution point names between an available CRL and a -CRL distribution point embedded in an X509 certificate 2\) When verifying that a timestamp response token signer matches -the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an -attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can -trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that -some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to -the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for -the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work -against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct -correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser -will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other -OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in -OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). - -## Our Official Summary - -This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version -1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You learn more at -[https://ubuntu.com/security/CVE-2020-1971](https://ubuntu.com/security/CVE-2020-1971). - -## CVE Severity - -[5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3449.md b/docs/docs-content/security-bulletins/reports/cve-2021-3449.md deleted file mode 100644 index 5dcadb34e1..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2021-3449.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -sidebar_label: "CVE-2021-3449" -title: "CVE-2021-3449" -description: "Lifecycle of CVE-2021-3449" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a -TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial -ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to -a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which -is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are -affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this -issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). - -## Our Official Summary - -This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version -1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at -[https://ubuntu.com/security/CVE-2021-3449](https://ubuntu.com/security/CVE-2021-3449). - -## CVE Severity - -[5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3711.md b/docs/docs-content/security-bulletins/reports/cve-2021-3711.md deleted file mode 100644 index da0fb6ee1c..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2021-3711.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -sidebar_label: "CVE-2021-3711" -title: "CVE-2021-3711" -description: "Lifecycle of CVE-2021-3711" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically -an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, -the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can -then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for -the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer -size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size -required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a -second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an -application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents -of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The -location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected -1.1.1-1.1.1k). - -## Our Official Summary - -This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version -1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at -[https://ubuntu.com/security/CVE-2021-3711](https://ubuntu.com/security/CVE-2021-3711). - -## CVE Severity - -[9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-45079.md b/docs/docs-content/security-bulletins/reports/cve-2021-45079.md deleted file mode 100644 index ad0e12c05a..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2021-45079.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -sidebar_label: "CVE-2021-45079" -title: "CVE-2021-45079" -description: "Lifecycle of CVE-2021-45079" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2021-45079](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually -authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for -IKEv2) even without server authentication. - -## Our Official Summary - -This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version -5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: You can learn more at -[https://ubuntu.com/security/CVE-2021-45079](https://ubuntu.com/security/CVE-2021-45079). - -## CVE Severity - -[9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-0778.md b/docs/docs-content/security-bulletins/reports/cve-2022-0778.md deleted file mode 100644 index bb31576489..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2022-0778.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -sidebar_label: "CVE-2022-0778" -title: "CVE-2022-0778" -description: "Lifecycle of CVE-2022-0778" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -The BN\\\_mod\\\_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever -for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys -in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to -trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate -parsing happens prior to verification of the certificate signature, any process that parses an externally supplied -certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing -crafted private keys as they can contain explicit elliptic curve parameters. - -## Our Official Summary - -This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version -1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at -[https://ubuntu.com/security/CVE-2023-0286](https://ubuntu.com/security/CVE-2023-0286). - -## CVE Severity - -[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-4450.md b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md deleted file mode 100644 index 8775d74fd6..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2022-4450.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -sidebar_label: "CVE-2022-4450" -title: "CVE-2022-4450" -description: "Lifecycle of CVE-2022-4450" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -# CVE Details - -We provide the most up-to-date information below. - -## CVE Details - -[CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any -header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are -populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those -buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() -will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. -If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. - -## Our Official Summary - -This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version -1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Additional information can be found at -[https://ubuntu.com/security/CVE-2022-4450](https://ubuntu.com/security/CVE-2022-4450) - -## CVE Severity - -[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0215.md b/docs/docs-content/security-bulletins/reports/cve-2023-0215.md deleted file mode 100644 index 2dac757291..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2023-0215.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -sidebar_label: "CVE-2023-0215" -title: "CVE-2023-0215" -description: "Lifecycle of CVE-2023-0215" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -The public API function BIO\\\_new\\\_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily -used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly -by end user applications. - -## Our Official Summary - -This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version -1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at -[https://ubuntu.com/security/CVE-2023-0215](https://ubuntu.com/security/CVE-2023-0215). - -## CVE Severity - -[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0286.md b/docs/docs-content/security-bulletins/reports/cve-2023-0286.md deleted file mode 100644 index 125f1e0304..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2023-0286.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -sidebar_label: "CVE-2023-0286" -title: "CVE-2023-0286" -description: "Lifecycle of CVE-2023-0286" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 -addresses were parsed as an ASN1\\\_STRING but the public structure definition for GENERAL\\\_NAME incorrectly specified -the type of the x400Address field as ASN1\\\_TYPE. This field is subsequently interpreted by the OpenSSL function -GENERAL\\\_NAME\\\_cmp as an ASN1\\\_TYPE rather than an ASN1\\\_STRING. - -## Our Official Summary - -This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version -that’s being used in VerteX. - -## CVE Severity - -[7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-52425.md b/docs/docs-content/security-bulletins/reports/cve-2023-52425.md deleted file mode 100644 index 732c84da31..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2023-52425.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -sidebar_label: "CVE-2023-52425" -title: "CVE-2023-52425" -description: "Lifecycle of CVE-2023-52425" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in -the case of a large token for which multiple buffer fills are needed. - -## Our Official Summary - -The CVE is reported in vsphere-csi 3.2.0. - -## CVE Severity - -[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-5528.md b/docs/docs-content/security-bulletins/reports/cve-2023-5528.md deleted file mode 100644 index 9c5ec0cb85..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2023-5528.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -sidebar_label: "CVE-2023-5528" -title: "CVE-2023-5528" -description: "Lifecycle of CVE-2023-5528" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2023-5528](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) - -## Last Update - -7/16/2024 - -## NIST CVE Summary - -A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes -may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an -in-tree storage plugin for Windows nodes. - -## Our Official Summary - -The CVE reported in vsphere-csi 3.2.0, Govulncheck reports it as non-impacting. - -## CVE Severity - -[8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-0743.md b/docs/docs-content/security-bulletins/reports/cve-2024-0743.md deleted file mode 100644 index 5f0eb04130..0000000000 --- a/docs/docs-content/security-bulletins/reports/cve-2024-0743.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -sidebar_label: "CVE-2024-0743" -title: "CVE-2024-0743" -description: "Lifecycle of CVE-2024-0743" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -## CVE Details - -[CVE-2024-0743](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) - -## Last Update - -08/09/2024 - -## NIST CVE Summary - -An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability -affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. - -## Our Official Summary - -Affected images are third party vSphere CSI drivers. Waiting for the upstream vendor to issue the fix. - -## CVE Severity - -[7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md b/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md deleted file mode 100644 index e0c97a3897..0000000000 --- a/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -sidebar_label: "Prisma-REPLACE-ME" -title: "CVE-REPLACE-ME" -description: "Lifecycle of CVE-REPLACE-ME" -hide_table_of_contents: true -sidebar_class_name: "hide-from-sidebar" -toc_max_heading_level: 2 -tags: ["security", "cve"] ---- - -# CVE Details - -[PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604) - -## Last Update - -7/31/2024 - -## NIST CVE Summary - -github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. -There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check -bypass in a complex system. - -## Our Official Summary - -The CVE reported in vsphere-csi 3.2.0, and Kubernetes 1.28.11. Govulncheck reports it as non-impacting. - -## CVE Severity - -N/A - -## Status - -Ongoing diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md index 3bd7a96435..df76f8dfab 100644 --- a/docs/docs-content/security-bulletins/reports/reports.md +++ b/docs/docs-content/security-bulletins/reports/reports.md @@ -31,27 +31,16 @@ Click on the CVE ID to view the full details of the vulnerability. | CVE ID | Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type | CVSS Severity | Status | | ----------------------------------------------- | ---------------- | ------------- | -------------------------- | --------------------------------------- | -------------------------------------------------------- | ------------- | -| [CVE-2023-52425](./cve-2023-52425.md) | 02/04/2024 | 06/14/2024 | Palette 4.4.11 | Third-party component: vSphere-CSI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) | :mag: Ongoing | | [CVE-2024-21626](./cve-2024-21626.md) | 1/3/24 | 2/18/24 | Palette 4.4.11 & 4.4.14 | Third-party component: kube-proxy | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | :mag: Ongoing | | [CVE-2022-41723](./cve-2022-41723.md) | 2/28/23 | 11/25/23 | Palette 4.4.11 & 4.4.14 | Third-party component: CoreDNS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | :mag: Ongoing | | [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23 | 10/25/23 | Palette 4.4.11 & 4.4.14 | Third-party component: CoreDNS | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing | -| [CVE-2022-4450](./cve-2022-4450.md) | 2/8/23 | 2/4/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | :mag: Ongoing | | [CVE-2023-45142](./cve-2023-45142.md) | 10/12/23 | 2/18/24 | Palette 4.4.11 & 4.4.14 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | :mag: Ongoing | | [CVE-2023-0464](./cve-2023-0464.md) | 3/22/23 | 6/21/24 | Palette 4.4.11 & 4.4.14 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | :mag: Ongoing | | [CVE-2023-39325](./cve-2023-39325.md) | 10/11/23 | 4/28/24 | Palette 4.4.11 & 4.4.14 | Third-party component: Go project | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | :mag: Ongoing | -| [CVE-2023-0215](./cve-2023-0215.md) | 2/28/23 | 6/21/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | :mag: Ongoing | | [CVE-2023-47108](./cve-2023-47108.md) | 11/20/23 | 11/20/23 | Palette 4.4.11 & 4.4.14 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | :mag: Ongoing | -| [CVE-2023-0286](./cve-2023-0286.md) | 2/8/23 | 2/4/24 | Palette 4.4.11 | Third-party component: OpenSSL | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | :mag: Ongoing | -| [CVE-2020-1971](./cve-2020-1971.md) | 12/8/20 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) | :mag: Ongoing | -| [CVE-2021-3449](./cve-2021-3449.md) | 3/25/21 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) | :mag: Ongoing | -| [CVE-2021-3711](./cve-2021-3711.md) | 8/24/12 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) | :mag: Ongoing | -| [CVE-2022-0778](./cve-2022-0778.md) | 3/15/22 | 6/21/24 | Palette 4.4.11 | Third-party component: Ubuntu | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) | :mag: Ongoing | -| [CVE-2021-45079](./cve-2021-45079.md) | 1/31/22 | 11/6/23 | Palette 4.4.11 | Third-party component: Ubuntu | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) | :mag: Ongoing | -| [CVE-2023-5528](./cve-2023-5528.md) | 11/14/23 | 1/19/24 | Palette 4.4.11 | Third-party component: vSphere-CSI | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) | :mag: Ongoing | | [CVE-2023-44487](./cve-2023-44487.md) | 10/10/23 | 6/27/24 | Palette 4.4.11 & 4.4.14 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | :mag: Ongoing | | [CVE-2022-25883](./cve-2022-25883.md) | 6/21/23 | 11/6/24 | Palette 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | :mag: Ongoing | | [CVE-2015-8855](./cve-2015-8855.md) | 1/23/17 | 1/26/12 | Palette 4.4.11 | Third-party component: CAPI | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | :mag: Ongoing | -| [CVE-2024-0743](./cve-2024-0743.md) | 08/09/24 | 08/09/24 | Palette 4.4.11 | Third-party component: TLS | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-0743) | :mag: Ongoing | | [CVE-2019-12900](./cve-2019-12900.md) | 08/16/24 | 08/16/24 | Palette 4.4.14 | Third-party component: BZ2 | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) | :mag: Ongoing | | [CVE-2023-37920](./cve-2023-37920.md) | 08/16/24 | 08/16/24 | Palette 4.4.14 | Third-party component: Certifi | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | :mag: Ongoing | | [CVE-2019-1010022](./cve-2019-1010022.md) | 08/16/24 | 08/16/24 | Palette 4.4.14 | Third-party component: GNU Libc | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) | :mag: Ongoing | @@ -88,4 +77,3 @@ Click on the CVE ID to view the full details of the vulnerability. | [CVE-2012-2663](./cve-2012-2663.md) | 08/16/24 | 08/16/24 | Palette 4.4.14 | Third-party component: iPtables | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663) | :mag: Ongoing | | [CVE-2019-9192](./cve-2019-9192.md) | 08/16/24 | 08/16/24 | Palette 4.4.14 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9192) | :mag: Ongoing | | [CVE-2018-20796](./cve-2018-20796.md) | 08/16/24 | 08/16/24 | Palette 4.4.14 | Third-party component: GNU C Library | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20796) | :mag: Ongoing | -| [PRISMA-2022-0227](./prisma-2022-0227.md) | 9/12/23 | 9/12/23 | Palette 4.4.11 | Third-party component: vSphere-CSI | N/A | :mag: Ongoing | diff --git a/redirects.js b/redirects.js index b4435bf56a..2454363270 100644 --- a/redirects.js +++ b/redirects.js @@ -579,6 +579,23 @@ const redirects = [ ], to: "/integrations/", }, + { + from: [ + "/security-bulletins/reports/cve-2020-1971", + "/security-bulletins/reports/cve-2021-3449", + "/security-bulletins/reports/cve-2021-3711", + "/security-bulletins/reports/cve-2021-45079", + "/security-bulletins/reports/cve-2022-0778", + "/security-bulletins/reports/cve-2022-4450", + "/security-bulletins/reports/cve-2023-0215", + "/security-bulletins/reports/cve-2023-0286", + "/security-bulletins/reports/cve-2023-52425", + "/security-bulletins/reports/cve-2023-5528", + "/security-bulletins/reports/cve-2024-0743", + "/security-bulletins/reports/prisma-2022-0227", + ], + to: "/security-bulletins/reports/", + }, ]; module.exports = redirects;