Skip to content

Commit

Permalink
feat: Updated at 20240616071602
Browse files Browse the repository at this point in the history 
Signed-off-by: bitnami-bot <bitnami-bot@vmware.com>
  • Loading branch information
@bitnami-bot
bitnami-bot committed Jun 16, 2024
1 parent 6da0302 commit b68960d
Show file tree
Hide file tree
Showing 61 changed files with 1,945 additions and 71 deletions.
5 changes: 3 additions & 2 deletions data/airflow/BIT-airflow-2024-26280.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
]
},
"references": [
Expand All @@ -48,5 +49,5 @@
}
],
"published": "2024-03-31T18:16:59.178Z",
"modified": "2024-05-24T07:53:33.063Z"
"modified": "2024-06-16T07:56:09.166Z"
}
5 changes: 3 additions & 2 deletions data/airflow/BIT-airflow-2024-27906.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
]
},
"references": [
Expand All @@ -52,5 +53,5 @@
}
],
"published": "2024-03-31T18:16:47.034Z",
"modified": "2024-05-24T07:53:33.063Z"
"modified": "2024-06-16T07:56:09.166Z"
}
5 changes: 3 additions & 2 deletions data/airflow/BIT-airflow-2024-28746.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
]
},
"references": [
Expand All @@ -48,5 +49,5 @@
}
],
"published": "2024-03-31T18:16:36.634Z",
"modified": "2024-05-02T07:52:56.618Z"
"modified": "2024-06-16T07:56:09.166Z"
}
5 changes: 3 additions & 2 deletions data/airflow/BIT-airflow-2024-29735.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
]
},
"references": [
Expand All @@ -48,5 +49,5 @@
}
],
"published": "2024-03-28T07:16:52.369Z",
"modified": "2024-05-02T07:52:56.618Z"
"modified": "2024-06-16T07:56:09.166Z"
}
5 changes: 3 additions & 2 deletions data/airflow/BIT-airflow-2024-31869.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
]
},
"references": [
Expand All @@ -48,5 +49,5 @@
}
],
"published": "2024-04-20T07:16:43.969Z",
"modified": "2024-05-24T07:53:33.063Z"
"modified": "2024-06-16T07:56:09.166Z"
}
5 changes: 3 additions & 2 deletions data/airflow/BIT-airflow-2024-32077.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@
"database_specific": {
"severity": "Unknown",
"cpes": [
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*"
"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
]
},
"references": [
Expand All @@ -48,5 +49,5 @@
}
],
"published": "2024-05-24T07:15:55.746Z",
"modified": "2024-06-12T07:54:49.981Z"
"modified": "2024-06-16T07:56:09.166Z"
}
86 changes: 86 additions & 0 deletions data/cilium-operator/BIT-cilium-operator-2024-37307.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
{
"schema_version": "1.5.0",
"id": "BIT-cilium-operator-2024-37307",
"details": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `--envoy-dump` flag set) against Cilium deployments with the Envoy proxy enabled. Users of the TLS inspection, Ingress with TLS termination, Gateway API with TLS termination, and Kafka network policies with API key filtering features are affected. The sensitive data includes the CA certificate, certificate chain, and private key used by Cilium HTTP Network Policies, and when using Ingress/Gateway API and the API keys used in Kafka-related network policy. `cilium-bugtool` is a debugging tool that is typically invoked manually and does not run during the normal operation of a Cilium cluster. This issue has been patched in Cilium v1.15.6, v1.14.12, and v1.13.17. There is no workaround to this issue.",
"aliases": [
"CVE-2024-37307"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "cilium-operator",
"purl": "pkg:bitnami/cilium-operator"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.13.17"
},
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.12"
},
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.6"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j"
}
],
"published": "2024-06-16T07:17:09.259Z",
"modified": "2024-06-16T07:56:09.166Z"
}
86 changes: 86 additions & 0 deletions data/cilium/BIT-cilium-2024-37307.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
{
"schema_version": "1.5.0",
"id": "BIT-cilium-2024-37307",
"details": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `--envoy-dump` flag set) against Cilium deployments with the Envoy proxy enabled. Users of the TLS inspection, Ingress with TLS termination, Gateway API with TLS termination, and Kafka network policies with API key filtering features are affected. The sensitive data includes the CA certificate, certificate chain, and private key used by Cilium HTTP Network Policies, and when using Ingress/Gateway API and the API keys used in Kafka-related network policy. `cilium-bugtool` is a debugging tool that is typically invoked manually and does not run during the normal operation of a Cilium cluster. This issue has been patched in Cilium v1.15.6, v1.14.12, and v1.13.17. There is no workaround to this issue.",
"aliases": [
"CVE-2024-37307"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "cilium",
"purl": "pkg:bitnami/cilium"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.13.17"
},
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.12"
},
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.6"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j"
}
],
"published": "2024-06-16T07:17:12.551Z",
"modified": "2024-06-16T07:56:09.166Z"
}
50 changes: 50 additions & 0 deletions data/elasticsearch/BIT-elasticsearch-2024-23445.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"schema_version": "1.5.0",
"id": "BIT-elasticsearch-2024-23445",
"details": "It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body  restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned.This issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models  that was previously a beta feature and is released as GA with 8.14.0",
"aliases": [
"CVE-2024-23445"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "elasticsearch",
"purl": "pkg:bitnami/elasticsearch"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "8.10.0"
},
{
"fixed": "8.14.0"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-13/360898"
}
],
"published": "2024-06-16T07:19:02.850Z",
"modified": "2024-06-16T07:56:09.166Z"
}
50 changes: 50 additions & 0 deletions data/elasticsearch/BIT-elasticsearch-2024-37280.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"schema_version": "1.5.0",
"id": "BIT-elasticsearch-2024-37280",
"details": "A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.",
"aliases": [
"CVE-2024-37280"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "elasticsearch",
"purl": "pkg:bitnami/elasticsearch"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "8.13.1"
},
{
"fixed": "8.14.0"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007"
}
],
"published": "2024-06-16T07:18:05.055Z",
"modified": "2024-06-16T07:56:09.166Z"
}
Loading

0 comments on commit b68960d

Please sign in to comment.