From 02e3b7bf19a269483cc22d58c376372387ca4057 Mon Sep 17 00:00:00 2001 From: felipecruz91 Date: Fri, 27 Sep 2024 11:16:29 +0200 Subject: [PATCH 1/2] chore(scout): Document CUPS CVEs in high-profile vuln policy Signed-off-by: felipecruz91 --- content/manuals/scout/policy/_index.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/content/manuals/scout/policy/_index.md b/content/manuals/scout/policy/_index.md index 596e2ec8f619..c02b196c9657 100644 --- a/content/manuals/scout/policy/_index.md +++ b/content/manuals/scout/policy/_index.md @@ -145,13 +145,17 @@ The list includes the following vulnerabilities: - [CVE-2023-38545 (cURL SOCKS5 heap buffer overflow)](https://scout.docker.com/v/CVE-2023-38545) - [CVE-2023-44487 (HTTP/2 Rapid Reset)](https://scout.docker.com/v/CVE-2023-44487) - [CVE-2024-3094 (XZ backdoor)](https://scout.docker.com/v/CVE-2024-3094) +- [CVE-2024-47176 (OpenPrinting - cups-browsed)](https://scout.docker.com/v/CVE-2024-47176) +- [CVE-2024-47076 (OpenPrinting - libcupsfilters)](https://scout.docker.com/v/CVE-2024-47076) +- [CVE-2024-47175 (OpenPrinting- libppd)](https://scout.docker.com/v/CVE-2024-47175) +- [CVE-2024-47177 (OpenPrinting - cups-filters)](https://scout.docker.com/v/CVE-2024-47177) You can configure the CVEs included in this list by creating a custom policy. Custom configuration options include: - **CVEs to avoid**: Specify the CVEs that you want to avoid in your artifacts. - Default: `CVE-2014-0160`, `CVE-2021-44228`, `CVE-2023-38545`, `CVE-2023-44487`, `CVE-2024-3094` + Default: `CVE-2014-0160`, `CVE-2021-44228`, `CVE-2023-38545`, `CVE-2023-44487`, `CVE-2024-3094`, `CVE-2024-47176`, `CVE-2024-47076`, `CVE-2024-47175`, `CVE-2024-47177` - **CISA KEV**: Enable tracking of vulnerabilities from CISA's Known Exploited Vulnerabilities (KEV) catalog From d355d226c0a0d676184cbcf04b8a0ff461c3aa35 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Mon, 30 Sep 2024 14:31:00 +0200 Subject: [PATCH 2/2] =?UTF-8?q?scout:=20"CVEs=20to=20avoid"=20=E2=86=92=20?= =?UTF-8?q?"Excluded=20CVEs"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/manuals/scout/policy/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/manuals/scout/policy/_index.md b/content/manuals/scout/policy/_index.md index c02b196c9657..afed23f95d7b 100644 --- a/content/manuals/scout/policy/_index.md +++ b/content/manuals/scout/policy/_index.md @@ -153,9 +153,9 @@ The list includes the following vulnerabilities: You can configure the CVEs included in this list by creating a custom policy. Custom configuration options include: -- **CVEs to avoid**: Specify the CVEs that you want to avoid in your artifacts. +- **Excluded CVEs**: Specify the CVEs that you want this policy to ignore. - Default: `CVE-2014-0160`, `CVE-2021-44228`, `CVE-2023-38545`, `CVE-2023-44487`, `CVE-2024-3094`, `CVE-2024-47176`, `CVE-2024-47076`, `CVE-2024-47175`, `CVE-2024-47177` + Default: `[]` (none of the high-profile CVEs are ignored) - **CISA KEV**: Enable tracking of vulnerabilities from CISA's Known Exploited Vulnerabilities (KEV) catalog