diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2023-10-28 17:50:15 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-10-28 17:50:15 +0200 |
commit | 754a8d46df0cfbe3c5c7dc43623a3b5d6ee13744 (patch) | |
tree | cd34c285fa67eb43858bf40f8b762a48e1dcf670 /data | |
parent | 992fa3db223a431456fb3d8be25065f89d13c357 (diff) |
Add two nats-server issues (one covering as well in nkeys)
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 2af79953c5..5b3e0d8516 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,16 @@ +CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption] + - golang-github-nats-io-nkeys <unfixed> + [bookworm] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present) + [bullseye] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present) + [buster] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present) + - nats-server <unfixed> + [bookworm] - nats-server <not-affected> (Vulnerable code not present) + NOTE: https://advisories.nats.io/CVE/secnote-2023-02.txt + NOTE: https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9 +CVE-2023-XXXX [Adding accounts for just the system account adds auth bypass] + - nats-server 2.10.3-1 + NOTE: https://advisories.nats.io/CVE/secnote-2023-01.txt + NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23 CVE-2023-5056 NOT-FOR-US: Skupper CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom location with ...) |