[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 22 21:36:26 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b111ac86 by Salvatore Bonaccorso at 2022-06-22T22:36:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,7 +62,7 @@ CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace Sam
 CVE-2022-34297
 	RESERVED
 CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be bypasse ...)
-	TODO: check
+	NOT-FOR-US: Zalando Skipper
 CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
 	TODO: check
 CVE-2022-34294
@@ -126,7 +126,7 @@ CVE-2022-2176
 CVE-2022-2175
 	RESERVED
 CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
-	TODO: check
+	NOT-FOR-US: microweber
 CVE-2022-2173
 	RESERVED
 CVE-2022-2172
@@ -256,81 +256,81 @@ CVE-2022-34215
 CVE-2022-34214
 	RESERVED
 CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34211 (A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34210 (A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earli ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34209 (A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34208 (A missing permission check in Jenkins Beaker builder Plugin 1.10 and e ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker bu ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34206 (A missing permission check in Jenkins Jianliao Notification Plugin 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34205 (A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34204 (A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier al ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34203 (A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Pl ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34202 (Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypte ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34201 (A missing permission check in Jenkins Convertigo Mobile Platform Plugi ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Convertig ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34199 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passw ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34198 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escap ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34197 (Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the na ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34196 (Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape t ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34195 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34194 (Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape th ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34193 (Jenkins Package Version Plugin 1.0.1 and earlier does not escape the n ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34192 (Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the n ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34191 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and ea ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34190 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and ear ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34189 (Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape th ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34188 (Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34187 (Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not es ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34186 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier doe ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34185 (Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the na ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34184 (Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not e ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34183 (Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34182 (Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34181 (Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controll ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34180 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not corr ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34179 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specif ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34178 (Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34177 (Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier a ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34176 (Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-34175 (Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some  ...)
 	TODO: check
 CVE-2022-34174 (In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b111ac867a67e143baf9b8b687c719d434560509

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b111ac867a67e143baf9b8b687c719d434560509
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220622/bef78172/attachment.htm>

More information about the debian-security-tracker-commits mailing list