[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 16 08:37:59 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6e43e84 by Salvatore Bonaccorso at 2022-11-16T09:37:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,15 +11,15 @@ CVE-2022-4008
 CVE-2022-4007
 	RESERVED
 CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2022-4005
 	RESERVED
 CVE-2022-4004
 	RESERVED
 CVE-2021-4241 (A vulnerability, which was classified as problematic, was found in php ...)
-	TODO: check
+	NOT-FOR-US: phpservermon
 CVE-2021-4240 (A vulnerability, which was classified as problematic, was found in php ...)
-	TODO: check
+	NOT-FOR-US: phpservermon
 CVE-2022-45442
 	RESERVED
 CVE-2022-45441
@@ -417,51 +417,51 @@ CVE-2022-45403
 CVE-2022-45402 (In Apache Airflow versions prior to 2.4.3, there was an open redirect  ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-45401 (Jenkins Associated Files Plugin 0.2.1 and earlier does not escape name ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Associated Files Plugin
 CVE-2022-45400 (Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser ...)
-	TODO: check
+	NOT-FOR-US: Jenkins JAPEX Plugin
 CVE-2022-45399 (A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Cluster Statistics Plugin
 CVE-2022-45398 (A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster S ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Cluster Statistics Plugin
 CVE-2022-45397 (Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does ...)
-	TODO: check
+	NOT-FOR-US: Jenkins OSF Builder Suite : : XML Linter Plugin
 CVE-2022-45396 (Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XM ...)
-	TODO: check
+	NOT-FOR-US: Jenkins SourceMonitor Plugin
 CVE-2022-45395 (Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins CCCC Plugin
 CVE-2022-45394 (A missing permission check in Jenkins Delete log Plugin 1.0 and earlie ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Delete log Plugin
 CVE-2022-45393 (A cross-site request forgery (CSRF) vulnerability in Jenkins Delete lo ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Delete log Plugin
 CVE-2022-45392 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and e ...)
-	TODO: check
+	NOT-FOR-US: Jenkins NS-ND Integration Performance Publisher Plugin
 CVE-2022-45391 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and e ...)
-	TODO: check
+	NOT-FOR-US: Jenkins NS-ND Integration Performance Publisher Plugin
 CVE-2022-45390 (A missing permission check in Jenkins loader.io Plugin 1.0.1 and earli ...)
-	TODO: check
+	NOT-FOR-US: Jenkins loader.io Plugin
 CVE-2022-45389 (A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier al ...)
-	TODO: check
+	NOT-FOR-US: Jenkins XP-Dev Plugin
 CVE-2022-45388 (Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a fi ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Config Rotator Plugin
 CVE-2022-45387 (Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed conte ...)
-	TODO: check
+	NOT-FOR-US: Jenkins BART Plugin
 CVE-2022-45386 (Jenkins Violations Plugin 0.7.11 and earlier does not configure its XM ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Violations Plugin
 CVE-2022-45385 (A missing permission check in Jenkins CloudBees Docker Hub/Registry No ...)
-	TODO: check
+	NOT-FOR-US: CloudBees Docker Hub/Registry Notification Plugin
 CVE-2022-45384 (Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP ma ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Reverse Proxy Auth Plugin
 CVE-2022-45383 (An incorrect permission check in Jenkins Support Core Plugin 1206.v140 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Support Core Plugin
 CVE-2022-45382 (Jenkins Naginator Plugin 1.18.1 and earlier does not escape display na ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Naginator Plugin
 CVE-2022-45381 (Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not rest ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Pipeline Utility Steps Plugin
 CVE-2022-45380 (Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S)  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins JUnit Plugin
 CVE-2022-45379 (Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier store ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2022-45378 (** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache ...)
 	NOT-FOR-US: Apache SOAP
 CVE-2022-45377



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e43e840c8c5279823dbdce3619ef694dafed76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e43e840c8c5279823dbdce3619ef694dafed76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221116/972c27b1/attachment.htm>

More information about the debian-security-tracker-commits mailing list