[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-37154 as unimportant for monitoring-plugins

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6911a46e by Salvatore Bonaccorso at 2023-08-25T20:39:41+02:00
Mark CVE-2023-37154 as unimportant for monitoring-plugins

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6330,8 +6330,11 @@ CVE-2023-37392 (Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand
 CVE-2023-37277 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2023-37154
-	- monitoring-plugins <unfixed>
+	- monitoring-plugins <unfixed> (unimportant)
 	NOTE: Fix in nagios-plugins project: https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6
+	NOTE: monitoring-plugins upstream does not plan to make an upstream change similar to
+	NOTE: nagios-plugins because there are valid usecases to execute stuff locally via
+	NOTE: check_by_ssh (although not commonly known and used).
 CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: KodExplorer
 CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows unauthenticated us ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6911a46e2167f7ac3ffee3ebca5b74d5668e3d8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6911a46e2167f7ac3ffee3ebca5b74d5668e3d8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230825/1274b34b/attachment.htm>