[Git][security-tracker-team/security-tracker][master] Add two new nomad issues

Fri Jul 21 13:38:18 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76f9e294 by Salvatore Bonaccorso at 2023-07-21T14:37:51+02:00
Add two new nomad issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -149,11 +149,13 @@ CVE-2023-3782 (DoS of the OkHttp client when using a BrotliInterceptor and surfi
 CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP ...)
-	TODO: check
+	- nomad <unfixed>
+	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272
 CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies ...)
 	TODO: check
 CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL  ...)
-	TODO: check
+	- nomad <unfixed>
+	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270
 CVE-2023-37362 (Weintek Weincloud v0.13.6     could allow an attacker to abuse the reg ...)
 	NOT-FOR-US: Weincloud
 CVE-2023-37289 (It is identified a vulnerability of Unrestricted Upload of File with D ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76f9e294617cfce5b6fe14a4218d7c6e8bda6013

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76f9e294617cfce5b6fe14a4218d7c6e8bda6013
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230721/ac555dbf/attachment.htm>
