[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-38698, CVE-2021-41803, CVE-2022-24687 and

Tue May 2 21:16:24 BST 2023


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82bb5580 by Abhijith PA at 2023-05-03T01:44:06+05:30
Mark CVE-2021-38698, CVE-2021-41803, CVE-2022-24687 and
CVE-2022-40716 as not affected.

Add commit reference for CVE-2022-24687 with upstream tag.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52696,6 +52696,7 @@ CVE-2022-40717 (This vulnerability allows network-adjacent attackers to execute
 	NOT-FOR-US: D-Link
 CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...)
 	- consul <unfixed> (bug #1027161)
+	[buster] - consul <not-affected> (Vulnerable Code not present)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
 	NOTE: https://github.com/hashicorp/consul/commit/ae822d752ad36007e353249691a0ef318cf55d08 (v1.11.9)
 CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...)
@@ -98178,7 +98179,9 @@ CVE-2022-24688 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5.
 	NOT-FOR-US: DSK DSKNet
 CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, a ...)
 	- consul <unfixed> (bug #1006487)
+	[buster] - consul <not-affected> (Vulnerable Code not present)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/
+	NOTE: https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a (1.9.15)
 CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...)
 	- nomad <unfixed> (bug #1021273)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
@@ -123883,6 +123886,7 @@ CVE-2021-41804
 	RESERVED
 CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ...)
 	- consul <unfixed> (bug #1034841)
+	[buster] - consul <not-affected> (Vulnerable Code not present)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
 	NOTE: https://github.com/hashicorp/consul/commit/34872682e44f6e7e6359c88bf9e333fa1002a99b (v1.11.9)
 CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...)
@@ -131684,7 +131688,7 @@ CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin
 CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...)
 	- consul 1.8.7+dfsg1-6 (bug #1015218)
 	[bullseye] - consul <no-dsa> (Minor issue)
-	[buster] - consul <no-dsa> (Minor issue)
+	[buster] - consul <not-affected> (Vulnerable code not present)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
 	NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15)
 CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82bb558032826c53ec6e6272ff0fdc41103bdc06

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82bb558032826c53ec6e6272ff0fdc41103bdc06
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230502/d5aa3f0b/attachment-0001.htm>
