[Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA rule for WSO2

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 23 09:10:23 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63fff59c by Moritz Muehlenhoff at 2025-05-23T10:09:09+02:00
auto-nfu: Add CNA rule for WSO2

These are all FLOSS, but none are packaged in Debian.

Total CVEs from WSO2: 14
Total CVEs from WSO2 with packages assigned: 0

Scope: WSO2 products and services scoped under Responsible Disclosure
Program
https://security.docs.wso2.com/en/latest/security-reporting/reward-and-acknowledgement-program/#products-services-in-scope.

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -142,13 +142,13 @@ CVE-2024-9639 (Remote Code Execution vulnerabilities are present in ASPECT if se
 CVE-2024-9544 (The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7487 (An improper authentication vulnerability exists in WSO2 Identity Serve ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2024-7103 (A reflected cross-site scripting (XSS) vulnerability exists in the sub ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2024-6914 (An incorrect authorization vulnerability exists in multiple WSO2 produ ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2024-5962 (A reflected cross-site scripting (XSS) vulnerability exists in the aut ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2024-54188 (Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authe ...)
 	NOT-FOR-US: Infoblox NETMRI
 CVE-2024-52874 (In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL i ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -173,6 +173,8 @@
   cna: Wordfence
 - reason: WordPress plugin
   cna: WPScan
+- reason: WSO2
+  cna: WSO2
 - reason: Xerox
   cna: Xerox
 - reason: Xiaomi



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63fff59ceb38c466efea87b2bf53a835ae76d5e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63fff59ceb38c466efea87b2bf53a835ae76d5e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250523/3c3dc354/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list