opensuse-su-2023:0064-1
Vulnerability from csaf_opensuse
Published
2023-03-05 19:03
Modified
2023-03-05 19:03
Summary
Security update for trivy
Notes
Title of the patch
Security update for trivy
Description of the patch
This update for trivy fixes the following issues:
Update to version 0.37.3 (boo#1208091, CVE-2023-25165):
* chore(helm): update Trivy from v0.36.1 to v0.37.2 (#3574)
* ci: quote pros in c++ for semantic pr (#3605)
* fix(image): check proxy settings from env for remote images (#3604)
Update to version 0.37.2:
* BREAKING: use normalized trivy-java-db (#3583)
* fix(image): add timeout for remote images (#3582)
* fix(misconf): handle dot files better (#3550)
Update to version 0.37.1:
* fix(sbom): download the Java DB when generating SBOM (#3539)
* fix: use cgo free sqlite driver (#3521)
* ci: fix path to dist folder (#3527)
Update to version 0.37.0:
* fix(image): close layers (#3517)
* refactor: db client changed (#3515)
* feat(java): use trivy-java-db to get GAV (#3484)
* docs: add note about the limitation in Rekor (#3494)
* docs: aggregate targets (#3503)
* deps: updates wazero to 1.0.0-pre.8 (#3510)
* docs: add alma 9 and rocky 9 to supported os (#3513)
* chore: add missing target labels (#3504)
* docs: add java vulnerability page (#3429)
* feat(image): add support for Docker CIS Benchmark (#3496)
* feat(image): secret scanning on container image config (#3495)
* chore(deps): Upgrade defsec to v0.82.8 (#3488)
* feat(image): scan misconfigurations in image config (#3437)
* chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489)
* feat(k8s): add node info resource (#3482)
* perf(secret): optimize secret scanning memory usage (#3453)
* feat: support aliases in CLI flag, env and config (#3481)
* fix(k8s): migrate rbac k8s (#3459)
* feat(java): add implementationVendor and specificationVendor fields to detect GroupID from MANIFEST.MF (#3480)
* refactor: rename security-checks to scanners (#3467)
* chore: display the troubleshooting URL for the DB denial error (#3474)
* docs: yaml tabs to spaces, auto create namespace (#3469)
* docs: adding show-and-tell template to GH discussions (#3391)
* fix: Fix a temporary file leak in case of error (#3465)
* fix(test): sort cyclonedx components (#3468)
* docs: fixing spelling mistakes (#3462)
* ci: set paths triggering VM tests in PR (#3438)
* docs: typo in --skip-files (#3454)
* feat(custom-forward): Extended advisory data (#3444)
* docs: fix spelling error (#3436)
* refactor(image): extend image config analyzer (#3434)
* fix(nodejs): add ignore protocols to yarn parser (#3433)
* fix(db): check proxy settings when using insecure flag (#3435)
* feat(misconf): Fetch policies from OCI registry (#3015)
* ci: downgrade Go to 1.18 and use stable and oldstable go versions for unit tests (#3413)
* ci: store URLs to Github Releases in RPM repository (#3414)
* feat(server): add support of `skip-db-update` flag for hot db update (#3416)
* fix(image): handle wrong empty layer detection (#3375)
* test: fix integration tests for spdx and cycloneDX (#3412)
* feat(python): Include Conda packages in SBOMs (#3379)
* feat: add support pubspec.lock files for dart (#3344)
* fix(image): parsePlatform is failing with UNAUTHORIZED error (#3326)
* fix(license): change normalize for GPL-3+-WITH-BISON-EXCEPTION (#3405)
* feat(server): log errors on server side (#3397)
* docs: rewrite installation docs and general improvements (#3368)
* chore: update code owners (#3393)
* chore: test docs separately from code (#3392)
* docs: use the formula maintained by Homebrew (#3389)
* docs: add `Security Management` section with SonarQube plugin
Update to version 0.36.1:
* fix(deps): fix errors on yarn.lock files that contain local file reference (#3384)
* feat(flag): early fail when the format is invalid (#3370)
* docs(aws): fix broken links (#3374)
Update to version 0.36.0:
* docs: improve compliance docs (#3340)
* feat(deps): add yarn lock dependency tree (#3348)
* fix: compliance change id and title naming (#3349)
* feat: add support for mix.lock files for elixir language (#3328)
* feat: add k8s cis bench (#3315)
* test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322)
* revert: cache merged layers (#3334)
* feat(cyclonedx): add recommendation (#3336)
* feat(ubuntu): added support ubuntu ESM versions (#1893)
* fix: change logic to build relative paths for skip-dirs and skip-files (#3331)
* feat: Adding support for Windows testing (#3037)
* feat: add support for Alpine 3.17 (#3319)
* docs: change PodFile.lock to Podfile.lock (#3318)
* fix(sbom): support for the detection of old CycloneDX predicate type (#3316)
* feat(secret): Use .trivyignore for filtering secret scanning result (#3312)
* chore(go): remove experimental FS API usage in Wasm (#3299)
* ci: add workflow to add issues to roadmap project (#3292)
* fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275)
* feat(sbom): better support for third-party SBOMs (#3262)
* docs: add information about languages with support for dependency locations (#3306)
* feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284)
* fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255)
* docs: remove comparisons (#3289)
* feat: add support for Wolfi Linux (#3215)
* ci: add go.mod to canary workflow (#3288)
* feat(python): skip dev dependencies (#3282)
* chore: update ubuntu version for Github action runnners (#3257)
* fix(go): skip dep without Path for go-binaries (#3254)
* feat(rust): add ID for cargo pgks (#3256)
* feat: add support for swift cocoapods lock files (#2956)
* fix(sbom): use proper constants (#3286)
* test(vm): import relevant analyzers (#3285)
* feat: support scan remote repository (#3131)
* docs: fix typo in fluxcd (#3268)
* docs: fix broken 'ecosystem' link in readme (#3280)
* feat(misconf): Add compliance check support (#3130)
* docs: Adding Concourse resource for trivy (#3224)
* chore(deps): change golang from 1.19.2 to 1.19 (#3249)
* fix(sbom): duplicate dependson (#3261)
* chore(go): updates wazero to 1.0.0-pre.4 (#3242)
* feat(report): add dependency locations to sarif format (#3210)
* fix(rpm): add rocky to osVendors (#3241)
* docs: fix a typo (#3236)
* feat(dotnet): add dependency parsing for nuget lock files (#3222)
* docs: add pre-commit hook to community tools (#3203)
* feat(helm): pass arbitrary env vars to trivy (#3208)
Update to version 0.35.0:
* chore(vm): update xfs filesystem parser for change log (#3230)
* feat: add virtual machine scan command (#2910)
* docs: reorganize index and readme (#3026)
* fix: `slowSizeThreshold` should be less than `defaultSizeThreshold` (#3225)
* feat: Export functions for trivy plugin (#3204)
* feat(image): add support wildcard for platform os (#3196)
* fix: load compliance report from file system (#3161)
* fix(suse): use package name to get advisories (#3199)
* docs(image): space issues during image scan (#3190)
* feat(containerd): scan image by digest (#3075)
* fix(vuln): add package name to title (#3183)
* fix: present control status instead of compliance percentage in compliance report (#3181)
* perf(license): remove go-enry/go-license-detector. (#3187)
* fix: workdir command as empty layer (#3087)
* docs: reorganize ecosystem section (#3025)
* feat(dotnet): add support dependency location for dotnet-core files (#3095)
* feat(dotnet): add support dependency location for nuget lock files (#3032)
* chore: update code owners for misconfigurations (#3176)
* feat: add slow mode (#3084)
* docs: fix typo in enable-builin-rules mentions (#3118)
* feat: Add maintainer field to OS packages (#3149)
* docs: fix some typo (#3171)
* docs: fix links on Built-in Policies page (#3124)
* fix: Perform filepath.Clean first and then filepath.ToSlash for skipFile/skipDirs settings (#3144)
* chore: use newline for semantic pr (#3172)
* fix(spdx): rename describes field in spdx (#3102)
* chore: handle GOPATH with several paths in make file (#3092)
* docs(flag): add 'rego' configuration file options (#3165)
* chore(go): updates wazero to 1.0.0-pre.3 (#3090)
* docs(license): fix typo inside quick start (#3134)
* chore: update codeowners for docs (#3135)
* fix(cli): exclude --compliance flag from non supported sub-commands (#3158)
* fix: remove --security-checks none from image help (#3156)
* fix: compliance flag description (#3160)
* docs(k8s): fix a typo (#3163)
Update to version 0.34.0:
* feat(vuln): support dependency graph for RHEL/CentOS (#3094)
* feat(vuln): support dependency graph for dpkg and apk (#3093)
* perf(license): enable license classifier only with '--license-full' (#3086)
* feat(report): add secret scanning to ASFF template (#2860)
* feat: Allow override of containerd namespace (#3060)
* fix(vuln): In alpine use Name as SrcName (#3079)
* fix(secret): Alibaba AccessKey ID (#3083)
Update to version 0.33.0:
* refactor(k8s): custom reports (#3076)
* fix(misconf): Bump in-toto-golang with correct CycloneDX predicate (#3068)
* feat(image): add support for passing architecture and OS (#3012)
* test: disable containerd integration tests for non-amd64 arch (#3073)
* feat(server): Add support for client/server mode to rootfs command (#3021)
* feat(vuln): support non-packaged binaries (#3019)
* feat: compliance reports (#2951)
* fix(flag): disable flag parsing for each plugin command (#3074)
* feat(nodejs): add support dependency location for yarn.lock files (#3016)
* chore: Switch github.com/liamg dependencies to github.com/aquasecurity (#3069)
* feat: add k8s components (#2589)
* fix(secret): update the regex for secrets scanning (#2964)
* fix: bump trivy-kubernetes (#3064)
* docs: fix missing 'image' subcommand (#3051)
* chore: Patch golang x/text vulnerability (#3046)
* chore: add licensed project logo (#3058)
* feat(ubuntu): set Ubuntu 22.10 EOL (#3054)
* refactor(analyzer): use strings.TrimSuffix instead of strings.HasSuffix (#3028)
* feat(report): Use understandable value for shortDescription in SARIF reports (#3009)
* docs(misconf): fix typo (#3043)
* feat: add support for scanning azure ARM (#3011)
* feat(report): add location.message to SARIF output (#3002) (#3003)
* feat(nodejs): add dependency line numbers for npm lock files (#2932)
* test(fs): add `--skip-files`, `--skip-dirs` (#2984)
* docs: add Woodpecker CI integrations example (#2823)
* fix(sbom): ref generation if serialNumber is empty when input is cyclonedx file (#3000)
* fix(java): don't stop parsing jar file when wrong inner jar is found (#2989)
* fix(sbom): use nuget purl type for dotnet-core (#2990)
* perf: retrieve rekor entries in bulk (#2987)
* feat(aws): Custom rego policies for AWS scanning (#2994)
* docs: jq cli formatting (#2881)
* docs(repo): troubleshooting $TMPDIR customization (#2985)
* chore: run `go fmt` (#2897)
* chore(go): updates wazero to 1.0.0-pre.2 (#2955)
* fix(aws): Less function for slice sorting always returns false #2967
* fix(java): fix unmarshal pom exclusions (#2936)
Update to version 0.32.1:
* fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943)
* chore: expat lib and go binary deps vulns (#2940)
* wasm: Removes accidentally exported memory (#2950)
* fix(sbom): fix package name separation for gradle (#2906)
* docs(readme.md): fix broken integrations link (#2931)
* fix(image): handle images with single layer in rescan mergedLayers cache (#2927)
* fix(cli): split env values with ',' for slice flags (#2926)
* fix(cli): config/helm: also take into account files with `.yml` (#2928)
* fix(flag): add file-patterns flag for config subcommand (#2925)
Update to version 0.32.0:
* docs: add Rekor SBOM attestation scanning (#2893)
* chore: narrow the owner scope (#2894)
* fix: remove a patch number from the recommendation link (#2891)
* fix: enable parsing of UUID-only rekor entry ID (#2887)
* docs(sbom): add SPDX scanning (#2885)
* docs: restructure docs and add tutorials (#2883)
* feat(sbom): scan sbom attestation in the rekor record (#2699)
* feat(k8s): support outdated-api (#2877)
* fix(c): support revisions in Conan parser (#2878)
* feat: dynamic links support for scan results (#2838)
* docs: update archlinux commands (#2876)
* feat(secret): add line from dockerfile where secret was added to secret result (#2780)
* feat(sbom): Add unmarshal for spdx (#2868)
* fix: revert asff arn and add documentation (#2852)
* docs: batch-import-findings limit (#2851)
* feat(sbom): Add marshal for spdx (#2867)
* build: checkout before setting up Go (#2873)
* docs: azure doc and trivy (#2869)
* fix: Scan tarr'd dependencies (#2857)
* chore(helm): helm test with ingress (#2630)
* feat(report): add secrets to sarif format (#2820)
* refactor: add a new interface for initializing analyzers (#2835)
* fix: update ProductArn with account id (#2782)
* feat(helm): make cache TTL configurable (#2798)
* build(): Sign releaser artifacts, not only container manifests (#2789)
* chore: improve doc about azure devops (#2795)
* docs: don't push patch versions (#2824)
* feat: add support for conan.lock file (#2779)
* feat: cache merged layers
* feat: add support for gradle.lockfile (#2759)
* feat: move file patterns to a global level to be able to use it on any analyzer (#2539)
* Fix url validaton failures (#2783)
* fix(image): add logic to detect empty layers (#2790)
* feat(rust): add dependency graph from Rust binaries (#2771)
Update to version 0.31.3:
* fix: handle empty OS family (#2768)
* fix: fix k8s summary report (#2777)
* fix: don't skip packages that don't contain vulns, when using --list-all-pkgs flag (#2767)
* chore: bump trivy-kubernetes (#2770)
* fix(secret): Consider secrets in rpc calls (#2753)
* fix(java): check depManagement from upper pom's (#2747)
* fix(php): skip `composer.lock` inside `vendor` folder (#2718)
* fix: fix k8s rbac filter (#2765)
* feat(misconf): skipping misconfigurations by AVD ID (#2743)
* chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741)
* docs: add MacPorts install instructions (#2727)
* docs: typo (#2730)
Update to version 0.31.2:
* fix: Correctly handle recoverable AWS scanning errors (#2726)
* docs: Remove reference to SecurityAudit policy for AWS scanning (#2721)
Update to version 0.31.1:
* fix: upgrade defsec to v0.71.7 for elb scan panic (#2720)
Update to version 0.31.0:
* fix(flag): add error when there are no supported security checks (#2713)
* fix(vuln): continue scanning when no vuln found in the first application (#2712)
* revert: add new classes for vulnerabilities (#2701)
* feat(secret): detect secrets removed or overwritten in upper layer (#2611)
* fix(cli): secret scanning perf link fix (#2607)
* chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650)
* feat: Add AWS Cloud scanning (#2493)
* docs: specify the type when verifying an attestation (#2697)
* docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690)
* fix(rpc): scanResponse rpc conversion for custom resources (#2692)
* feat(rust): Add support for cargo-auditable (#2675)
* feat: Support passing value overrides for configuration checks (#2679)
* feat(sbom): add support for scanning a sbom attestation (#2652)
* chore(image): skip symlinks and hardlinks from tar scan (#2634)
* fix(report): Update junit.tpl (#2677)
* fix(cyclonedx): add nil check to metadata.component (#2673)
* docs(secret): fix missing and broken links (#2674)
* refactor(cyclonedx): implement json.Unmarshaler (#2662)
* feat(kubernetes): add option to specify kubeconfig file path (#2576)
* docs: follow Debian's 'instructions to connect to a third-party repository' (#2511)
* feat(alma): set AlmaLinux 9 EOL (#2653)
* fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636)
* test(misconf): add tests for misconf handler for dockerfiles (#2621)
* feat(oracle): set Oracle Linux 9 EOL (#2635)
* BREAKING: add new classes for vulnerabilities (#2541)
* fix(secret): add newline escaping for asymmetric private key (#2532)
* docs: improve formatting (#2572)
* feat(helm): allows users to define an existing secret for tokens (#2587)
* docs(mariner): use tdnf in fs usage example (#2616)
* docs: remove unnecessary double quotation marks (#2609)
* fix: Fix --file-patterns flag (#2625)
* feat(report): add support for Cosign vulnerability attestation (#2567)
* docs(mariner): use v2.0 in examples (#2602)
* feat(report): add secrets template for codequality report (#2461)
Patchnames
openSUSE-2023-64
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for trivy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for trivy fixes the following issues:\n\nUpdate to version 0.37.3 (boo#1208091, CVE-2023-25165):\n\n* chore(helm): update Trivy from v0.36.1 to v0.37.2 (#3574)\n* ci: quote pros in c++ for semantic pr (#3605)\n* fix(image): check proxy settings from env for remote images (#3604)\n\nUpdate to version 0.37.2:\n\n* BREAKING: use normalized trivy-java-db (#3583)\n* fix(image): add timeout for remote images (#3582)\n* fix(misconf): handle dot files better (#3550)\n\nUpdate to version 0.37.1:\n\n* fix(sbom): download the Java DB when generating SBOM (#3539)\n* fix: use cgo free sqlite driver (#3521)\n* ci: fix path to dist folder (#3527)\n\nUpdate to version 0.37.0:\n\n* fix(image): close layers (#3517)\n* refactor: db client changed (#3515)\n* feat(java): use trivy-java-db to get GAV (#3484)\n* docs: add note about the limitation in Rekor (#3494)\n* docs: aggregate targets (#3503)\n* deps: updates wazero to 1.0.0-pre.8 (#3510)\n* docs: add alma 9 and rocky 9 to supported os (#3513)\n* chore: add missing target labels (#3504)\n* docs: add java vulnerability page (#3429)\n* feat(image): add support for Docker CIS Benchmark (#3496)\n* feat(image): secret scanning on container image config (#3495)\n* chore(deps): Upgrade defsec to v0.82.8 (#3488)\n* feat(image): scan misconfigurations in image config (#3437)\n* chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489)\n* feat(k8s): add node info resource (#3482)\n* perf(secret): optimize secret scanning memory usage (#3453)\n* feat: support aliases in CLI flag, env and config (#3481)\n* fix(k8s): migrate rbac k8s (#3459)\n* feat(java): add implementationVendor and specificationVendor fields to detect GroupID from MANIFEST.MF (#3480)\n* refactor: rename security-checks to scanners (#3467)\n* chore: display the troubleshooting URL for the DB denial error (#3474)\n* docs: yaml tabs to spaces, auto create namespace (#3469)\n* docs: adding show-and-tell template to GH discussions (#3391)\n* fix: Fix a temporary file leak in case of error (#3465)\n* fix(test): sort cyclonedx components (#3468)\n* docs: fixing spelling mistakes (#3462)\n* ci: set paths triggering VM tests in PR (#3438)\n* docs: typo in --skip-files (#3454)\n* feat(custom-forward): Extended advisory data (#3444)\n* docs: fix spelling error (#3436)\n* refactor(image): extend image config analyzer (#3434)\n* fix(nodejs): add ignore protocols to yarn parser (#3433)\n* fix(db): check proxy settings when using insecure flag (#3435)\n* feat(misconf): Fetch policies from OCI registry (#3015)\n* ci: downgrade Go to 1.18 and use stable and oldstable go versions for unit tests (#3413)\n* ci: store URLs to Github Releases in RPM repository (#3414)\n* feat(server): add support of `skip-db-update` flag for hot db update (#3416)\n* fix(image): handle wrong empty layer detection (#3375)\n* test: fix integration tests for spdx and cycloneDX (#3412)\n* feat(python): Include Conda packages in SBOMs (#3379)\n* feat: add support pubspec.lock files for dart (#3344)\n* fix(image): parsePlatform is failing with UNAUTHORIZED error (#3326)\n* fix(license): change normalize for GPL-3+-WITH-BISON-EXCEPTION (#3405)\n* feat(server): log errors on server side (#3397)\n* docs: rewrite installation docs and general improvements (#3368)\n* chore: update code owners (#3393)\n* chore: test docs separately from code (#3392)\n* docs: use the formula maintained by Homebrew (#3389)\n* docs: add `Security Management` section with SonarQube plugin\n\nUpdate to version 0.36.1:\n\n* fix(deps): fix errors on yarn.lock files that contain local file reference (#3384)\n* feat(flag): early fail when the format is invalid (#3370)\n* docs(aws): fix broken links (#3374)\n\nUpdate to version 0.36.0:\n\n* docs: improve compliance docs (#3340)\n* feat(deps): add yarn lock dependency tree (#3348)\n* fix: compliance change id and title naming (#3349)\n* feat: add support for mix.lock files for elixir language (#3328)\n* feat: add k8s cis bench (#3315)\n* test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322)\n* revert: cache merged layers (#3334)\n* feat(cyclonedx): add recommendation (#3336)\n* feat(ubuntu): added support ubuntu ESM versions (#1893)\n* fix: change logic to build relative paths for skip-dirs and skip-files (#3331)\n* feat: Adding support for Windows testing (#3037)\n* feat: add support for Alpine 3.17 (#3319)\n* docs: change PodFile.lock to Podfile.lock (#3318)\n* fix(sbom): support for the detection of old CycloneDX predicate type (#3316)\n* feat(secret): Use .trivyignore for filtering secret scanning result (#3312)\n* chore(go): remove experimental FS API usage in Wasm (#3299)\n* ci: add workflow to add issues to roadmap project (#3292)\n* fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275)\n* feat(sbom): better support for third-party SBOMs (#3262)\n* docs: add information about languages with support for dependency locations (#3306)\n* feat(vm): add `region` option to vm scan to be able to scan any region\u0027s ami and ebs snapshots (#3284)\n* fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255)\n* docs: remove comparisons (#3289)\n* feat: add support for Wolfi Linux (#3215)\n* ci: add go.mod to canary workflow (#3288)\n* feat(python): skip dev dependencies (#3282)\n* chore: update ubuntu version for Github action runnners (#3257)\n* fix(go): skip dep without Path for go-binaries (#3254)\n* feat(rust): add ID for cargo pgks (#3256)\n* feat: add support for swift cocoapods lock files (#2956)\n* fix(sbom): use proper constants (#3286)\n* test(vm): import relevant analyzers (#3285)\n* feat: support scan remote repository (#3131)\n* docs: fix typo in fluxcd (#3268)\n* docs: fix broken \u0027ecosystem\u0027 link in readme (#3280)\n* feat(misconf): Add compliance check support (#3130)\n* docs: Adding Concourse resource for trivy (#3224)\n* chore(deps): change golang from 1.19.2 to 1.19 (#3249)\n* fix(sbom): duplicate dependson (#3261)\n* chore(go): updates wazero to 1.0.0-pre.4 (#3242)\n* feat(report): add dependency locations to sarif format (#3210)\n* fix(rpm): add rocky to osVendors (#3241)\n* docs: fix a typo (#3236)\n* feat(dotnet): add dependency parsing for nuget lock files (#3222)\n* docs: add pre-commit hook to community tools (#3203)\n* feat(helm): pass arbitrary env vars to trivy (#3208)\n\nUpdate to version 0.35.0:\n\n* chore(vm): update xfs filesystem parser for change log (#3230)\n* feat: add virtual machine scan command (#2910)\n* docs: reorganize index and readme (#3026)\n* fix: `slowSizeThreshold` should be less than `defaultSizeThreshold` (#3225)\n* feat: Export functions for trivy plugin (#3204)\n* feat(image): add support wildcard for platform os (#3196)\n* fix: load compliance report from file system (#3161)\n* fix(suse): use package name to get advisories (#3199)\n* docs(image): space issues during image scan (#3190)\n* feat(containerd): scan image by digest (#3075)\n* fix(vuln): add package name to title (#3183)\n* fix: present control status instead of compliance percentage in compliance report (#3181)\n* perf(license): remove go-enry/go-license-detector. (#3187)\n* fix: workdir command as empty layer (#3087)\n* docs: reorganize ecosystem section (#3025)\n* feat(dotnet): add support dependency location for dotnet-core files (#3095)\n* feat(dotnet): add support dependency location for nuget lock files (#3032)\n* chore: update code owners for misconfigurations (#3176)\n* feat: add slow mode (#3084)\n* docs: fix typo in enable-builin-rules mentions (#3118)\n* feat: Add maintainer field to OS packages (#3149)\n* docs: fix some typo (#3171)\n* docs: fix links on Built-in Policies page (#3124)\n* fix: Perform filepath.Clean first and then filepath.ToSlash for skipFile/skipDirs settings (#3144)\n* chore: use newline for semantic pr (#3172)\n* fix(spdx): rename describes field in spdx (#3102)\n* chore: handle GOPATH with several paths in make file (#3092)\n* docs(flag): add \u0027rego\u0027 configuration file options (#3165)\n* chore(go): updates wazero to 1.0.0-pre.3 (#3090)\n* docs(license): fix typo inside quick start (#3134)\n* chore: update codeowners for docs (#3135)\n* fix(cli): exclude --compliance flag from non supported sub-commands (#3158)\n* fix: remove --security-checks none from image help (#3156)\n* fix: compliance flag description (#3160)\n* docs(k8s): fix a typo (#3163)\n\nUpdate to version 0.34.0:\n\n* feat(vuln): support dependency graph for RHEL/CentOS (#3094)\n* feat(vuln): support dependency graph for dpkg and apk (#3093)\n* perf(license): enable license classifier only with \u0027--license-full\u0027 (#3086)\n* feat(report): add secret scanning to ASFF template (#2860)\n* feat: Allow override of containerd namespace (#3060)\n* fix(vuln): In alpine use Name as SrcName (#3079)\n* fix(secret): Alibaba AccessKey ID (#3083)\n\nUpdate to version 0.33.0:\n\n* refactor(k8s): custom reports (#3076)\n* fix(misconf): Bump in-toto-golang with correct CycloneDX predicate (#3068)\n* feat(image): add support for passing architecture and OS (#3012)\n* test: disable containerd integration tests for non-amd64 arch (#3073)\n* feat(server): Add support for client/server mode to rootfs command (#3021)\n* feat(vuln): support non-packaged binaries (#3019)\n* feat: compliance reports (#2951)\n* fix(flag): disable flag parsing for each plugin command (#3074)\n* feat(nodejs): add support dependency location for yarn.lock files (#3016)\n* chore: Switch github.com/liamg dependencies to github.com/aquasecurity (#3069)\n* feat: add k8s components (#2589)\n* fix(secret): update the regex for secrets scanning (#2964)\n* fix: bump trivy-kubernetes (#3064)\n* docs: fix missing \u0027image\u0027 subcommand (#3051)\n* chore: Patch golang x/text vulnerability (#3046)\n* chore: add licensed project logo (#3058)\n* feat(ubuntu): set Ubuntu 22.10 EOL (#3054)\n* refactor(analyzer): use strings.TrimSuffix instead of strings.HasSuffix (#3028)\n* feat(report): Use understandable value for shortDescription in SARIF reports (#3009)\n* docs(misconf): fix typo (#3043)\n* feat: add support for scanning azure ARM (#3011)\n* feat(report): add location.message to SARIF output (#3002) (#3003)\n* feat(nodejs): add dependency line numbers for npm lock files (#2932)\n* test(fs): add `--skip-files`, `--skip-dirs` (#2984)\n* docs: add Woodpecker CI integrations example (#2823)\n* fix(sbom): ref generation if serialNumber is empty when input is cyclonedx file (#3000)\n* fix(java): don\u0027t stop parsing jar file when wrong inner jar is found (#2989)\n* fix(sbom): use nuget purl type for dotnet-core (#2990)\n* perf: retrieve rekor entries in bulk (#2987)\n* feat(aws): Custom rego policies for AWS scanning (#2994)\n* docs: jq cli formatting (#2881)\n* docs(repo): troubleshooting $TMPDIR customization (#2985)\n* chore: run `go fmt` (#2897)\n* chore(go): updates wazero to 1.0.0-pre.2 (#2955)\n* fix(aws): Less function for slice sorting always returns false #2967\n* fix(java): fix unmarshal pom exclusions (#2936)\n\nUpdate to version 0.32.1:\n\n* fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943)\n* chore: expat lib and go binary deps vulns (#2940)\n* wasm: Removes accidentally exported memory (#2950)\n* fix(sbom): fix package name separation for gradle (#2906)\n* docs(readme.md): fix broken integrations link (#2931)\n* fix(image): handle images with single layer in rescan mergedLayers cache (#2927)\n* fix(cli): split env values with \u0027,\u0027 for slice flags (#2926)\n* fix(cli): config/helm: also take into account files with `.yml` (#2928)\n* fix(flag): add file-patterns flag for config subcommand (#2925)\n\nUpdate to version 0.32.0:\n\n* docs: add Rekor SBOM attestation scanning (#2893)\n* chore: narrow the owner scope (#2894)\n* fix: remove a patch number from the recommendation link (#2891)\n* fix: enable parsing of UUID-only rekor entry ID (#2887)\n* docs(sbom): add SPDX scanning (#2885)\n* docs: restructure docs and add tutorials (#2883)\n* feat(sbom): scan sbom attestation in the rekor record (#2699)\n* feat(k8s): support outdated-api (#2877)\n* fix(c): support revisions in Conan parser (#2878)\n* feat: dynamic links support for scan results (#2838)\n* docs: update archlinux commands (#2876)\n* feat(secret): add line from dockerfile where secret was added to secret result (#2780)\n* feat(sbom): Add unmarshal for spdx (#2868)\n* fix: revert asff arn and add documentation (#2852)\n* docs: batch-import-findings limit (#2851)\n* feat(sbom): Add marshal for spdx (#2867)\n* build: checkout before setting up Go (#2873)\n* docs: azure doc and trivy (#2869)\n* fix: Scan tarr\u0027d dependencies (#2857)\n* chore(helm): helm test with ingress (#2630)\n* feat(report): add secrets to sarif format (#2820)\n* refactor: add a new interface for initializing analyzers (#2835)\n* fix: update ProductArn with account id (#2782)\n* feat(helm): make cache TTL configurable (#2798)\n* build(): Sign releaser artifacts, not only container manifests (#2789)\n* chore: improve doc about azure devops (#2795)\n* docs: don\u0027t push patch versions (#2824)\n* feat: add support for conan.lock file (#2779)\n* feat: cache merged layers\n* feat: add support for gradle.lockfile (#2759)\n* feat: move file patterns to a global level to be able to use it on any analyzer (#2539)\n* Fix url validaton failures (#2783)\n* fix(image): add logic to detect empty layers (#2790)\n* feat(rust): add dependency graph from Rust binaries (#2771)\n\nUpdate to version 0.31.3:\n\n* fix: handle empty OS family (#2768)\n* fix: fix k8s summary report (#2777)\n* fix: don\u0027t skip packages that don\u0027t contain vulns, when using --list-all-pkgs flag (#2767)\n* chore: bump trivy-kubernetes (#2770)\n* fix(secret): Consider secrets in rpc calls (#2753)\n* fix(java): check depManagement from upper pom\u0027s (#2747)\n* fix(php): skip `composer.lock` inside `vendor` folder (#2718)\n* fix: fix k8s rbac filter (#2765)\n* feat(misconf): skipping misconfigurations by AVD ID (#2743)\n* chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741)\n* docs: add MacPorts install instructions (#2727)\n* docs: typo (#2730)\n\nUpdate to version 0.31.2:\n\n* fix: Correctly handle recoverable AWS scanning errors (#2726)\n* docs: Remove reference to SecurityAudit policy for AWS scanning (#2721)\n\nUpdate to version 0.31.1:\n\n* fix: upgrade defsec to v0.71.7 for elb scan panic (#2720)\n\nUpdate to version 0.31.0:\n\n* fix(flag): add error when there are no supported security checks (#2713)\n* fix(vuln): continue scanning when no vuln found in the first application (#2712)\n* revert: add new classes for vulnerabilities (#2701)\n* feat(secret): detect secrets removed or overwritten in upper layer (#2611)\n* fix(cli): secret scanning perf link fix (#2607)\n* chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650)\n* feat: Add AWS Cloud scanning (#2493)\n* docs: specify the type when verifying an attestation (#2697)\n* docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690)\n* fix(rpc): scanResponse rpc conversion for custom resources (#2692)\n* feat(rust): Add support for cargo-auditable (#2675)\n* feat: Support passing value overrides for configuration checks (#2679)\n* feat(sbom): add support for scanning a sbom attestation (#2652)\n* chore(image): skip symlinks and hardlinks from tar scan (#2634)\n* fix(report): Update junit.tpl (#2677)\n* fix(cyclonedx): add nil check to metadata.component (#2673)\n* docs(secret): fix missing and broken links (#2674)\n* refactor(cyclonedx): implement json.Unmarshaler (#2662)\n* feat(kubernetes): add option to specify kubeconfig file path (#2576)\n* docs: follow Debian\u0027s \u0027instructions to connect to a third-party repository\u0027 (#2511)\n* feat(alma): set AlmaLinux 9 EOL (#2653)\n* fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636)\n* test(misconf): add tests for misconf handler for dockerfiles (#2621)\n* feat(oracle): set Oracle Linux 9 EOL (#2635)\n* BREAKING: add new classes for vulnerabilities (#2541)\n* fix(secret): add newline escaping for asymmetric private key (#2532)\n* docs: improve formatting (#2572)\n* feat(helm): allows users to define an existing secret for tokens (#2587)\n* docs(mariner): use tdnf in fs usage example (#2616)\n* docs: remove unnecessary double quotation marks (#2609)\n* fix: Fix --file-patterns flag (#2625)\n* feat(report): add support for Cosign vulnerability attestation (#2567)\n* docs(mariner): use v2.0 in examples (#2602)\n* feat(report): add secrets template for codequality report (#2461)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2023-64",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0064-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2023:0064-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZC5NXZSDG2FYOHGXMQE4LMFVABIGBY3E/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2023:0064-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZC5NXZSDG2FYOHGXMQE4LMFVABIGBY3E/"
},
{
"category": "self",
"summary": "SUSE Bug 1208091",
"url": "https://bugzilla.suse.com/1208091"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25165 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25165/"
}
],
"title": "Security update for trivy",
"tracking": {
"current_release_date": "2023-03-05T19:03:40Z",
"generator": {
"date": "2023-03-05T19:03:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2023:0064-1",
"initial_release_date": "2023-03-05T19:03:40Z",
"revision_history": [
{
"date": "2023-03-05T19:03:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.37.3-bp154.2.9.1.aarch64",
"product": {
"name": "trivy-0.37.3-bp154.2.9.1.aarch64",
"product_id": "trivy-0.37.3-bp154.2.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.37.3-bp154.2.9.1.i586",
"product": {
"name": "trivy-0.37.3-bp154.2.9.1.i586",
"product_id": "trivy-0.37.3-bp154.2.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.37.3-bp154.2.9.1.ppc64le",
"product": {
"name": "trivy-0.37.3-bp154.2.9.1.ppc64le",
"product_id": "trivy-0.37.3-bp154.2.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.37.3-bp154.2.9.1.s390x",
"product": {
"name": "trivy-0.37.3-bp154.2.9.1.s390x",
"product_id": "trivy-0.37.3-bp154.2.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.37.3-bp154.2.9.1.x86_64",
"product": {
"name": "trivy-0.37.3-bp154.2.9.1.x86_64",
"product_id": "trivy-0.37.3-bp154.2.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP4",
"product": {
"name": "SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.aarch64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.aarch64"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.i586 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.i586"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.ppc64le as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.ppc64le"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.s390x as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.s390x"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.x86_64"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.aarch64"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.i586 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.i586"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.ppc64le"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.s390x"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.37.3-bp154.2.9.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.x86_64"
},
"product_reference": "trivy-0.37.3-bp154.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-25165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25165"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.aarch64",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.i586",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.ppc64le",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.s390x",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.x86_64",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.aarch64",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.i586",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.ppc64le",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.s390x",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25165",
"url": "https://www.suse.com/security/cve/CVE-2023-25165"
},
{
"category": "external",
"summary": "SUSE Bug 1208083 for CVE-2023-25165",
"url": "https://bugzilla.suse.com/1208083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.aarch64",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.i586",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.ppc64le",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.s390x",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.x86_64",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.aarch64",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.i586",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.ppc64le",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.s390x",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.aarch64",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.i586",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.ppc64le",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.s390x",
"SUSE Package Hub 15 SP4:trivy-0.37.3-bp154.2.9.1.x86_64",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.aarch64",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.i586",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.ppc64le",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.s390x",
"openSUSE Leap 15.4:trivy-0.37.3-bp154.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-05T19:03:40Z",
"details": "moderate"
}
],
"title": "CVE-2023-25165"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…