csaf_opensuse - opensuse-su-2025:14893-1

opensuse-su-2025:14893-1

Vulnerability from csaf_opensuse

Published

2025-03-15 00:00

Modified

2025-03-15 00:00

Summary

govulncheck-vulndb-0.0.20250313T170021-1.1 on GA media

Notes

Title of the patch

govulncheck-vulndb-0.0.20250313T170021-1.1 on GA media

Description of the patch

These are all security issues fixed in the govulncheck-vulndb-0.0.20250313T170021-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-14893

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "govulncheck-vulndb-0.0.20250313T170021-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250313T170021-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-14893",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14893-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2025:14893-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IISU33DXNWHOYGRCT77IPABZTMARV5T6/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2025:14893-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IISU33DXNWHOYGRCT77IPABZTMARV5T6/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-1725 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-1725/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-52812 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-52812/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1296 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1296/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-26260 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-26260/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-27403 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-27403/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-27616 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-27616/"
      }
    ],
    "title": "govulncheck-vulndb-0.0.20250313T170021-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-03-15T00:00:00Z",
      "generator": {
        "date": "2025-03-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:14893-1",
      "initial_release_date": "2025-03-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-03-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
                  "product_id": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
                  "product_id": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
                  "product_id": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64",
                  "product_id": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-1725",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-1725"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the kubevirt-csi component of OpenShift Virtualization\u0027s Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node\u0027s volume by creating a custom Persistent Volume that matches the name of a worker node.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-1725",
          "url": "https://www.suse.com/security/cve/CVE-2024-1725"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-1725"
    },
    {
      "cve": "CVE-2024-52812",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-52812"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim\u0027s browser. Version 2.0.8 fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-52812",
          "url": "https://www.suse.com/security/cve/CVE-2024-52812"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-52812"
    },
    {
      "cve": "CVE-2025-1296",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1296"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Nomad Community and Nomad Enterprise (\"Nomad\") are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1296",
          "url": "https://www.suse.com/security/cve/CVE-2025-1296"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-1296"
    },
    {
      "cve": "CVE-2025-26260",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-26260"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Plenti \u003c= 0.7.16 is vulnerable to code execution. Users uploading \u0027.svelte\u0027 files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-26260",
          "url": "https://www.suse.com/security/cve/CVE-2025-26260"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-15T00:00:00Z",
          "details": "not set"
        }
      ],
      "title": "CVE-2025-26260"
    },
    {
      "cve": "CVE-2025-27403",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-27403"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure authentication providers may be impacted by a vulnerability that exists in versions prior to 1.2.3 and 1.3.2. Both Azure authentication providers attempt to exchange an Entra ID (EID) token for an ACR refresh token. However, Ratify\u0027s Azure authentication providers did not verify that the target registry is an ACR. This could have led to the EID token being presented to a non-ACR registry during token exchange. EID tokens with ACR access can potentially be extracted and abused if a user workload contains an image reference to a malicious registry. As of versions 1.2.3 and 1.3.2, the Azure workload identity and Azure managed identity authentication providers are updated to add new validation prior to EID token exchange. Validation relies upon registry domain validation against a pre-configured list of well-known ACR endpoints. EID token exchange will be executed only if at least one of the configured well-known domain suffixes (wildcard support included) matches the registry domain of the image reference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-27403",
          "url": "https://www.suse.com/security/cve/CVE-2025-27403"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-27403"
    },
    {
      "cve": "CVE-2025-27616",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-27616"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-27616",
          "url": "https://www.suse.com/security/cve/CVE-2025-27616"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250313T170021-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-27616"
    }
  ]
}

CVE-2025-26260 (GCVE-0-2025-26260)

Vulnerability from cvelistv5

Published

2025-03-12 00:00

Modified

2025-03-19 18:59

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Summary

Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.

References

►

URL

Tags

	https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5
	https://github.com/plentico/plenti/releases/tag/v0.7.17
	https://github.com/ahmetak4n/vulnerability-playground/tree/main/vulnerability-research/CVE-2025-26260
	https://ahmetakan.com/2025/02/14/cve-2025-26260/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-26260",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-19T18:57:58.185196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-19T18:59:02.952Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Plenti \u003c= 0.7.16 is vulnerable to code execution. Users uploading \u0027.svelte\u0027 files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T15:11:08.246Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5"
        },
        {
          "url": "https://github.com/plentico/plenti/releases/tag/v0.7.17"
        },
        {
          "url": "https://github.com/ahmetak4n/vulnerability-playground/tree/main/vulnerability-research/CVE-2025-26260"
        },
        {
          "url": "https://ahmetakan.com/2025/02/14/cve-2025-26260/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-26260",
    "datePublished": "2025-03-12T00:00:00.000Z",
    "dateReserved": "2025-02-07T00:00:00.000Z",
    "dateUpdated": "2025-03-19T18:59:02.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1725 (GCVE-0-2024-1725)

Vulnerability from cvelistv5

Published

2024-03-07 20:09

Modified

2025-03-26 04:52

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-501 - Trust Boundary Violation

Summary

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:1559	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1891	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2047	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-1725	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2265398	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Red Hat	Red Hat OpenShift Container Platform 4.13	Unaffected: v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8 < * cpe:/a:redhat:openshift:4.13::el9 cpe:/a:redhat:openshift:4.13::el8
Red Hat	Red Hat OpenShift Container Platform 4.14	Unaffected: v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8 < * cpe:/a:redhat:openshift:4.14::el9 cpe:/a:redhat:openshift:4.14::el8
Red Hat	Red Hat OpenShift Container Platform 4.15	Unaffected: v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8 < * cpe:/a:redhat:openshift:4.15::el9 cpe:/a:redhat:openshift:4.15::el8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:48:21.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1559",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1559"
          },
          {
            "name": "RHSA-2024:1891",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1891"
          },
          {
            "name": "RHSA-2024:2047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2047"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-1725"
          },
          {
            "name": "RHBZ#2265398",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265398"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1725",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T18:08:26.582074Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T20:40:55.445Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/openshift/kubevirt-csi-driver/",
          "packageName": "kubevirt-csi-driver",
          "repo": "https://github.com/openshift/kubevirt-csi-driver/",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "a61f36c42700f54352919318ed806d1ae2d716f4",
              "versionType": "git"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.13::el9",
            "cpe:/a:redhat:openshift:4.13::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/kubevirt-csi-driver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.14::el9",
            "cpe:/a:redhat:openshift:4.14::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/kubevirt-csi-driver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift:4.15::el9",
            "cpe:/a:redhat:openshift:4.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift4/kubevirt-csi-driver-rhel8",
          "product": "Red Hat OpenShift Container Platform 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-03-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the kubevirt-csi component of OpenShift Virtualization\u0027s Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node\u0027s volume by creating a custom Persistent Volume that matches the name of a worker node."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-26T04:52:26.156Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1559",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1559"
        },
        {
          "name": "RHSA-2024:1891",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1891"
        },
        {
          "name": "RHSA-2024:2047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2047"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-1725"
        },
        {
          "name": "RHBZ#2265398",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265398"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-19T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-03-06T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Kubevirt-csi: persistentvolume allows access to hcp\u0027s root node",
      "x_redhatCweChain": "CWE-501: Trust Boundary Violation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-1725",
    "datePublished": "2024-03-07T20:09:11.616Z",
    "dateReserved": "2024-02-21T20:27:59.807Z",
    "dateUpdated": "2025-03-26T04:52:26.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52812 (GCVE-0-2024-52812)

Vulnerability from cvelistv5

Published

2025-03-10 17:52

Modified

2025-03-11 20:13

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue.

References

►

URL

Tags

	https://github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8	x_refsource_CONFIRM
	https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L681	x_refsource_MISC
	https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L716	x_refsource_MISC
	https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L735	x_refsource_MISC
	https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L794	x_refsource_MISC
	https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L809	x_refsource_MISC
	https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L824	x_refsource_MISC
	https://github.com/lf-edge/ekuiper/releases/tag/v2.0.8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	lf-edge	ekuiper	Version: < 2.0.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52812",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T20:12:43.168456Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T20:13:01.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ekuiper",
          "vendor": "lf-edge",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.0.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim\u0027s browser. Version 2.0.8 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-10T17:52:13.106Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8"
        },
        {
          "name": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L681",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L681"
        },
        {
          "name": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L716",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L716"
        },
        {
          "name": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L735",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L735"
        },
        {
          "name": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L794",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L794"
        },
        {
          "name": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L809",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L809"
        },
        {
          "name": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L824",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L824"
        },
        {
          "name": "https://github.com/lf-edge/ekuiper/releases/tag/v2.0.8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lf-edge/ekuiper/releases/tag/v2.0.8"
        }
      ],
      "source": {
        "advisory": "GHSA-6hrw-x7pr-4mp8",
        "discovery": "UNKNOWN"
      },
      "title": "LF Edge eKuiper has Stored XSS in Rules Functionality"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52812",
    "datePublished": "2025-03-10T17:52:13.106Z",
    "dateReserved": "2024-11-15T17:11:13.443Z",
    "dateUpdated": "2025-03-11T20:13:01.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27403 (GCVE-0-2025-27403)

Vulnerability from cvelistv5

Published

2025-03-11 14:16

Modified

2025-03-11 14:43

Severity ?

7.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:L

CWE

CWE-287 - Improper Authentication

Summary

Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure authentication providers may be impacted by a vulnerability that exists in versions prior to 1.2.3 and 1.3.2. Both Azure authentication providers attempt to exchange an Entra ID (EID) token for an ACR refresh token. However, Ratify’s Azure authentication providers did not verify that the target registry is an ACR. This could have led to the EID token being presented to a non-ACR registry during token exchange. EID tokens with ACR access can potentially be extracted and abused if a user workload contains an image reference to a malicious registry. As of versions 1.2.3 and 1.3.2, the Azure workload identity and Azure managed identity authentication providers are updated to add new validation prior to EID token exchange. Validation relies upon registry domain validation against a pre-configured list of well-known ACR endpoints. EID token exchange will be executed only if at least one of the configured well-known domain suffixes (wildcard support included) matches the registry domain of the image reference.

References

►

URL

Tags

	https://github.com/ratify-project/ratify/security/advisories/GHSA-44f7-5fj5-h4px	x_refsource_CONFIRM
	https://github.com/ratify-project/ratify/commit/0ec0c08490e3d672ae64b1a220c90d5484f1c93f	x_refsource_MISC
	https://github.com/ratify-project/ratify/commit/84c7c48fa76bb9a1c9583635d1e90bc25b1a546c	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	ratify-project	ratify	Version: < 1.2.3 Version: >= 1.3.0, < 1.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27403",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T14:38:16.194306Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T14:43:13.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ratify",
          "vendor": "ratify-project",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.3.0, \u003c 1.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry (ACR). The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure authentication providers may be impacted by a vulnerability that exists in versions prior to 1.2.3 and 1.3.2. Both Azure authentication providers attempt to exchange an Entra ID (EID) token for an ACR refresh token. However, Ratify\u2019s Azure authentication providers did not verify that the target registry is an ACR. This could have led to the EID token being presented to a non-ACR registry during token exchange. EID tokens with ACR access can potentially be extracted and abused if a user workload contains an image reference to a malicious registry. As of versions 1.2.3 and 1.3.2, the Azure workload identity and Azure managed identity authentication providers are updated to add new validation prior to EID token exchange. Validation relies upon registry domain validation against a pre-configured list of well-known ACR endpoints. EID token exchange will be executed only if at least one of the configured well-known domain suffixes (wildcard support included) matches the registry domain of the image reference."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T14:16:10.013Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ratify-project/ratify/security/advisories/GHSA-44f7-5fj5-h4px",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ratify-project/ratify/security/advisories/GHSA-44f7-5fj5-h4px"
        },
        {
          "name": "https://github.com/ratify-project/ratify/commit/0ec0c08490e3d672ae64b1a220c90d5484f1c93f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ratify-project/ratify/commit/0ec0c08490e3d672ae64b1a220c90d5484f1c93f"
        },
        {
          "name": "https://github.com/ratify-project/ratify/commit/84c7c48fa76bb9a1c9583635d1e90bc25b1a546c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ratify-project/ratify/commit/84c7c48fa76bb9a1c9583635d1e90bc25b1a546c"
        }
      ],
      "source": {
        "advisory": "GHSA-44f7-5fj5-h4px",
        "discovery": "UNKNOWN"
      },
      "title": "Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-27403",
    "datePublished": "2025-03-11T14:16:10.013Z",
    "dateReserved": "2025-02-24T15:51:17.267Z",
    "dateUpdated": "2025-03-11T14:43:13.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1296 (GCVE-0-2025-1296)

Vulnerability from cvelistv5

Published

2025-03-10 18:02

Modified

2025-03-11 20:18

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-532 - Insertion of Sensitive Information into Log File

Summary

Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.

References

►

URL

Tags

https://discuss.hashicorp.com/t/hcsec-2025-04-nomad-exposes-sensitive-workload-identity-and-client-secret-token-in-audit-logs/73737

Impacted products

Vendor

Product

Version

►

Version: 1.0.0 ≤

Version: 1.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T20:14:30.450057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T20:18:55.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Nomad",
          "repo": "https://github.com/hashicorp/nomad/",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "1.9.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Nomad Enterprise",
          "repo": "https://github.com/hashicorp/nomad/",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.8.11",
                  "status": "unaffected"
                },
                {
                  "at": "1.7.19",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.9.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNomad Community and Nomad Enterprise (\u201cNomad\u201d) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "Nomad Community and Nomad Enterprise (\u201cNomad\u201d) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-268",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-268: Audit Log Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-10T18:02:21.579Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-04-nomad-exposes-sensitive-workload-identity-and-client-secret-token-in-audit-logs/73737"
        }
      ],
      "source": {
        "advisory": "HCSEC-2025-04",
        "discovery": "EXTERNAL"
      },
      "title": "Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2025-1296",
    "datePublished": "2025-03-10T18:02:21.579Z",
    "dateReserved": "2025-02-14T01:10:26.947Z",
    "dateUpdated": "2025-03-11T20:18:55.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27616 (GCVE-0-2025-27616)

Vulnerability from cvelistv5

Published

2025-03-10 18:56

Modified

2025-03-11 18:56

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-290 - Authentication Bypass by Spoofing
CWE-345 - Insufficient Verification of Data Authenticity

Summary

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available.

References

►

URL

Tags

	https://github.com/go-vela/server/security/advisories/GHSA-9m63-33q3-xq5x	x_refsource_CONFIRM
	https://github.com/go-vela/server/commit/257886e5a3eea518548387885894e239668584f5	x_refsource_MISC
	https://github.com/go-vela/server/commit/67c1892e2464dc54b8d2588815dfb7819222500b	x_refsource_MISC
	https://github.com/go-vela/server/releases/tag/v0.25.3	x_refsource_MISC
	https://github.com/go-vela/server/releases/tag/v0.26.3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	go-vela	server	Version: < 0.25.3 Version: >= 0.26.0, < 0.26.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27616",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T18:55:53.094356Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T18:56:11.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "server",
          "vendor": "go-vela",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.25.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.26.0, \u003c 0.26.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290: Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-10T18:56:14.537Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/go-vela/server/security/advisories/GHSA-9m63-33q3-xq5x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/go-vela/server/security/advisories/GHSA-9m63-33q3-xq5x"
        },
        {
          "name": "https://github.com/go-vela/server/commit/257886e5a3eea518548387885894e239668584f5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-vela/server/commit/257886e5a3eea518548387885894e239668584f5"
        },
        {
          "name": "https://github.com/go-vela/server/commit/67c1892e2464dc54b8d2588815dfb7819222500b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-vela/server/commit/67c1892e2464dc54b8d2588815dfb7819222500b"
        },
        {
          "name": "https://github.com/go-vela/server/releases/tag/v0.25.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-vela/server/releases/tag/v0.25.3"
        },
        {
          "name": "https://github.com/go-vela/server/releases/tag/v0.26.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-vela/server/releases/tag/v0.26.3"
        }
      ],
      "source": {
        "advisory": "GHSA-9m63-33q3-xq5x",
        "discovery": "UNKNOWN"
      },
      "title": "Vela Server has Insufficient Webhook Payload Data Verification"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-27616",
    "datePublished": "2025-03-10T18:56:14.537Z",
    "dateReserved": "2025-03-03T15:10:34.080Z",
    "dateUpdated": "2025-03-11T18:56:11.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2025:14893-1

Vulnerability from csaf_opensuse

CVE-2025-26260 (GCVE-0-2025-26260)

Vulnerability from cvelistv5

CVE-2024-1725 (GCVE-0-2024-1725)

Vulnerability from cvelistv5

CVE-2024-52812 (GCVE-0-2024-52812)

Vulnerability from cvelistv5

CVE-2025-27403 (GCVE-0-2025-27403)

Vulnerability from cvelistv5

CVE-2025-1296 (GCVE-0-2025-1296)

Vulnerability from cvelistv5

CVE-2025-27616 (GCVE-0-2025-27616)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature