csaf_opensuse - opensuse-su-2025:15188-1

opensuse-su-2025:15188-1

Vulnerability from csaf_opensuse

Published

2025-06-01 00:00

Modified

2025-06-01 00:00

Summary

govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media

Notes

Title of the patch

govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media

Description of the patch

These are all security issues fixed in the govulncheck-vulndb-0.0.20250529T205903-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15188

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250529T205903-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15188",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15188-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2025:15188-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5W5NDYFJCKVTB2UYZO6OSRFA7RGWGHY3/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2025:15188-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5W5NDYFJCKVTB2UYZO6OSRFA7RGWGHY3/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4057 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4057/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-47933 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-47933/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-47952 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-47952/"
      }
    ],
    "title": "govulncheck-vulndb-0.0.20250529T205903-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-06-01T00:00:00Z",
      "generator": {
        "date": "2025-06-01T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15188-1",
      "initial_release_date": "2025-06-01T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-06-01T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
                  "product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
                  "product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
                  "product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
                  "product_id": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-4057",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4057"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4057",
          "url": "https://www.suse.com/security/cve/CVE-2025-4057"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-01T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-4057"
    },
    {
      "cve": "CVE-2025-47933",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-47933"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-47933",
          "url": "https://www.suse.com/security/cve/CVE-2025-47933"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243791 for CVE-2025-47933",
          "url": "https://bugzilla.suse.com/1243791"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-01T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-47933"
    },
    {
      "cve": "CVE-2025-47952",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-47952"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it\u0027s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-47952",
          "url": "https://www.suse.com/security/cve/CVE-2025-47952"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243818 for CVE-2025-47952",
          "url": "https://bugzilla.suse.com/1243818"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250529T205903-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-06-01T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-47952"
    }
  ]
}

CVE-2025-47952 (GCVE-0-2025-47952)

Vulnerability from cvelistv5

Published

2025-05-30 03:37

Modified

2025-05-30 12:44

Severity ?

2.9 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1.

References

►

URL

Tags

	https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5	x_refsource_CONFIRM
	https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00	x_refsource_MISC
	https://github.com/traefik/traefik/releases/tag/v2.11.25	x_refsource_MISC
	https://github.com/traefik/traefik/releases/tag/v3.4.1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	traefik	traefik	Version: < 3.4.1 Version: < 2.11.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47952",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-30T12:44:30.966786Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T12:44:38.661Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "traefik",
          "vendor": "traefik",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.4.1"
            },
            {
              "status": "affected",
              "version": "\u003c 2.11.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it\u2019s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-30T03:37:12.685Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5"
        },
        {
          "name": "https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00"
        },
        {
          "name": "https://github.com/traefik/traefik/releases/tag/v2.11.25",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/releases/tag/v2.11.25"
        },
        {
          "name": "https://github.com/traefik/traefik/releases/tag/v3.4.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/releases/tag/v3.4.1"
        }
      ],
      "source": {
        "advisory": "GHSA-vrch-868g-9jx5",
        "discovery": "UNKNOWN"
      },
      "title": "Traefik allows path traversal using url encoding"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-47952",
    "datePublished": "2025-05-30T03:37:12.685Z",
    "dateReserved": "2025-05-14T10:32:43.531Z",
    "dateUpdated": "2025-05-30T12:44:38.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-47933 (GCVE-0-2025-47933)

Vulnerability from cvelistv5

Published

2025-05-29 19:30

Modified

2025-05-30 12:35

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.

References

►

URL

Tags

	https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p	x_refsource_CONFIRM
	https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	argoproj	argo-cd	Version: >= 1.2.0-rc1, <= 1.8.7 Version: >= 2.0.0-rc3, < 2.13.8 Version: >= 2.14.0-rc1, < 2.14.13 Version: >= 3.0.0-rc1, < 3.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-30T12:34:55.697431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T12:35:04.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "argo-cd",
          "vendor": "argoproj",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.2.0-rc1, \u003c= 1.8.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0-rc3, \u003c 2.13.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.14.0-rc1, \u003c 2.14.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0-rc1, \u003c 3.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-29T19:30:39.108Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p"
        },
        {
          "name": "https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/argoproj/argo-cd/commit/a5b4041a79c54bc7b3d090805d070bcdb9a9e4d1"
        }
      ],
      "source": {
        "advisory": "GHSA-2hj5-g64g-fp6p",
        "discovery": "UNKNOWN"
      },
      "title": "Argo CD allows cross-site scripting on repositories page"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-47933",
    "datePublished": "2025-05-29T19:30:39.108Z",
    "dateReserved": "2025-05-14T10:32:43.529Z",
    "dateUpdated": "2025-05-30T12:35:04.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4057 (GCVE-0-2025-4057)

Vulnerability from cvelistv5

Published

2025-05-26 08:53

Modified

2025-07-31 19:38

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-1391 - Use of Weak Credentials

Summary

A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:12355	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:12473	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8147	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-4057	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2362827	issue-tracking, x_refsource_REDHAT
	https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a
	https://github.com/arkmq-org/activemq-artemis-operator/issues/1130

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Red Hat	AMQ Broker 7.13.0.OPR.1.GA	cpe:/a:redhat:rhosemc:1.0::el9
Red Hat	Red Hat AMQ Broker 7.12.5	cpe:/a:redhat:amq_broker:7.12
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.12.5-2 < * cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.12.5-2 < * cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.12.5-2 < * cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.12.5-2 < * cpe:/a:redhat:rhosemc:1.0::el8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4057",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T14:25:10.764022Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-27T14:25:16.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/arkmq-org/activemq-artemis-operator",
          "defaultStatus": "unaffected",
          "packageName": "activemq-artemis-operator",
          "versions": [
            {
              "lessThan": "2.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "activemq-artemis-operator",
          "product": "AMQ Broker 7.13.0.OPR.1.GA",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7.12"
          ],
          "defaultStatus": "unaffected",
          "packageName": "activemq-artemis-operator",
          "product": "Red Hat AMQ Broker 7.12.5",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7/amq-broker-init-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.12.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7/amq-broker-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.12.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7/amq-broker-rhel8-operator",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.12.5-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "amq7/amq-broker-rhel8-operator-bundle",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.12.5-2",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2025-05-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1391",
              "description": "Use of Weak Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-31T19:38:37.063Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:12355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12355"
        },
        {
          "name": "RHSA-2025:12473",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12473"
        },
        {
          "name": "RHSA-2025:8147",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8147"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-4057"
        },
        {
          "name": "RHBZ#2362827",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362827"
        },
        {
          "url": "https://github.com/arkmq-org/activemq-artemis-operator/commit/d3482fab6d0060794226c9e5a6fa67d209abc35a"
        },
        {
          "url": "https://github.com/arkmq-org/activemq-artemis-operator/issues/1130"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-29T02:06:56.641000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-05-21T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Activemq-artemis-operator: amq broker operator starting credentials reuse",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-1391: Use of Weak Credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-4057",
    "datePublished": "2025-05-26T08:53:04.340Z",
    "dateReserved": "2025-04-29T02:11:18.656Z",
    "dateUpdated": "2025-07-31T19:38:37.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2025:15188-1

Vulnerability from csaf_opensuse

CVE-2025-47952 (GCVE-0-2025-47952)

Vulnerability from cvelistv5

CVE-2025-47933 (GCVE-0-2025-47933)

Vulnerability from cvelistv5

CVE-2025-4057 (GCVE-0-2025-4057)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature