Common Weakness Enumeration
CWE-653
AllowedImproper Isolation or Compartmentalization
Abstraction: Class · Status: Draft
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
101 vulnerabilities reference this CWE, most recent first.
CVE-2025-1974 (GCVE-0-2025-1974)
Vulnerability from cvelistv5 – Published: 2025-03-24 23:28 – Updated: 2026-02-26 19:09
VLAI
EPSS
VEX
Title
ingress-nginx admission controller RCE escalation
Summary
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Date Public
2025-03-24 19:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T03:55:20.340497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:14.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-04T19:33:52.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
},
{
"url": "https://github.com/B1ack4sh/Blackash-CVE-2025-1974"
},
{
"url": "https://www.exploit-db.com/exploits/52475"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Validating Admission Controller"
],
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
},
{
"lang": "en",
"type": "finder",
"value": "Hillai Ben Sasson"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-251",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-251 Local Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:28:48.985Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx admission controller RCE escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."
}
],
"value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1974",
"datePublished": "2025-03-24T23:28:48.985Z",
"dateReserved": "2025-03-04T21:34:07.543Z",
"dateUpdated": "2026-02-26T19:09:14.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53855 (GCVE-0-2024-53855)
Vulnerability from cvelistv5 – Published: 2024-11-27 18:27 – Updated: 2024-11-27 19:32
VLAI
EPSS
VEX
Title
User can view tickets from organizations they're not apart of in centurion_erp
Summary
Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they are not apart of. Users with following permissions are applicable: 1. `view_ticket_change` permission can view change tickets from organizations they are not apart of. 2. `view_ticket_incident` permission can view incident tickets from organizations they are not apart of. 3. `view_ticket_request` permission can view request tickets from organizations they are not apart of. 4. `view_ticket_problem` permission can view problem tickets from organizations they are not apart of. The access to view the tickets from different organizations is only applicable when browsing the API endpoints for the tickets in question. The Centurion UI is not affected. Project Tasks, although a "ticket type" are also **Not** affected. This issue has been addressed in release version 1.3.1 and users are advised to upgrade. Users unable to upgrade may remove the ticket view permissions from users which would alleviate this vulnerability, if this is deemed not-viable, Upgrading is recommended.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nofusscomputing/centurion_erp/… | x_refsource_CONFIRM |
| https://github.com/nofusscomputing/centurion_erp/… | x_refsource_MISC |
| https://github.com/nofusscomputing/centurion_erp/… | x_refsource_MISC |
| https://github.com/nofusscomputing/centurion_erp/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nofusscomputing | centurion_erp |
Affected:
>= 1.2.0, < 1.3.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T19:23:43.116745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T19:32:45.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "centurion_erp",
"vendor": "nofusscomputing",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they are not apart of. Users with following permissions are applicable: 1. `view_ticket_change` permission can view change tickets from organizations they are not apart of. 2. `view_ticket_incident` permission can view incident tickets from organizations they are not apart of. 3. `view_ticket_request` permission can view request tickets from organizations they are not apart of. 4. `view_ticket_problem` permission can view problem tickets from organizations they are not apart of. The access to view the tickets from different organizations is only applicable when browsing the API endpoints for the tickets in question. The Centurion UI is not affected. Project Tasks, although a \"ticket type\" are also **Not** affected. This issue has been addressed in release version 1.3.1 and users are advised to upgrade. Users unable to upgrade may remove the ticket view permissions from users which would alleviate this vulnerability, if this is deemed not-viable, Upgrading is recommended."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:27:04.960Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-h9q2-fcc6-r65c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-h9q2-fcc6-r65c"
},
{
"name": "https://github.com/nofusscomputing/centurion_erp/pull/399",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nofusscomputing/centurion_erp/pull/399"
},
{
"name": "https://github.com/nofusscomputing/centurion_erp/pull/399/commits/61f34876ed0f8362f7185bd5eecfc830a9de5cb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nofusscomputing/centurion_erp/pull/399/commits/61f34876ed0f8362f7185bd5eecfc830a9de5cb0"
},
{
"name": "https://github.com/nofusscomputing/centurion_erp/releases/tag/1.3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nofusscomputing/centurion_erp/releases/tag/1.3.1"
}
],
"source": {
"advisory": "GHSA-h9q2-fcc6-r65c",
"discovery": "UNKNOWN"
},
"title": "User can view tickets from organizations they\u0027re not apart of in centurion_erp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53855",
"datePublished": "2024-11-27T18:27:04.960Z",
"dateReserved": "2024-11-22T17:30:02.142Z",
"dateUpdated": "2024-11-27T19:32:45.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49373 (GCVE-0-2024-49373)
Vulnerability from cvelistv5 – Published: 2024-10-22 15:58 – Updated: 2024-10-22 17:13
VLAI
EPSS
VEX
Title
Centurion ERP user can view projects from organizations they're not apart of
Summary
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nofusscomputing/centurion_erp/… | x_refsource_CONFIRM |
| https://github.com/nofusscomputing/centurion_erp/… | x_refsource_MISC |
| https://github.com/nofusscomputing/centurion_erp/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nofusscomputing | centurion_erp |
Affected:
< 1.2.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:09:37.342042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:13:39.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "centurion_erp",
"vendor": "nofusscomputing",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:58:37.360Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nofusscomputing/centurion_erp/security/advisories/GHSA-5qmx-pr2f-qhj5"
},
{
"name": "https://github.com/nofusscomputing/centurion_erp/pull/358",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nofusscomputing/centurion_erp/pull/358"
},
{
"name": "https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nofusscomputing/centurion_erp/commit/c3a4685200faa060167d4fde86e806dc91eddcae"
}
],
"source": {
"advisory": "GHSA-5qmx-pr2f-qhj5",
"discovery": "UNKNOWN"
},
"title": "Centurion ERP user can view projects from organizations they\u0027re not apart of"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49373",
"datePublished": "2024-10-22T15:58:37.360Z",
"dateReserved": "2024-10-14T13:56:34.811Z",
"dateUpdated": "2024-10-22T17:13:39.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47520 (GCVE-0-2024-47520)
Vulnerability from cvelistv5 – Published: 2025-01-10 22:00 – Updated: 2025-01-13 20:11
VLAI
EPSS
VEX
Title
A user with advanced report application access rights can perform actions for which they are not authorized
Summary
A user with advanced report application access rights can perform actions for which they are not authorized
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management |
Affected:
17.1.0 , ≤ 17.1.1
(custom)
|
Date Public
2024-10-29 20:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:11:32.475074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:11:36.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Reports application.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-4.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe above picture shows the configuration panel for user access. The \u201c\u003ca target=\"_blank\" rel=\"nofollow\"\u003ereportuser@domain.com\u003c/a\u003e\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Reports application.\n\n\nThe above picture shows the configuration panel for user access. The \u201creportuser@domain.com\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet INCE from PRODAFT.com"
}
],
"datePublic": "2024-10-29T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003eA user with advanced report application access rights can perform actions for which they are not authorized\u003c/h4\u003e\u003cbr\u003e"
}
],
"value": "A user with advanced report application access rights can perform actions for which they are not authorized"
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T22:00:56.183Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"
}
],
"source": {
"advisory": "105",
"defect": [
"NGFW-14707"
],
"discovery": "EXTERNAL"
},
"title": "A user with advanced report application access rights can perform actions for which they are not authorized",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor the Reports application, for all Reports Users, disable \u003ci\u003eOnline Access.\u003c/i\u003e\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-5.png\"\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo do this:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and go to the Reports application.\u003c/li\u003e\u003cli\u003eFor all users with the Online Access checkbox (red box) enabled, uncheck it.\u003c/li\u003e\u003cli\u003eClick Save.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "For the Reports application, for all Reports Users, disable Online Access.\n\n\n\n\u00a0\n\nTo do this:\n\n * As the NGFW administrator, log into the UI and go to the Reports application.\n * For all users with the Online Access checkbox (red box) enabled, uncheck it.\n * Click Save."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-47520",
"datePublished": "2025-01-10T22:00:56.183Z",
"dateReserved": "2024-09-25T20:29:43.984Z",
"dateUpdated": "2025-01-13T20:11:36.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43803 (GCVE-0-2024-43803)
Vulnerability from cvelistv5 – Published: 2024-09-03 18:56 – Updated: 2024-09-03 19:30
VLAI
EPSS
VEX
Title
BMO can expose particularly named secrets from other namespaces via BMH CRD
Summary
The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the `Name` and `Namespace` of the Secret, meaning that versions of the baremetal-operator prior to 0.8.0, 0.6.2, and 0.5.2 will read a `Secret` from any namespace. A user with access to create or edit a `BareMetalHost` can thus exfiltrate a `Secret` from another namespace by using it as e.g. the `userData` for provisioning some host (note that this need not be a real host, it could be a VM somewhere).
BMO will only read a key with the name `value` (or `userData`, `metaData`, or `networkData`), so that limits the exposure somewhat. `value` is probably a pretty common key though. Secrets used by _other_ `BareMetalHost`s in different namespaces are always vulnerable. It is probably relatively unusual for anyone other than cluster administrators to have RBAC access to create/edit a `BareMetalHost`. This vulnerability is only meaningful, if the cluster has users other than administrators and users' privileges are limited to their respective namespaces.
The patch prevents BMO from accepting links to Secrets from other namespaces as BMH input. Any BMH configuration is only read from the same namespace only. The problem is patched in BMO releases v0.7.0, v0.6.2 and v0.5.2 and users should upgrade to those versions. Prior upgrading, duplicate the BMC Secrets to the namespace where the corresponding BMH is. After upgrade, remove the old Secrets. As a workaround, an operator can configure BMO RBAC to be namespace scoped for Secrets, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/metal3-io/baremetal-operator/s… | x_refsource_CONFIRM |
| https://github.com/metal3-io/baremetal-operator/p… | x_refsource_MISC |
| https://github.com/metal3-io/baremetal-operator/p… | x_refsource_MISC |
| https://github.com/metal3-io/baremetal-operator/p… | x_refsource_MISC |
| https://github.com/metal3-io/baremetal-operator/c… | x_refsource_MISC |
| https://github.com/metal3-io/baremetal-operator/c… | x_refsource_MISC |
| https://github.com/metal3-io/baremetal-operator/c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| metal3-io | baremetal-operator |
Affected:
>= 0.7.0, < 0.8.0
Affected: >= 0.6.0, < 0.6.2 Affected: < 0.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:30:23.615407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:30:44.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "baremetal-operator",
"vendor": "metal3-io",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0, \u003c 0.8.0"
},
{
"status": "affected",
"version": "\u003e= 0.6.0, \u003c 0.6.2"
},
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the `Name` and `Namespace` of the Secret, meaning that versions of the baremetal-operator prior to 0.8.0, 0.6.2, and 0.5.2 will read a `Secret` from any namespace. A user with access to create or edit a `BareMetalHost` can thus exfiltrate a `Secret` from another namespace by using it as e.g. the `userData` for provisioning some host (note that this need not be a real host, it could be a VM somewhere).\n\nBMO will only read a key with the name `value` (or `userData`, `metaData`, or `networkData`), so that limits the exposure somewhat. `value` is probably a pretty common key though. Secrets used by _other_ `BareMetalHost`s in different namespaces are always vulnerable. It is probably relatively unusual for anyone other than cluster administrators to have RBAC access to create/edit a `BareMetalHost`. This vulnerability is only meaningful, if the cluster has users other than administrators and users\u0027 privileges are limited to their respective namespaces.\n\nThe patch prevents BMO from accepting links to Secrets from other namespaces as BMH input. Any BMH configuration is only read from the same namespace only. The problem is patched in BMO releases v0.7.0, v0.6.2 and v0.5.2 and users should upgrade to those versions. Prior upgrading, duplicate the BMC Secrets to the namespace where the corresponding BMH is. After upgrade, remove the old Secrets. As a workaround, an operator can configure BMO RBAC to be namespace scoped for Secrets, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:56:29.607Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-pqfh-xh7w-7h3p"
},
{
"name": "https://github.com/metal3-io/baremetal-operator/pull/1929",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metal3-io/baremetal-operator/pull/1929"
},
{
"name": "https://github.com/metal3-io/baremetal-operator/pull/1930",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metal3-io/baremetal-operator/pull/1930"
},
{
"name": "https://github.com/metal3-io/baremetal-operator/pull/1931",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metal3-io/baremetal-operator/pull/1931"
},
{
"name": "https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metal3-io/baremetal-operator/commit/3af4882e9c5fadc1a7550f53daea21dccd271f74"
},
{
"name": "https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metal3-io/baremetal-operator/commit/bedae7b997d16f36e772806681569bb8eb4dadbb"
},
{
"name": "https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/metal3-io/baremetal-operator/commit/c2b5a557641bc273367635124047d6c958aa15f7"
}
],
"source": {
"advisory": "GHSA-pqfh-xh7w-7h3p",
"discovery": "UNKNOWN"
},
"title": "BMO can expose particularly named secrets from other namespaces via BMH CRD"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43803",
"datePublished": "2024-09-03T18:56:29.607Z",
"dateReserved": "2024-08-16T14:20:37.326Z",
"dateUpdated": "2024-09-03T19:30:44.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35281 (GCVE-0-2024-35281)
Vulnerability from cvelistv5 – Published: 2025-05-13 14:46 – Updated: 2025-05-13 15:17
VLAI
EPSS
VEX
Summary
An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientMac |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) |
|
| Fortinet | FortiVoiceUCDesktop |
Affected:
3.0.0 , ≤ 3.0.16
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:17:53.581796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:17:58.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiClientMac",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiVoiceUCDesktop",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:46:42.574Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-025"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientMac version 7.4.3 or above \nPlease upgrade to FortiClientMac version 7.2.9 or above \nPlease upgrade to FortiVoiceUCDesktop version 7.0.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-35281",
"datePublished": "2025-05-13T14:46:42.574Z",
"dateReserved": "2024-05-14T21:15:19.190Z",
"dateUpdated": "2025-05-13T15:17:58.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30388 (GCVE-0-2024-30388)
Vulnerability from cvelistv5 – Published: 2024-04-12 15:09 – Updated: 2024-08-02 01:32
VLAI
EPSS
VEX
Title
Junos OS: QFX5000 Series and EX Series: Specific malformed LACP packets will cause flaps
Summary
An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.
This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series:
* 20.4 versions from
20.4R3-S4
before 20.4R3-S8,
* 21.2 versions from
21.2R3-S2
before 21.2R3-S6,
* 21.4 versions from
21.4R2
before 21.4R3-S4,
* 22.1 versions from
22.1R2
before 22.1R3-S3,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R2-S2, 22.3R3,
* 22.4 versions before 22.4R2-S1, 22.4R3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial of Service (DoS)
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://supportportal.juniper.net/JSA79089 | vendor-advisory |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.… | technical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
20.4R3-S4 , < 20.4R3-S8
(semver)
Affected: 21.2R3-S2 , < 21.2R3-S6 (semver) Affected: 21.4R2 , < 21.4R3-S4 (semver) Affected: 22.1R2 , < 22.1R3-S3 (semver) Affected: 22.2 , < 22.2R3-S1 (semver) Affected: 22.3 , < 22.3R2-S2, 22.3R3 (semver) Affected: 22.4 , < 22.4R2-S1, 22.4R3 (semver) |
Date Public
2024-04-10 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T16:25:58.944143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:26:57.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://supportportal.juniper.net/JSA79089"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"QFX5000 Series",
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "20.4R3-S4",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2R3-S2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4R2",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1R2",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo be affected by this issue the device must have an LACP configuration as shown in the following example must be present\u003c/span\u003e:\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [ interfaces \u0026lt;interface\u0026gt; ...ether-options\u0026nbsp;802.3ad ae\u0026lt;number\u0026gt; ]\u003cbr\u003e\u0026nbsp; [ interfaces ae\u0026lt;number\u0026gt; aggregated-ether-options lacp ]\u003cbr\u003e"
}
],
"value": "To be affected by this issue the device must have an LACP configuration as shown in the following example must be present:\n\n\u00a0 [ interfaces \u003cinterface\u003e ...ether-options\u00a0802.3ad ae\u003cnumber\u003e ]\n\u00a0 [ interfaces ae\u003cnumber\u003e aggregated-ether-options lacp ]"
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e20.4 versions from \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e20.4R3-S4\u003c/span\u003e\n\nbefore 20.4R3-S8,\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e21.2 versions from \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S2\u003c/span\u003e\n\nbefore 21.2R3-S6,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e21.4 versions from \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R2\u003c/span\u003e\n\nbefore 21.4R3-S4,\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.1 versions from\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R2\u003c/span\u003e\n\n before 22.1R3-S3,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S1,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R2-S2, 22.3R3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2-S1, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.\nThis issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series:\n\n\n\n * 20.4 versions from \n\n20.4R3-S4\n\nbefore 20.4R3-S8,\n * 21.2 versions from \n\n21.2R3-S2\n\nbefore 21.2R3-S6,\n * 21.4 versions from \n\n21.4R2\n\nbefore 21.4R3-S4,\n\n * 22.1 versions from\n\n22.1R2\n\n before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R2-S2, 22.3R3,\n * 22.4 versions before 22.4R2-S1, 22.4R3."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:18:38.432Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "http://supportportal.juniper.net/JSA79089"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79089",
"defect": [
"1711783"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: QFX5000 Series and EX Series: Specific malformed LACP packets will cause flaps",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30388",
"datePublished": "2024-04-12T15:09:12.944Z",
"dateReserved": "2024-03-26T23:06:17.993Z",
"dateUpdated": "2024-08-02T01:32:07.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23682 (GCVE-0-2024-23682)
Vulnerability from cvelistv5 – Published: 2024-01-19 20:13 – Updated: 2026-07-14 22:54
VLAI
EPSS
VEX
Title
Artemis Java Test Sandbox Class Loading Escape
Summary
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/ls1intum/Ares/security/advisor… | vendor-advisory |
| https://github.com/ls1intum/Ares/issues/15 | issue-tracking |
| https://github.com/ls1intum/Ares/releases/tag/1.8.0 | related |
| https://github.com/advisories/GHSA-227w-wv4j-67h4 | vendor-advisory |
| https://vulncheck.com/advisories/vc-advisory-GHSA… | third-party-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/ls1intum/Ares/issues/15"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/ls1intum/Ares/releases/tag/1.8.0"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-227w-wv4j-67h4"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-22T15:37:36.607839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T18:25:03.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "de.tum.in.ase:artemis-java-test-sandbox",
"packageURL": "pkg:maven/de.tum.in.ase/artemis-java-test-sandbox",
"versions": [
{
"lessThan": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eArtemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501 Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T22:54:43.394Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ls1intum/Ares/issues/15"
},
{
"tags": [
"related"
],
"url": "https://github.com/ls1intum/Ares/releases/tag/1.8.0"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/advisories/GHSA-227w-wv4j-67h4"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Artemis Java Test Sandbox Class Loading Escape",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-23682",
"datePublished": "2024-01-19T20:13:55.453Z",
"dateReserved": "2024-01-19T17:35:09.984Z",
"dateUpdated": "2026-07-14T22:54:43.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20285 (GCVE-0-2024-20285)
Vulnerability from cvelistv5 – Published: 2024-08-28 16:37 – Updated: 2024-08-28 17:19
VLAI
EPSS
VEX
Title
Cisco NX-OS Software Python Parser Escape Vulnerability
Summary
A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.
The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.
Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Insufficient Compartmentalization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco NX-OS Software |
Affected:
7.3(6)N1(1a)
Affected: 8.4(2) Affected: 7.3(6)N1(1) Affected: 9.2(3) Affected: 7.0(3)I5(2) Affected: 8.2(1) Affected: 6.0(2)A8(7a) Affected: 7.0(3)I4(5) Affected: 6.0(2)A6(1) Affected: 7.3(1)D1(1) Affected: 7.0(3)I4(6) Affected: 7.3(4)N1(1) Affected: 7.0(3)I4(3) Affected: 9.2(2v) Affected: 6.0(2)A6(5b) Affected: 7.3(0)D1(1) Affected: 6.2(17a) Affected: 7.0(3)I4(7) Affected: 6.0(2)U6(1a) Affected: 7.1(5)N1(1b) Affected: 7.0(3)I4(1) Affected: 7.0(3)I4(8) Affected: 7.0(3)I4(2) Affected: 7.1(4)N1(1c) Affected: 7.0(3)IM3(1) Affected: 6.0(2)U6(5a) Affected: 6.0(2)A8(11) Affected: 6.0(2)A6(4a) Affected: 6.2(9) Affected: 6.2(5) Affected: 9.2(1) Affected: 9.2(2t) Affected: 9.2(3y) Affected: 7.0(3)I4(1t) Affected: 6.0(2)U6(5c) Affected: 6.0(2)A6(4) Affected: 7.0(3)I7(6z) Affected: 9.3(2) Affected: 7.3(1)DY(1) Affected: 7.0(3)F3(3) Affected: 6.0(2)U6(6) Affected: 6.2(29) Affected: 7.0(3)I7(3z) Affected: 7.0(3)IM7(2) Affected: 6.0(2)A8(11b) Affected: 6.2(9a) Affected: 7.3(0)N1(1) Affected: 7.0(3)I7(5a) Affected: 6.2(11d) Affected: 7.0(3)I6(1) Affected: 6.0(2)U6(10) Affected: 7.0(3)IM3(2) Affected: 6.0(2)A6(8) Affected: 6.0(2)U6(1) Affected: 7.3(2)N1(1c) Affected: 7.0(3)I5(3b) Affected: 7.3(5)N1(1) Affected: 6.0(2)A6(2a) Affected: 7.3(2)N1(1b) Affected: 6.2(27) Affected: 7.3(1)N1(1) Affected: 6.0(2)U6(7) Affected: 9.2(4) Affected: 7.1(4)N1(1a) Affected: 8.1(1) Affected: 7.1(3)N1(4) Affected: 7.0(3)IM3(2a) Affected: 6.0(2)A8(10) Affected: 7.1(3)N1(2) Affected: 8.2(2) Affected: 6.2(13) Affected: 6.0(2)A8(2) Affected: 7.0(3)IC4(4) Affected: 6.2(1) Affected: 8.3(2) Affected: 7.3(4)N1(1a) Affected: 6.0(2)A6(3) Affected: 6.0(2)U6(5b) Affected: 7.0(3)F3(3c) Affected: 7.0(3)F3(1) Affected: 6.0(2)U6(5) Affected: 7.0(3)F3(5) Affected: 7.1(2)N1(1) Affected: 7.1(3)N1(3) Affected: 6.0(2)A6(7) Affected: 7.0(3)I7(2) Affected: 6.2(5a) Affected: 6.0(2)A6(5) Affected: 7.0(3)IM3(2b) Affected: 7.1(3)N1(1) Affected: 6.0(2)U6(4a) Affected: 7.0(3)I5(3) Affected: 7.0(3)I7(3) Affected: 6.0(2)A8(6) Affected: 7.0(3)I6(2) Affected: 8.3(1) Affected: 6.2(3) Affected: 7.1(1)N1(1) Affected: 8.1(1b) Affected: 7.3(0)N1(1b) Affected: 6.0(2)A8(5) Affected: 7.1(4)N1(1d) Affected: 7.3(2)N1(1) Affected: 6.0(2)U6(8) Affected: 7.1(1)N1(1a) Affected: 7.0(3)IM3(3) Affected: 9.3(1) Affected: 6.0(2)U6(2) Affected: 6.2(9b) Affected: 7.1(3)N1(2a) Affected: 7.3(0)N1(1a) Affected: 6.0(2)A8(7) Affected: 7.0(3)I7(6) Affected: 8.4(1) Affected: 6.2(25) Affected: 6.0(2)U6(3a) Affected: 6.0(2)A8(11a) Affected: 6.2(11e) Affected: 7.1(3)N1(5) Affected: 7.0(3)I4(8z) Affected: 6.2(11) Affected: 7.0(3)I4(9) Affected: 6.2(19) Affected: 7.1(0)N1(1b) Affected: 7.0(3)I7(4) Affected: 7.0(3)I7(7) Affected: 6.2(5b) Affected: 7.3(0)DY(1) Affected: 6.0(2)A8(9) Affected: 6.0(2)A8(1) Affected: 7.1(5)N1(1) Affected: 6.2(15) Affected: 6.0(2)A6(6) Affected: 6.0(2)A8(10a) Affected: 7.0(3)I5(1) Affected: 9.3(1z) Affected: 9.2(2) Affected: 6.2(7) Affected: 6.2(9c) Affected: 7.0(3)F3(4) Affected: 7.3(3)N1(1) Affected: 7.0(3)I4(8b) Affected: 6.0(2)A8(3) Affected: 6.2(11b) Affected: 7.0(3)I4(6t) Affected: 7.0(3)I5(3a) Affected: 8.1(1a) Affected: 6.2(13a) Affected: 6.0(2)A8(8) Affected: 7.0(3)I7(5) Affected: 7.0(3)F3(3a) Affected: 7.1(0)N1(1a) Affected: 6.0(2)A8(4) Affected: 6.0(2)A6(3a) Affected: 6.0(2)A6(5a) Affected: 7.0(3)F2(1) Affected: 7.0(3)I4(8a) Affected: 6.0(2)U6(9) Affected: 7.0(3)F3(2) Affected: 6.0(2)U6(2a) Affected: 6.2(17) Affected: 7.0(3)I4(4) Affected: 6.2(23) Affected: 6.2(13b) Affected: 6.0(2)U6(3) Affected: 7.1(2)N1(1a) Affected: 7.0(3)I7(1) Affected: 6.2(21) Affected: 7.0(3)F2(2) Affected: 7.0(3)IA7(2) Affected: 7.0(3)IA7(1) Affected: 6.0(2)A8(7b) Affected: 6.2(11c) Affected: 7.0(3)F1(1) Affected: 6.0(2)A6(1a) Affected: 7.1(0)N1(1) Affected: 6.0(2)A6(2) Affected: 7.1(4)N1(1) Affected: 6.0(2)A8(4a) Affected: 6.0(2)U6(4) Affected: 8.4(1a) Affected: 9.3(3) Affected: 7.3(7)N1(1) Affected: 6.2(31) Affected: 7.0(3)I7(8) Affected: 6.0(2)U6(10a) Affected: 7.3(7)N1(1a) Affected: 9.3(4) Affected: 6.2(33) Affected: 9.3(5) Affected: 8.4(2a) Affected: 8.4(2b) Affected: 7.3(8)N1(1) Affected: 7.0(3)I7(9) Affected: 7.3(7)N1(1b) Affected: 8.5(1) Affected: 9.3(6) Affected: 10.1(2) Affected: 10.1(1) Affected: 8.4(2c) Affected: 9.3(5w) Affected: 7.3(9)N1(1) Affected: 9.3(7) Affected: 9.3(7k) Affected: 7.0(3)I7(9w) Affected: 10.2(1) Affected: 7.3(8)N1(1a) Affected: 9.3(7a) Affected: 9.3(8) Affected: 8.4(2d) Affected: 7.3(10)N1(1) Affected: 7.0(3)I7(10) Affected: 7.3(8)N1(1b) Affected: 10.2(1q) Affected: 10.2(2) Affected: 9.3(9) Affected: 10.1(2t) Affected: 7.3(11)N1(1) Affected: 10.2(3) Affected: 10.2(3t) Affected: 8.4(2e) Affected: 9.3(10) Affected: 7.3(11)N1(1a) Affected: 10.2(2a) Affected: 7.3(12)N1(1) Affected: 9.2(1a) Affected: 10.3(1) Affected: 10.2(4) Affected: 7.3(13)N1(1) Affected: 10.3(2) Affected: 9.3(11) Affected: 10.3(3) Affected: 10.2(5) Affected: 9.4(1) Affected: 9.3(2a) Affected: 8.4(2f) Affected: 9.3(12) Affected: 10.2(3v) Affected: 10.4(1) Affected: 10.3(99w) Affected: 7.3(14)N1(1) Affected: 10.2(6) Affected: 10.3(3w) Affected: 10.3(99x) Affected: 10.3(3o) Affected: 10.3(4) Affected: 10.3(3p) Affected: 10.3(4a) Affected: 9.4(1a) Affected: 10.4(2) Affected: 10.3(3q) Affected: 9.3(13) Affected: 10.3(5) Affected: 10.2(7) Affected: 10.4(3) Affected: 10.3(3x) Affected: 10.3(4g) Affected: 10.3(3r) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T17:19:39.299396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:19:57.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.3(6)N1(1a)"
},
{
"status": "affected",
"version": "8.4(2)"
},
{
"status": "affected",
"version": "7.3(6)N1(1)"
},
{
"status": "affected",
"version": "9.2(3)"
},
{
"status": "affected",
"version": "7.0(3)I5(2)"
},
{
"status": "affected",
"version": "8.2(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(7a)"
},
{
"status": "affected",
"version": "7.0(3)I4(5)"
},
{
"status": "affected",
"version": "6.0(2)A6(1)"
},
{
"status": "affected",
"version": "7.3(1)D1(1)"
},
{
"status": "affected",
"version": "7.0(3)I4(6)"
},
{
"status": "affected",
"version": "7.3(4)N1(1)"
},
{
"status": "affected",
"version": "7.0(3)I4(3)"
},
{
"status": "affected",
"version": "9.2(2v)"
},
{
"status": "affected",
"version": "6.0(2)A6(5b)"
},
{
"status": "affected",
"version": "7.3(0)D1(1)"
},
{
"status": "affected",
"version": "6.2(17a)"
},
{
"status": "affected",
"version": "7.0(3)I4(7)"
},
{
"status": "affected",
"version": "6.0(2)U6(1a)"
},
{
"status": "affected",
"version": "7.1(5)N1(1b)"
},
{
"status": "affected",
"version": "7.0(3)I4(1)"
},
{
"status": "affected",
"version": "7.0(3)I4(8)"
},
{
"status": "affected",
"version": "7.0(3)I4(2)"
},
{
"status": "affected",
"version": "7.1(4)N1(1c)"
},
{
"status": "affected",
"version": "7.0(3)IM3(1)"
},
{
"status": "affected",
"version": "6.0(2)U6(5a)"
},
{
"status": "affected",
"version": "6.0(2)A8(11)"
},
{
"status": "affected",
"version": "6.0(2)A6(4a)"
},
{
"status": "affected",
"version": "6.2(9)"
},
{
"status": "affected",
"version": "6.2(5)"
},
{
"status": "affected",
"version": "9.2(1)"
},
{
"status": "affected",
"version": "9.2(2t)"
},
{
"status": "affected",
"version": "9.2(3y)"
},
{
"status": "affected",
"version": "7.0(3)I4(1t)"
},
{
"status": "affected",
"version": "6.0(2)U6(5c)"
},
{
"status": "affected",
"version": "6.0(2)A6(4)"
},
{
"status": "affected",
"version": "7.0(3)I7(6z)"
},
{
"status": "affected",
"version": "9.3(2)"
},
{
"status": "affected",
"version": "7.3(1)DY(1)"
},
{
"status": "affected",
"version": "7.0(3)F3(3)"
},
{
"status": "affected",
"version": "6.0(2)U6(6)"
},
{
"status": "affected",
"version": "6.2(29)"
},
{
"status": "affected",
"version": "7.0(3)I7(3z)"
},
{
"status": "affected",
"version": "7.0(3)IM7(2)"
},
{
"status": "affected",
"version": "6.0(2)A8(11b)"
},
{
"status": "affected",
"version": "6.2(9a)"
},
{
"status": "affected",
"version": "7.3(0)N1(1)"
},
{
"status": "affected",
"version": "7.0(3)I7(5a)"
},
{
"status": "affected",
"version": "6.2(11d)"
},
{
"status": "affected",
"version": "7.0(3)I6(1)"
},
{
"status": "affected",
"version": "6.0(2)U6(10)"
},
{
"status": "affected",
"version": "7.0(3)IM3(2)"
},
{
"status": "affected",
"version": "6.0(2)A6(8)"
},
{
"status": "affected",
"version": "6.0(2)U6(1)"
},
{
"status": "affected",
"version": "7.3(2)N1(1c)"
},
{
"status": "affected",
"version": "7.0(3)I5(3b)"
},
{
"status": "affected",
"version": "7.3(5)N1(1)"
},
{
"status": "affected",
"version": "6.0(2)A6(2a)"
},
{
"status": "affected",
"version": "7.3(2)N1(1b)"
},
{
"status": "affected",
"version": "6.2(27)"
},
{
"status": "affected",
"version": "7.3(1)N1(1)"
},
{
"status": "affected",
"version": "6.0(2)U6(7)"
},
{
"status": "affected",
"version": "9.2(4)"
},
{
"status": "affected",
"version": "7.1(4)N1(1a)"
},
{
"status": "affected",
"version": "8.1(1)"
},
{
"status": "affected",
"version": "7.1(3)N1(4)"
},
{
"status": "affected",
"version": "7.0(3)IM3(2a)"
},
{
"status": "affected",
"version": "6.0(2)A8(10)"
},
{
"status": "affected",
"version": "7.1(3)N1(2)"
},
{
"status": "affected",
"version": "8.2(2)"
},
{
"status": "affected",
"version": "6.2(13)"
},
{
"status": "affected",
"version": "6.0(2)A8(2)"
},
{
"status": "affected",
"version": "7.0(3)IC4(4)"
},
{
"status": "affected",
"version": "6.2(1)"
},
{
"status": "affected",
"version": "8.3(2)"
},
{
"status": "affected",
"version": "7.3(4)N1(1a)"
},
{
"status": "affected",
"version": "6.0(2)A6(3)"
},
{
"status": "affected",
"version": "6.0(2)U6(5b)"
},
{
"status": "affected",
"version": "7.0(3)F3(3c)"
},
{
"status": "affected",
"version": "7.0(3)F3(1)"
},
{
"status": "affected",
"version": "6.0(2)U6(5)"
},
{
"status": "affected",
"version": "7.0(3)F3(5)"
},
{
"status": "affected",
"version": "7.1(2)N1(1)"
},
{
"status": "affected",
"version": "7.1(3)N1(3)"
},
{
"status": "affected",
"version": "6.0(2)A6(7)"
},
{
"status": "affected",
"version": "7.0(3)I7(2)"
},
{
"status": "affected",
"version": "6.2(5a)"
},
{
"status": "affected",
"version": "6.0(2)A6(5)"
},
{
"status": "affected",
"version": "7.0(3)IM3(2b)"
},
{
"status": "affected",
"version": "7.1(3)N1(1)"
},
{
"status": "affected",
"version": "6.0(2)U6(4a)"
},
{
"status": "affected",
"version": "7.0(3)I5(3)"
},
{
"status": "affected",
"version": "7.0(3)I7(3)"
},
{
"status": "affected",
"version": "6.0(2)A8(6)"
},
{
"status": "affected",
"version": "7.0(3)I6(2)"
},
{
"status": "affected",
"version": "8.3(1)"
},
{
"status": "affected",
"version": "6.2(3)"
},
{
"status": "affected",
"version": "7.1(1)N1(1)"
},
{
"status": "affected",
"version": "8.1(1b)"
},
{
"status": "affected",
"version": "7.3(0)N1(1b)"
},
{
"status": "affected",
"version": "6.0(2)A8(5)"
},
{
"status": "affected",
"version": "7.1(4)N1(1d)"
},
{
"status": "affected",
"version": "7.3(2)N1(1)"
},
{
"status": "affected",
"version": "6.0(2)U6(8)"
},
{
"status": "affected",
"version": "7.1(1)N1(1a)"
},
{
"status": "affected",
"version": "7.0(3)IM3(3)"
},
{
"status": "affected",
"version": "9.3(1)"
},
{
"status": "affected",
"version": "6.0(2)U6(2)"
},
{
"status": "affected",
"version": "6.2(9b)"
},
{
"status": "affected",
"version": "7.1(3)N1(2a)"
},
{
"status": "affected",
"version": "7.3(0)N1(1a)"
},
{
"status": "affected",
"version": "6.0(2)A8(7)"
},
{
"status": "affected",
"version": "7.0(3)I7(6)"
},
{
"status": "affected",
"version": "8.4(1)"
},
{
"status": "affected",
"version": "6.2(25)"
},
{
"status": "affected",
"version": "6.0(2)U6(3a)"
},
{
"status": "affected",
"version": "6.0(2)A8(11a)"
},
{
"status": "affected",
"version": "6.2(11e)"
},
{
"status": "affected",
"version": "7.1(3)N1(5)"
},
{
"status": "affected",
"version": "7.0(3)I4(8z)"
},
{
"status": "affected",
"version": "6.2(11)"
},
{
"status": "affected",
"version": "7.0(3)I4(9)"
},
{
"status": "affected",
"version": "6.2(19)"
},
{
"status": "affected",
"version": "7.1(0)N1(1b)"
},
{
"status": "affected",
"version": "7.0(3)I7(4)"
},
{
"status": "affected",
"version": "7.0(3)I7(7)"
},
{
"status": "affected",
"version": "6.2(5b)"
},
{
"status": "affected",
"version": "7.3(0)DY(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(9)"
},
{
"status": "affected",
"version": "6.0(2)A8(1)"
},
{
"status": "affected",
"version": "7.1(5)N1(1)"
},
{
"status": "affected",
"version": "6.2(15)"
},
{
"status": "affected",
"version": "6.0(2)A6(6)"
},
{
"status": "affected",
"version": "6.0(2)A8(10a)"
},
{
"status": "affected",
"version": "7.0(3)I5(1)"
},
{
"status": "affected",
"version": "9.3(1z)"
},
{
"status": "affected",
"version": "9.2(2)"
},
{
"status": "affected",
"version": "6.2(7)"
},
{
"status": "affected",
"version": "6.2(9c)"
},
{
"status": "affected",
"version": "7.0(3)F3(4)"
},
{
"status": "affected",
"version": "7.3(3)N1(1)"
},
{
"status": "affected",
"version": "7.0(3)I4(8b)"
},
{
"status": "affected",
"version": "6.0(2)A8(3)"
},
{
"status": "affected",
"version": "6.2(11b)"
},
{
"status": "affected",
"version": "7.0(3)I4(6t)"
},
{
"status": "affected",
"version": "7.0(3)I5(3a)"
},
{
"status": "affected",
"version": "8.1(1a)"
},
{
"status": "affected",
"version": "6.2(13a)"
},
{
"status": "affected",
"version": "6.0(2)A8(8)"
},
{
"status": "affected",
"version": "7.0(3)I7(5)"
},
{
"status": "affected",
"version": "7.0(3)F3(3a)"
},
{
"status": "affected",
"version": "7.1(0)N1(1a)"
},
{
"status": "affected",
"version": "6.0(2)A8(4)"
},
{
"status": "affected",
"version": "6.0(2)A6(3a)"
},
{
"status": "affected",
"version": "6.0(2)A6(5a)"
},
{
"status": "affected",
"version": "7.0(3)F2(1)"
},
{
"status": "affected",
"version": "7.0(3)I4(8a)"
},
{
"status": "affected",
"version": "6.0(2)U6(9)"
},
{
"status": "affected",
"version": "7.0(3)F3(2)"
},
{
"status": "affected",
"version": "6.0(2)U6(2a)"
},
{
"status": "affected",
"version": "6.2(17)"
},
{
"status": "affected",
"version": "7.0(3)I4(4)"
},
{
"status": "affected",
"version": "6.2(23)"
},
{
"status": "affected",
"version": "6.2(13b)"
},
{
"status": "affected",
"version": "6.0(2)U6(3)"
},
{
"status": "affected",
"version": "7.1(2)N1(1a)"
},
{
"status": "affected",
"version": "7.0(3)I7(1)"
},
{
"status": "affected",
"version": "6.2(21)"
},
{
"status": "affected",
"version": "7.0(3)F2(2)"
},
{
"status": "affected",
"version": "7.0(3)IA7(2)"
},
{
"status": "affected",
"version": "7.0(3)IA7(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(7b)"
},
{
"status": "affected",
"version": "6.2(11c)"
},
{
"status": "affected",
"version": "7.0(3)F1(1)"
},
{
"status": "affected",
"version": "6.0(2)A6(1a)"
},
{
"status": "affected",
"version": "7.1(0)N1(1)"
},
{
"status": "affected",
"version": "6.0(2)A6(2)"
},
{
"status": "affected",
"version": "7.1(4)N1(1)"
},
{
"status": "affected",
"version": "6.0(2)A8(4a)"
},
{
"status": "affected",
"version": "6.0(2)U6(4)"
},
{
"status": "affected",
"version": "8.4(1a)"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "7.3(7)N1(1)"
},
{
"status": "affected",
"version": "6.2(31)"
},
{
"status": "affected",
"version": "7.0(3)I7(8)"
},
{
"status": "affected",
"version": "6.0(2)U6(10a)"
},
{
"status": "affected",
"version": "7.3(7)N1(1a)"
},
{
"status": "affected",
"version": "9.3(4)"
},
{
"status": "affected",
"version": "6.2(33)"
},
{
"status": "affected",
"version": "9.3(5)"
},
{
"status": "affected",
"version": "8.4(2a)"
},
{
"status": "affected",
"version": "8.4(2b)"
},
{
"status": "affected",
"version": "7.3(8)N1(1)"
},
{
"status": "affected",
"version": "7.0(3)I7(9)"
},
{
"status": "affected",
"version": "7.3(7)N1(1b)"
},
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "9.3(6)"
},
{
"status": "affected",
"version": "10.1(2)"
},
{
"status": "affected",
"version": "10.1(1)"
},
{
"status": "affected",
"version": "8.4(2c)"
},
{
"status": "affected",
"version": "9.3(5w)"
},
{
"status": "affected",
"version": "7.3(9)N1(1)"
},
{
"status": "affected",
"version": "9.3(7)"
},
{
"status": "affected",
"version": "9.3(7k)"
},
{
"status": "affected",
"version": "7.0(3)I7(9w)"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "7.3(8)N1(1a)"
},
{
"status": "affected",
"version": "9.3(7a)"
},
{
"status": "affected",
"version": "9.3(8)"
},
{
"status": "affected",
"version": "8.4(2d)"
},
{
"status": "affected",
"version": "7.3(10)N1(1)"
},
{
"status": "affected",
"version": "7.0(3)I7(10)"
},
{
"status": "affected",
"version": "7.3(8)N1(1b)"
},
{
"status": "affected",
"version": "10.2(1q)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "9.3(9)"
},
{
"status": "affected",
"version": "10.1(2t)"
},
{
"status": "affected",
"version": "7.3(11)N1(1)"
},
{
"status": "affected",
"version": "10.2(3)"
},
{
"status": "affected",
"version": "10.2(3t)"
},
{
"status": "affected",
"version": "8.4(2e)"
},
{
"status": "affected",
"version": "9.3(10)"
},
{
"status": "affected",
"version": "7.3(11)N1(1a)"
},
{
"status": "affected",
"version": "10.2(2a)"
},
{
"status": "affected",
"version": "7.3(12)N1(1)"
},
{
"status": "affected",
"version": "9.2(1a)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.2(4)"
},
{
"status": "affected",
"version": "7.3(13)N1(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "9.3(11)"
},
{
"status": "affected",
"version": "10.3(3)"
},
{
"status": "affected",
"version": "10.2(5)"
},
{
"status": "affected",
"version": "9.4(1)"
},
{
"status": "affected",
"version": "9.3(2a)"
},
{
"status": "affected",
"version": "8.4(2f)"
},
{
"status": "affected",
"version": "9.3(12)"
},
{
"status": "affected",
"version": "10.2(3v)"
},
{
"status": "affected",
"version": "10.4(1)"
},
{
"status": "affected",
"version": "10.3(99w)"
},
{
"status": "affected",
"version": "7.3(14)N1(1)"
},
{
"status": "affected",
"version": "10.2(6)"
},
{
"status": "affected",
"version": "10.3(3w)"
},
{
"status": "affected",
"version": "10.3(99x)"
},
{
"status": "affected",
"version": "10.3(3o)"
},
{
"status": "affected",
"version": "10.3(4)"
},
{
"status": "affected",
"version": "10.3(3p)"
},
{
"status": "affected",
"version": "10.3(4a)"
},
{
"status": "affected",
"version": "9.4(1a)"
},
{
"status": "affected",
"version": "10.4(2)"
},
{
"status": "affected",
"version": "10.3(3q)"
},
{
"status": "affected",
"version": "9.3(13)"
},
{
"status": "affected",
"version": "10.3(5)"
},
{
"status": "affected",
"version": "10.2(7)"
},
{
"status": "affected",
"version": "10.4(3)"
},
{
"status": "affected",
"version": "10.3(3x)"
},
{
"status": "affected",
"version": "10.3(4g)"
},
{
"status": "affected",
"version": "10.3(3r)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.\r\n\r\nThe vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.\u0026nbsp;\r\nNote: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "Insufficient Compartmentalization",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:37:27.149Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nxos-psbe-ce-YvbTn5du",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-psbe-ce-YvbTn5du"
},
{
"name": "Cisco NX-OS Security with Python",
"url": "https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410"
}
],
"source": {
"advisory": "cisco-sa-nxos-psbe-ce-YvbTn5du",
"defects": [
"CSCwh77780"
],
"discovery": "INTERNAL"
},
"title": "Cisco NX-OS Software Python Parser Escape Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20285",
"datePublished": "2024-08-28T16:37:27.149Z",
"dateReserved": "2023-11-08T15:08:07.626Z",
"dateUpdated": "2024-08-28T17:19:57.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8118 (GCVE-0-2024-8118)
Vulnerability from cvelistv5 – Published: 2024-09-26 18:46 – Updated: 2024-09-26 19:06
VLAI
EPSS
VEX
Title
Grafana alerting wrong permission on datasource rule write endpoint
Summary
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:06:31.902922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:06:40.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/grafana/grafana/",
"defaultStatus": "unaffected",
"product": "Grafana",
"programFiles": [
"/pkg/services/ngalert/api/authorization.go"
],
"vendor": "Grafana",
"versions": [
{
"lessThan": "10.3.10",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "10.4.9",
"status": "affected",
"version": "10.4.0",
"versionType": "semver"
},
{
"lessThan": "11.0.5",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "11.1.6",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThan": "11.2.1",
"status": "affected",
"version": "11.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.\u003cbr\u003e"
}
],
"value": "In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:46:07.048Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-8118/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Grafana alerting wrong permission on datasource rule write endpoint",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2024-8118",
"datePublished": "2024-09-26T18:46:07.048Z",
"dateReserved": "2024-08-23T13:45:00.173Z",
"dateUpdated": "2024-09-26T19:06:40.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Architecture and Design
Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.
No CAPEC attack patterns related to this CWE.