Vulnerability from csaf_suse
Published
2021-02-26 10:11
Modified
2021-02-26 10:11
Summary
Security update for py26-compat-salt
Notes
Title of the patch
Security update for py26-compat-salt
Description of the patch
This update for py26-compat-salt fixes the following issues:
- Allow extra_filerefs as sanitized kwargs for SSH client
- Fix for multiple for security issues
(CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144)
(CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)
(bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560)
(bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
- Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
Patchnames
SUSE-2021-624,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-624
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "critical", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for py26-compat-salt", title: "Title of the patch", }, { category: "description", text: "This update for py26-compat-salt fixes the following issues:\n\n- Allow extra_filerefs as sanitized kwargs for SSH client\n- Fix for multiple for security issues\n (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144)\n (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)\n (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560)\n (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)\n- Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2021-624,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-624", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0624-1.json", }, { category: "self", summary: "URL for SUSE-SU-2021:0624-1", url: "https://www.suse.com/support/update/announcement/2021/suse-su-20210624-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2021:0624-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008379.html", }, { category: "self", summary: "SUSE Bug 1181550", url: "https://bugzilla.suse.com/1181550", }, { category: "self", summary: "SUSE Bug 1181556", url: "https://bugzilla.suse.com/1181556", }, { category: "self", summary: "SUSE Bug 1181557", url: "https://bugzilla.suse.com/1181557", }, { category: "self", summary: "SUSE Bug 1181558", url: "https://bugzilla.suse.com/1181558", }, { category: "self", summary: "SUSE Bug 1181559", url: "https://bugzilla.suse.com/1181559", }, { category: "self", summary: "SUSE Bug 1181560", url: "https://bugzilla.suse.com/1181560", }, { category: "self", summary: "SUSE Bug 1181561", url: "https://bugzilla.suse.com/1181561", }, { category: "self", summary: "SUSE Bug 1181562", url: "https://bugzilla.suse.com/1181562", }, { category: "self", summary: "SUSE Bug 1181563", url: "https://bugzilla.suse.com/1181563", }, { category: "self", summary: "SUSE Bug 1181564", url: "https://bugzilla.suse.com/1181564", }, { category: "self", summary: "SUSE Bug 1181565", url: "https://bugzilla.suse.com/1181565", }, { category: "self", summary: "SUSE Bug 1182740", url: "https://bugzilla.suse.com/1182740", }, { category: "self", summary: "SUSE CVE CVE-2020-28243 page", url: "https://www.suse.com/security/cve/CVE-2020-28243/", }, { category: "self", summary: "SUSE CVE CVE-2020-28972 page", url: "https://www.suse.com/security/cve/CVE-2020-28972/", }, { category: "self", summary: "SUSE CVE CVE-2020-35662 page", url: "https://www.suse.com/security/cve/CVE-2020-35662/", }, { category: "self", summary: "SUSE CVE CVE-2021-25281 page", url: "https://www.suse.com/security/cve/CVE-2021-25281/", }, { category: "self", summary: "SUSE CVE CVE-2021-25282 page", url: "https://www.suse.com/security/cve/CVE-2021-25282/", }, { category: "self", summary: "SUSE CVE CVE-2021-25283 page", url: "https://www.suse.com/security/cve/CVE-2021-25283/", }, { category: "self", summary: "SUSE CVE CVE-2021-25284 page", url: "https://www.suse.com/security/cve/CVE-2021-25284/", }, { category: "self", summary: "SUSE CVE CVE-2021-3144 page", url: "https://www.suse.com/security/cve/CVE-2021-3144/", }, { category: "self", summary: "SUSE CVE CVE-2021-3148 page", url: "https://www.suse.com/security/cve/CVE-2021-3148/", }, { category: "self", summary: "SUSE CVE CVE-2021-3197 page", url: "https://www.suse.com/security/cve/CVE-2021-3197/", }, ], title: "Security update for py26-compat-salt", tracking: { current_release_date: "2021-02-26T10:11:02Z", generator: { date: "2021-02-26T10:11:02Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2021:0624-1", initial_release_date: "2021-02-26T10:11:02Z", revision_history: [ { date: "2021-02-26T10:11:02Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "py26-compat-salt-2016.11.10-6.8.1.noarch", product: { name: "py26-compat-salt-2016.11.10-6.8.1.noarch", product_id: "py26-compat-salt-2016.11.10-6.8.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_name", name: "SUSE Manager Server Module 4.1", product: { name: "SUSE Manager Server Module 4.1", product_id: "SUSE Manager Server Module 4.1", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-server:4.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "py26-compat-salt-2016.11.10-6.8.1.noarch as component of SUSE Manager Server Module 4.1", product_id: "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", }, product_reference: "py26-compat-salt-2016.11.10-6.8.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-28243", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-28243", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-28243", url: "https://www.suse.com/security/cve/CVE-2020-28243", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2020-28243", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181556 for CVE-2020-28243", url: "https://bugzilla.suse.com/1181556", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2020-28243", }, { cve: "CVE-2020-28972", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-28972", }, ], notes: [ { category: "general", text: "In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-28972", url: "https://www.suse.com/security/cve/CVE-2020-28972", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2020-28972", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181557 for CVE-2020-28972", url: "https://bugzilla.suse.com/1181557", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2020-28972", }, { cve: "CVE-2020-35662", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-35662", }, ], notes: [ { category: "general", text: "In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-35662", url: "https://www.suse.com/security/cve/CVE-2020-35662", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2020-35662", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181565 for CVE-2020-35662", url: "https://bugzilla.suse.com/1181565", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.4, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2020-35662", }, { cve: "CVE-2021-25281", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25281", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-25281", url: "https://www.suse.com/security/cve/CVE-2021-25281", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25281", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181559 for CVE-2021-25281", url: "https://bugzilla.suse.com/1181559", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2021-25281", }, { cve: "CVE-2021-25282", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25282", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-25282", url: "https://www.suse.com/security/cve/CVE-2021-25282", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25282", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181560 for CVE-2021-25282", url: "https://bugzilla.suse.com/1181560", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2021-25282", }, { cve: "CVE-2021-25283", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25283", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-25283", url: "https://www.suse.com/security/cve/CVE-2021-25283", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25283", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181561 for CVE-2021-25283", url: "https://bugzilla.suse.com/1181561", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2021-25283", }, { cve: "CVE-2021-25284", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-25284", }, ], notes: [ { category: "general", text: "An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-25284", url: "https://www.suse.com/security/cve/CVE-2021-25284", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-25284", url: "https://bugzilla.suse.com/1181550", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2021-25284", }, { cve: "CVE-2021-3144", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3144", }, ], notes: [ { category: "general", text: "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-3144", url: "https://www.suse.com/security/cve/CVE-2021-3144", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-3144", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181562 for CVE-2021-3144", url: "https://bugzilla.suse.com/1181562", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2021-3144", }, { cve: "CVE-2021-3148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3148", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-3148", url: "https://www.suse.com/security/cve/CVE-2021-3148", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-3148", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181558 for CVE-2021-3148", url: "https://bugzilla.suse.com/1181558", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2021-3148", }, { cve: "CVE-2021-3197", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3197", }, ], notes: [ { category: "general", text: "An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-3197", url: "https://www.suse.com/security/cve/CVE-2021-3197", }, { category: "external", summary: "SUSE Bug 1181550 for CVE-2021-3197", url: "https://bugzilla.suse.com/1181550", }, { category: "external", summary: "SUSE Bug 1181564 for CVE-2021-3197", url: "https://bugzilla.suse.com/1181564", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Server Module 4.1:py26-compat-salt-2016.11.10-6.8.1.noarch", ], }, ], threats: [ { category: "impact", date: "2021-02-26T10:11:02Z", details: "important", }, ], title: "CVE-2021-3197", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.