tssa-2025-00001
Vulnerability from csaf_trustsource
Published
2025-10-06 11:54
Modified
2025-10-06 11:54
Summary
Project CSAF document

Notes

Author comment
Detailed list of project vulnerabilities


To clipboard 

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "Detailed list of project vulnerabilities",
        "title": "Author comment"
      }
    ],
    "publisher": {
      "category": "vendor",
      "name": "TrustSource Product and Service Security",
      "namespace": "https://app.trustsource.io/"
    },
    "title": "Project CSAF document",
    "tracking": {
      "current_release_date": "2025-10-06T11:54:52.856Z",
      "generator": {
        "date": "2025-10-06T11:54:52.856Z",
        "engine": {
          "name": "TrustSource-CSAF",
          "version": "1.0.0"
        }
      },
      "id": "tssa-2025-00001",
      "initial_release_date": "2025-10-06T11:54:52.856Z",
      "revision_history": [
        {
          "date": "2025-10-06T11:54:52.856Z",
          "number": "1",
          "summary": "Initial version."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "0.4.0",
                "product": {
                  "name": "ecs-java-client",
                  "product_id": "U2FsdGVkX1/PvkRLmbU707SrI0ySwi7noULP/t0B93/l"
                }
              }
            ],
            "category": "product_name",
            "name": "JavaTools"
          }
        ],
        "category": "vendor",
        "name": "EACG Operations Solutions GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-25761",
      "cwe": {
        "id": "CWE-79",
        "name": "CWE-79"
      },
      "notes": [
        {
          "category": "description",
          "text": "Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "under_investigation": [
          "U2FsdGVkX1/PvkRLmbU707SrI0ySwi7noULP/t0B93/l"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "Mailing List - Third Party Advisory",
          "url": "http://www.openwall.com/lists/oss-security/2023/02/15/4"
        },
        {
          "category": "external",
          "summary": "Vendor Advisory",
          "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032"
        },
        {
          "category": "external",
          "summary": "Mailing List - Third Party Advisory",
          "url": "http://www.openwall.com/lists/oss-security/2023/02/15/4"
        },
        {
          "category": "external",
          "summary": "Vendor Advisory",
          "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "U2FsdGVkX1/PvkRLmbU707SrI0ySwi7noULP/t0B93/l"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2022-45380",
      "cwe": {
        "id": "CWE-79",
        "name": "CWE-79"
      },
      "notes": [
        {
          "category": "description",
          "text": "Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "under_investigation": [
          "U2FsdGVkX1/PvkRLmbU707SrI0ySwi7noULP/t0B93/l"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "Mailing List",
          "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4"
        },
        {
          "category": "external",
          "summary": "Vendor Advisory",
          "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888"
        },
        {
          "category": "external",
          "summary": "Mailing List",
          "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4"
        },
        {
          "category": "external",
          "summary": "Vendor Advisory",
          "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "U2FsdGVkX1/PvkRLmbU707SrI0ySwi7noULP/t0B93/l"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2023-0482",
      "cwe": {
        "id": "CWE-378",
        "name": "CWE-378"
      },
      "notes": [
        {
          "category": "description",
          "text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "under_investigation": [
          "U2FsdGVkX1/PvkRLmbU707SrI0ySwi7noULP/t0B93/l"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "Patch",
          "url": "https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56"
        },
        {
          "category": "external",
          "summary": "Third Party Advisory",
          "url": "https://security.netapp.com/advisory/ntap-20230427-0001/"
        },
        {
          "category": "external",
          "summary": "Patch",
          "url": "https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56"
        },
        {
          "category": "external",
          "summary": "Third Party Advisory",
          "url": "https://security.netapp.com/advisory/ntap-20230427-0001/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "U2FsdGVkX1/PvkRLmbU707SrI0ySwi7noULP/t0B93/l"
          ]
        }
      ]
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.