Update 20231221071549 (#273)

feat: Updated at 20231221071549

Signed-off-by: bitnami-bot <[email protected]>

data/couchdb/BIT-couchdb-2023-45725.json

@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.5.0",
+  "id": "BIT-couchdb-2023-45725",
+  "details": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.These design document functions are:  *    list  *    show  *    rewrite  *    updateAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers",
+  "aliases": [
+    "CVE-2023-45725"
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Bitnami",
+        "name": "couchdb",
+        "purl": "pkg:bitnami/couchdb"
+      },
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
+        }
+      ],
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "3.3.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "database_specific": {
+    "severity": "Medium",
+    "cpes": [
+      "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*"
+    ]
+  },
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg"
+    }
+  ],
+  "published": "2023-12-21T07:17:08.474Z",
+  "modified": "2023-12-21T07:45:04.169Z"
+}

data/dotnet-sdk/BIT-dotnet-sdk-2022-23267.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-sdk-2022-23267",
-  "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.",
+  "details": ".NET and Visual Studio Denial of Service Vulnerability",
   "aliases": [
     "CVE-2022-23267"
   ],
@@ -77,5 +77,5 @@
     }
   ],
   "published": "2023-11-06T08:56:09.649Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet-sdk/BIT-dotnet-sdk-2022-29117.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-sdk-2022-29117",
-  "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.",
+  "details": ".NET and Visual Studio Denial of Service Vulnerability",
   "aliases": [
     "CVE-2022-29117"
   ],
@@ -77,5 +77,5 @@
     }
   ],
   "published": "2023-11-06T08:55:44.268Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet-sdk/BIT-dotnet-sdk-2022-29145.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-sdk-2022-29145",
-  "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.",
+  "details": ".NET and Visual Studio Denial of Service Vulnerability",
   "aliases": [
     "CVE-2022-29145"
   ],
@@ -77,5 +77,5 @@
     }
   ],
   "published": "2023-11-06T08:55:35.467Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet-sdk/BIT-dotnet-sdk-2022-30184.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-sdk-2022-30184",
-  "details": ".NET and Visual Studio Information Disclosure Vulnerability.",
+  "details": ".NET and Visual Studio Information Disclosure Vulnerability",
   "aliases": [
     "CVE-2022-30184"
   ],
@@ -62,5 +62,5 @@
     }
   ],
   "published": "2023-11-06T08:55:27.570Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet-sdk/BIT-dotnet-sdk-2022-38013.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-sdk-2022-38013",
-  "details": ".NET Core and Visual Studio Denial of Service Vulnerability.",
+  "details": ".NET Core and Visual Studio Denial of Service Vulnerability",
   "aliases": [
     "CVE-2022-38013"
   ],
@@ -86,5 +86,5 @@
     }
   ],
   "published": "2023-11-06T08:55:06.770Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet-sdk/BIT-dotnet-sdk-2022-41032.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-sdk-2022-41032",
-  "details": "NuGet Client Elevation of Privilege Vulnerability.",
+  "details": "NuGet Client Elevation of Privilege Vulnerability",
   "aliases": [
     "CVE-2022-41032"
   ],
@@ -70,5 +70,5 @@
     }
   ],
   "published": "2023-11-06T08:54:59.055Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet/BIT-dotnet-2022-23267.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-2022-23267",
-  "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.",
+  "details": ".NET and Visual Studio Denial of Service Vulnerability",
   "aliases": [
     "CVE-2022-23267"
   ],
@@ -77,5 +77,5 @@
     }
   ],
   "published": "2023-11-06T08:55:55.078Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet/BIT-dotnet-2022-29117.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-2022-29117",
-  "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.",
+  "details": ".NET and Visual Studio Denial of Service Vulnerability",
   "aliases": [
     "CVE-2022-29117"
   ],
@@ -77,5 +77,5 @@
     }
   ],
   "published": "2023-11-06T08:55:29.782Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet/BIT-dotnet-2022-29145.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-2022-29145",
-  "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.",
+  "details": ".NET and Visual Studio Denial of Service Vulnerability",
   "aliases": [
     "CVE-2022-29145"
   ],
@@ -77,5 +77,5 @@
     }
   ],
   "published": "2023-11-06T08:55:21.672Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet/BIT-dotnet-2022-30184.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-2022-30184",
-  "details": ".NET and Visual Studio Information Disclosure Vulnerability.",
+  "details": ".NET and Visual Studio Information Disclosure Vulnerability",
   "aliases": [
     "CVE-2022-30184"
   ],
@@ -62,5 +62,5 @@
     }
   ],
   "published": "2023-11-06T08:55:14.156Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet/BIT-dotnet-2022-38013.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-2022-38013",
-  "details": ".NET Core and Visual Studio Denial of Service Vulnerability.",
+  "details": ".NET Core and Visual Studio Denial of Service Vulnerability",
   "aliases": [
     "CVE-2022-38013"
   ],
@@ -86,5 +86,5 @@
     }
   ],
   "published": "2023-11-06T08:54:57.374Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/dotnet/BIT-dotnet-2022-41032.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.5.0",
   "id": "BIT-dotnet-2022-41032",
-  "details": "NuGet Client Elevation of Privilege Vulnerability.",
+  "details": "NuGet Client Elevation of Privilege Vulnerability",
   "aliases": [
     "CVE-2022-41032"
   ],
@@ -70,5 +70,5 @@
     }
   ],
   "published": "2023-11-06T08:54:46.261Z",
-  "modified": "2023-11-08T07:44:02.038Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/mlflow/BIT-mlflow-2023-6909.json

@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.5.0",
+  "id": "BIT-mlflow-2023-6909",
+  "details": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.",
+  "aliases": [
+    "CVE-2023-6909"
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Bitnami",
+        "name": "mlflow",
+        "purl": "pkg:bitnami/mlflow"
+      },
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"
+        }
+      ],
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.9.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "database_specific": {
+    "severity": "High",
+    "cpes": [
+      "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*"
+    ]
+  },
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850"
+    }
+  ],
+  "published": "2023-12-21T07:21:40.198Z",
+  "modified": "2023-12-21T07:45:04.169Z"
+}

data/postgresql/BIT-postgresql-2023-39417.json

@@ -151,8 +151,20 @@
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2023:7785"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7883"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7884"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7885"
     }
   ],
   "published": "2023-11-06T08:59:59.278Z",
-  "modified": "2023-12-14T07:45:59.314Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/postgresql/BIT-postgresql-2023-39418.json

@@ -67,8 +67,20 @@
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2023:7785"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7883"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7884"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7885"
     }
   ],
   "published": "2023-11-06T08:59:50.258Z",
-  "modified": "2023-12-14T07:45:59.314Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }

data/postgresql/BIT-postgresql-2023-5868.json

@@ -151,8 +151,20 @@
     {
       "type": "WEB",
       "url": "https://www.postgresql.org/support/security/CVE-2023-5868/"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7883"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7884"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2023:7885"
     }
   ],
   "published": "2023-12-14T07:27:34.844Z",
-  "modified": "2023-12-14T07:45:59.314Z"
+  "modified": "2023-12-21T07:45:04.169Z"
 }