diff --git a/cves/2024/9xxx/CVE-2024-9355.json b/cves/2024/9xxx/CVE-2024-9355.json index 316d3668ecb6..5d2d5194a2e0 100644 --- a/cves/2024/9xxx/CVE-2024-9355.json +++ b/cves/2024/9xxx/CVE-2024-9355.json @@ -8,7 +8,7 @@ "assignerShortName": "redhat", "dateReserved": "2024-09-30T17:07:30.833Z", "datePublished": "2024-10-01T18:17:29.420Z", - "dateUpdated": "2025-02-14T12:02:07.742Z" + "dateUpdated": "2025-03-05T22:33:03.607Z" }, "containers": { "cna": { @@ -179,6 +179,16 @@ "cpe:/a:redhat:rhel_eus:9.4::appstream" ] }, + { + "vendor": "Red Hat", + "product": "Streams for Apache Kafka 2.9.0", + "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", + "defaultStatus": "unaffected", + "packageName": "golang-github-danielqsj-kafka_exporter", + "cpes": [ + "cpe:/a:redhat:amq_streams:2" + ] + }, { "vendor": "Red Hat", "product": "NBDE Tang Server", @@ -1128,16 +1138,6 @@ "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1" ] - }, - { - "vendor": "Red Hat", - "product": "streams for Apache Kafka", - "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", - "packageName": "golang-github-danielqsj-kafka_exporter", - "defaultStatus": "affected", - "cpes": [ - "cpe:/a:redhat:amq_streams:1" - ] } ], "references": [ @@ -1197,6 +1197,14 @@ "x_refsource_REDHAT" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:2416", + "name": "RHSA-2025:2416", + "tags": [ + "vendor-advisory", + "x_refsource_REDHAT" + ] + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-9355", "tags": [ @@ -1254,7 +1262,7 @@ "providerMetadata": { "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", - "dateUpdated": "2025-02-14T12:02:07.742Z" + "dateUpdated": "2025-03-05T22:33:03.607Z" } }, "adp": [ diff --git a/cves/2025/27xxx/CVE-2025-27622.json b/cves/2025/27xxx/CVE-2025-27622.json new file mode 100644 index 000000000000..452dd2571499 --- /dev/null +++ b/cves/2025/27xxx/CVE-2025-27622.json @@ -0,0 +1,58 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-27622", + "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", + "state": "PUBLISHED", + "assignerShortName": "jenkins", + "dateReserved": "2025-03-04T07:21:12.533Z", + "datePublished": "2025-03-05T22:33:34.766Z", + "dateUpdated": "2025-03-05T22:33:34.766Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", + "shortName": "jenkins", + "dateUpdated": "2025-03-05T22:33:34.766Z" + }, + "affected": [ + { + "vendor": "Jenkins Project", + "product": "Jenkins", + "versions": [ + { + "version": "2.492.2", + "versionType": "maven", + "lessThan": "2.492.*", + "status": "unaffected" + }, + { + "version": "2.500", + "versionType": "maven", + "lessThan": "*", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets." + } + ], + "references": [ + { + "name": "Jenkins Security Advisory 2025-03-05", + "url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495", + "tags": [ + "vendor-advisory" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/27xxx/CVE-2025-27623.json b/cves/2025/27xxx/CVE-2025-27623.json new file mode 100644 index 000000000000..9aab8e2062fc --- /dev/null +++ b/cves/2025/27xxx/CVE-2025-27623.json @@ -0,0 +1,58 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-27623", + "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", + "state": "PUBLISHED", + "assignerShortName": "jenkins", + "dateReserved": "2025-03-04T07:21:12.533Z", + "datePublished": "2025-03-05T22:33:35.469Z", + "dateUpdated": "2025-03-05T22:33:35.469Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", + "shortName": "jenkins", + "dateUpdated": "2025-03-05T22:33:35.469Z" + }, + "affected": [ + { + "vendor": "Jenkins Project", + "product": "Jenkins", + "versions": [ + { + "version": "2.492.2", + "versionType": "maven", + "lessThan": "2.492.*", + "status": "unaffected" + }, + { + "version": "2.500", + "versionType": "maven", + "lessThan": "*", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets." + } + ], + "references": [ + { + "name": "Jenkins Security Advisory 2025-03-05", + "url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3496", + "tags": [ + "vendor-advisory" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/27xxx/CVE-2025-27624.json b/cves/2025/27xxx/CVE-2025-27624.json new file mode 100644 index 000000000000..64f2354d209e --- /dev/null +++ b/cves/2025/27xxx/CVE-2025-27624.json @@ -0,0 +1,58 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-27624", + "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", + "state": "PUBLISHED", + "assignerShortName": "jenkins", + "dateReserved": "2025-03-04T07:21:12.533Z", + "datePublished": "2025-03-05T22:33:36.141Z", + "dateUpdated": "2025-03-05T22:33:36.141Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", + "shortName": "jenkins", + "dateUpdated": "2025-03-05T22:33:36.141Z" + }, + "affected": [ + { + "vendor": "Jenkins Project", + "product": "Jenkins", + "versions": [ + { + "version": "2.492.2", + "versionType": "maven", + "lessThan": "2.492.*", + "status": "unaffected" + }, + { + "version": "2.500", + "versionType": "maven", + "lessThan": "*", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets)." + } + ], + "references": [ + { + "name": "Jenkins Security Advisory 2025-03-05", + "url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3498", + "tags": [ + "vendor-advisory" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2025/27xxx/CVE-2025-27625.json b/cves/2025/27xxx/CVE-2025-27625.json new file mode 100644 index 000000000000..b197b6eb52df --- /dev/null +++ b/cves/2025/27xxx/CVE-2025-27625.json @@ -0,0 +1,58 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2025-27625", + "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", + "state": "PUBLISHED", + "assignerShortName": "jenkins", + "dateReserved": "2025-03-04T07:21:12.534Z", + "datePublished": "2025-03-05T22:33:36.808Z", + "dateUpdated": "2025-03-05T22:33:36.808Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", + "shortName": "jenkins", + "dateUpdated": "2025-03-05T22:33:36.808Z" + }, + "affected": [ + { + "vendor": "Jenkins Project", + "product": "Jenkins", + "versions": [ + { + "version": "2.492.2", + "versionType": "maven", + "lessThan": "2.492.*", + "status": "unaffected" + }, + { + "version": "2.500", + "versionType": "maven", + "lessThan": "*", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + ], + "descriptions": [ + { + "lang": "en", + "value": "In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects." + } + ], + "references": [ + { + "name": "Jenkins Security Advisory 2025-03-05", + "url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3501", + "tags": [ + "vendor-advisory" + ] + } + ] + } + } +} \ No newline at end of file