Auto-Update: 2024-12-18T00:55:25.381382+00:00

fkie-cad · Dec 18, 2024 · 6fa7051 · 6fa7051
1 parent eb6374b
commit 6fa7051
Show file tree

Hide file tree

Showing 4 changed files with 166 additions and 54 deletions.
diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10973.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10973.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10973",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-12-17T23:15:05.423",
+  "lastModified": "2024-12-17T23:15:05.423",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 5.7,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-319"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2024-10973",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324361",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9779.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9779.json
@@ -0,0 +1,72 @@
+{
+  "id": "CVE-2024-9779",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-12-17T23:15:05.603",
+  "lastModified": "2024-12-17T23:15:05.603",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name \"cluster-manager\" which is bound to a ClusterRole also named \"cluster-manager\", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-501"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2024-9779",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317916",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/open-cluster-management-io/ocm/pull/325",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/open-cluster-management-io/ocm/releases/tag/v0.13.0",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/open-cluster-management-io/registration-operator/issues/361",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
diff --git a/README.md b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-12-17T23:00:19.493459+00:00
+2024-12-18T00:55:25.381382+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-12-17T22:20:34.167000+00:00
+2024-12-17T23:15:05.603000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,43 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-274177
+274179
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `12`
+Recently added CVEs: `2`
 
-- [CVE-2023-37940](CVE-2023/CVE-2023-379xx/CVE-2023-37940.json) (`2024-12-17T22:15:05.080`)
-- [CVE-2024-11993](CVE-2024/CVE-2024-119xx/CVE-2024-11993.json) (`2024-12-17T21:15:07.013`)
-- [CVE-2024-12539](CVE-2024/CVE-2024-125xx/CVE-2024-12539.json) (`2024-12-17T21:15:07.183`)
-- [CVE-2024-29646](CVE-2024/CVE-2024-296xx/CVE-2024-29646.json) (`2024-12-17T22:15:06.550`)
-- [CVE-2024-31668](CVE-2024/CVE-2024-316xx/CVE-2024-31668.json) (`2024-12-17T22:15:06.677`)
-- [CVE-2024-51175](CVE-2024/CVE-2024-511xx/CVE-2024-51175.json) (`2024-12-17T22:15:06.967`)
-- [CVE-2024-52792](CVE-2024/CVE-2024-527xx/CVE-2024-52792.json) (`2024-12-17T22:15:07.083`)
-- [CVE-2024-55056](CVE-2024/CVE-2024-550xx/CVE-2024-55056.json) (`2024-12-17T21:15:08.253`)
-- [CVE-2024-55057](CVE-2024/CVE-2024-550xx/CVE-2024-55057.json) (`2024-12-17T21:15:08.373`)
-- [CVE-2024-55058](CVE-2024/CVE-2024-550xx/CVE-2024-55058.json) (`2024-12-17T21:15:08.510`)
-- [CVE-2024-55059](CVE-2024/CVE-2024-550xx/CVE-2024-55059.json) (`2024-12-17T21:15:08.643`)
-- [CVE-2024-56142](CVE-2024/CVE-2024-561xx/CVE-2024-56142.json) (`2024-12-17T22:15:07.547`)
+- [CVE-2024-10973](CVE-2024/CVE-2024-109xx/CVE-2024-10973.json) (`2024-12-17T23:15:05.423`)
+- [CVE-2024-9779](CVE-2024/CVE-2024-97xx/CVE-2024-9779.json) (`2024-12-17T23:15:05.603`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `12`
-
-- [CVE-2023-34645](CVE-2023/CVE-2023-346xx/CVE-2023-34645.json) (`2024-12-17T21:15:06.333`)
-- [CVE-2024-1971](CVE-2024/CVE-2024-19xx/CVE-2024-1971.json) (`2024-12-17T22:08:13.060`)
-- [CVE-2024-2067](CVE-2024/CVE-2024-20xx/CVE-2024-2067.json) (`2024-12-17T22:01:09.097`)
-- [CVE-2024-2068](CVE-2024/CVE-2024-20xx/CVE-2024-2068.json) (`2024-12-17T21:49:34.503`)
-- [CVE-2024-2069](CVE-2024/CVE-2024-20xx/CVE-2024-2069.json) (`2024-12-17T21:47:11.063`)
-- [CVE-2024-2070](CVE-2024/CVE-2024-20xx/CVE-2024-2070.json) (`2024-12-17T21:28:59.773`)
-- [CVE-2024-29224](CVE-2024/CVE-2024-292xx/CVE-2024-29224.json) (`2024-12-17T22:20:34.167`)
-- [CVE-2024-43088](CVE-2024/CVE-2024-430xx/CVE-2024-43088.json) (`2024-12-17T21:16:19.387`)
-- [CVE-2024-43089](CVE-2024/CVE-2024-430xx/CVE-2024-43089.json) (`2024-12-17T21:04:38.220`)
-- [CVE-2024-50623](CVE-2024/CVE-2024-506xx/CVE-2024-50623.json) (`2024-12-17T22:15:06.793`)
-- [CVE-2024-53375](CVE-2024/CVE-2024-533xx/CVE-2024-53375.json) (`2024-12-17T21:15:08.073`)
-- [CVE-2024-55566](CVE-2024/CVE-2024-555xx/CVE-2024-55566.json) (`2024-12-17T21:15:08.777`)
+Recently modified CVEs: `0`
+
 
 
 ## Download and Usage