Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 60bb3f495481 · 2025-01-16T09:32:02.000Z
GHSA-5w92-hhch-jqv7 GHSA-9wj2-ccpq-qx84 GHSA-rjhh-4m39-v2cg GHSA-wwr4-cj7g-985f
diff --git a/advisories/unreviewed/2025/01/GHSA-5w92-hhch-jqv7/GHSA-5w92-hhch-jqv7.json b/advisories/unreviewed/2025/01/GHSA-5w92-hhch-jqv7/GHSA-5w92-hhch-jqv7.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5w92-hhch-jqv7",
+  "modified": "2025-01-16T09:30:36Z",
+  "published": "2025-01-16T09:30:36Z",
+  "aliases": [
+    "CVE-2024-12226"
+  ],
+  "details": "In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12226"
+    },
+    {
+      "type": "WEB",
+      "url": "https://advisories.octopus.com/post/2024/sa2024-10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-532"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-16T07:15:26Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-9wj2-ccpq-qx84/GHSA-9wj2-ccpq-qx84.json b/advisories/unreviewed/2025/01/GHSA-9wj2-ccpq-qx84/GHSA-9wj2-ccpq-qx84.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9wj2-ccpq-qx84",
+  "modified": "2025-01-16T09:30:36Z",
+  "published": "2025-01-16T09:30:36Z",
+  "aliases": [
+    "CVE-2024-48885"
+  ],
+  "details": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48885"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-259"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-16T09:15:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-rjhh-4m39-v2cg/GHSA-rjhh-4m39-v2cg.json b/advisories/unreviewed/2025/01/GHSA-rjhh-4m39-v2cg/GHSA-rjhh-4m39-v2cg.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rjhh-4m39-v2cg",
+  "modified": "2025-01-16T09:30:36Z",
+  "published": "2025-01-16T09:30:36Z",
+  "aliases": [
+    "CVE-2024-45331"
+  ],
+  "details": "A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45331"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-127"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-16T09:15:06Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/01/GHSA-wwr4-cj7g-985f/GHSA-wwr4-cj7g-985f.json b/advisories/unreviewed/2025/01/GHSA-wwr4-cj7g-985f/GHSA-wwr4-cj7g-985f.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wwr4-cj7g-985f",
-  "modified": "2025-01-15T15:31:23Z",
+  "modified": "2025-01-16T09:30:36Z",
   "published": "2025-01-15T06:30:49Z",
   "aliases": [
     "CVE-2025-23013"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2025/01/15/1"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2025/01/16/2"
     }
   ],
   "database_specific": {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-wwr4-cj7g-985f",`
`4`		`- "modified": "2025-01-15T15:31:23Z",`
	`4`	`+ "modified": "2025-01-16T09:30:36Z",`
`5`	`5`	`"published": "2025-01-15T06:30:49Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-23013"`
`@@ -26,6 +26,10 @@`
`26`	`26`	`{`
`27`	`27`	`"type": "WEB",`
`28`	`28`	`"url": "http://www.openwall.com/lists/oss-security/2025/01/15/1"`
	`29`	`+ },`
	`30`	`+ {`
	`31`	`+ "type": "WEB",`
	`32`	`+ "url": "http://www.openwall.com/lists/oss-security/2025/01/16/2"`
`29`	`33`	`}`
`30`	`34`	`],`
`31`	`35`	`"database_specific": {`