From 6f8e096407fccaddf0aa8990555ecbd94c005319 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Mon, 11 Nov 2024 16:33:07 +0000 Subject: [PATCH] adjust some haproxy cves Signed-off-by: Weston Steimel --- data/anchore/2016/CVE-2016-2102.json | 34 ++++++++++++ data/anchore/2023/CVE-2023-0056.json | 79 ++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 data/anchore/2016/CVE-2016-2102.json create mode 100644 data/anchore/2023/CVE-2023-0056.json diff --git a/data/anchore/2016/CVE-2016-2102.json b/data/anchore/2016/CVE-2016-2102.json new file mode 100644 index 00000000..ea2b9885 --- /dev/null +++ b/data/anchore/2016/CVE-2016-2102.json @@ -0,0 +1,34 @@ +{ + "additionalMetadata": { + "cna": "redhat", + "cveId": "CVE-2016-2102", + "description": "HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.", + "reason": "Remove HAProxy as affected product since this was specific to openstack tripleo-image-elements", + "references": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1311145" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:openstack:tripleo-image-elements:*:*:*:*:*:*:*:*" + ], + "product": "tripleo-image-elements", + "vendor": "openstack", + "versions": [ + { + "lessThanOrEqual": "*", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file diff --git a/data/anchore/2023/CVE-2023-0056.json b/data/anchore/2023/CVE-2023-0056.json new file mode 100644 index 00000000..38536e63 --- /dev/null +++ b/data/anchore/2023/CVE-2023-0056.json @@ -0,0 +1,79 @@ +{ + "additionalMetadata": { + "cna": "redhat", + "cveId": "CVE-2023-0056", + "description": "An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.", + "reason": "Add affected versions", + "references": [ + "https://access.redhat.com/security/cve/CVE-2023-0056" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*" + ], + "product": "haproxy", + "repo": "https://github.com/haproxy/haproxy", + "vendor": "haproxy", + "versions": [ + { + "lessThan": "2.8-dev1", + "status": "affected", + "version": "2.8-dev0", + "versionType": "custom" + }, + { + "lessThan": "2.7.2", + "status": "affected", + "version": "2.7-dev0", + "versionType": "custom" + }, + { + "lessThan": "2.6.8", + "status": "affected", + "version": "2.6-dev0", + "versionType": "custom" + }, + { + "lessThan": "2.5.11", + "status": "affected", + "version": "2.5-dev0", + "versionType": "custom" + }, + { + "lessThan": "2.4.21", + "status": "affected", + "version": "2.3-dev0", + "versionType": "custom" + }, + { + "lessThan": "2.2.27", + "status": "affected", + "version": "2.2-dev0", + "versionType": "custom" + }, + { + "lessThan": "2.0.31", + "status": "affected", + "version": "0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + }, + "references": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2023-0056" + }, + { + "url": "https://github.com/haproxy/haproxy/issues/1972" + } + ] + } +} \ No newline at end of file