Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/30513?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30513?format=api", "vulnerability_id": "VCID-e82r-vc77-f7bz", "summary": "Docker Swarm encrypted overlay network with a single endpoint is unauthenticated\n[Moby](https://mobyproject.org/) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of [SwarmKit](https://github.com/moby/swarmkit) and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN), which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the [IPsec Encapsulating Security Payload](https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload) protocol in [Transport mode](https://en.wikipedia.org/wiki/IPsec#Transport_mode). By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three [iptables](https://www.netfilter.org/projects/iptables/index.html) (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nThe `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate.\n\n## Impact\nEncrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw) should be referenced for a deeper exploration.\n\n## Patches\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\n## Workarounds\n* In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For example, use the `registry.k8s.io/pause` image and a `--mode global` service.\n* For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features.\nThe Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network.\n* If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. For example, `iptables -A INPUT -m udp —-dport 4789 -m policy --dir in --pol none -j DROP`.\n\n## Background\n* This issue was discovered while characterizing and mitigating [CVE-2023-28840](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp) and [CVE-2023-28841](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237).\n\n## Related\n* [CVE-2023-28841: Encrypted overlay network traffic may be unencrypted](https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237)\n* [CVE-2023-28840: Encrypted overlay network may be unauthenticated](https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp)\n* [GHSA-vwm3-crmr-xfxw: The Swarm VXLAN port may be exposed to attack due to ambiguous documentation](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)\n* [GHSA-gvm4-2qqg-m333: Security issues in encrypted overlay networks](https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333) (libnetwork)", "aliases": [ { "alias": "CVE-2023-28842" }, { "alias": "GHSA-6wrf-mxfj-pf5p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/485950?format=api", "purl": "pkg:apk/alpine/docker@20.10.24-r0?arch=ppc64le&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.24-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/485952?format=api", "purl": "pkg:apk/alpine/docker@20.10.24-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.24-r0%3Farch=x86&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/485953?format=api", "purl": "pkg:apk/alpine/docker@20.10.24-r0?arch=x86_64&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.24-r0%3Farch=x86_64&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/485949?format=api", "purl": "pkg:apk/alpine/docker@20.10.24-r0?arch=armv7&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.24-r0%3Farch=armv7&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/485948?format=api", "purl": "pkg:apk/alpine/docker@20.10.24-r0?arch=armhf&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.24-r0%3Farch=armhf&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/485951?format=api", "purl": "pkg:apk/alpine/docker@20.10.24-r0?arch=s390x&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.24-r0%3Farch=s390x&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/485947?format=api", "purl": "pkg:apk/alpine/docker@20.10.24-r0?arch=aarch64&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.24-r0%3Farch=aarch64&distroversion=v3.17&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403542?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=aarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=aarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419741?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=s390x&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/446487?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86_64&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86_64&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475979?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armv7&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armv7&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/476802?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=aarch64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=aarch64&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489238?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armhf&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489244?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489245?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419738?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=loongarch64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/446482?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armhf&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armhf&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/476803?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armhf&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armhf&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475980?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=loongarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=loongarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/476804?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armv7&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armv7&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/431798?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=ppc64le&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/431802?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86_64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86_64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/446481?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=aarch64&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=aarch64&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/446485?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=s390x&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=s390x&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475977?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=aarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475978?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armhf&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armhf&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/476806?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=s390x&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=s390x&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489240?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=loongarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403549?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/431800?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=s390x&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=s390x&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/476805?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=ppc64le&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419736?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armhf&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489243?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=s390x&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489239?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armv7&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armv7&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403543?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armhf&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armhf&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403544?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armv7&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403545?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=loongarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403546?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=ppc64le&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403547?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403548?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=s390x&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=s390x&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/403550?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419737?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armv7&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armv7&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419739?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=ppc64le&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419742?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419743?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86_64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86_64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/431795?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=aarch64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=aarch64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/431796?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armhf&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armhf&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/431797?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armv7&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armv7&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/431801?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/446483?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=armv7&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=armv7&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/446484?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=ppc64le&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475981?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=ppc64le&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=ppc64le&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475982?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=riscv64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=riscv64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475984?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475985?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86_64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489237?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489241?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=ppc64le&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/489242?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419735?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=aarch64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=aarch64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/419740?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=riscv64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=riscv64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/431799?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=riscv64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=riscv64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/446486?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/475983?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=s390x&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=s390x&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/476807?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/476808?format=api", "purl": "pkg:apk/alpine/docker@23.0.3-r0?arch=x86_64&distroversion=v3.18&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@23.0.3-r0%3Farch=x86_64&distroversion=v3.18&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/582637?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/921997?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/84650?format=api", "purl": "pkg:ebuild/app-containers/docker@25.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582636?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-41ft-14gt-bbbq" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28842.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28842.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69414", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69398", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70488", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70508", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.705", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70458", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70472", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70487", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00863", "scoring_system": "epss", "scoring_elements": "0.75152", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00863", "scoring_system": "epss", "scoring_elements": "0.75148", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00863", "scoring_system": "epss", "scoring_elements": "0.75217", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00863", "scoring_system": "epss", "scoring_elements": "0.75193", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00863", "scoring_system": "epss", "scoring_elements": "0.75165", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00863", "scoring_system": "epss", "scoring_elements": "0.75156", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28842" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28842", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28842" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184688", "reference_id": "2184688", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184688" }, { "reference_url": "https://security.gentoo.org/glsa/202409-29", "reference_id": "GLSA-202409-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-29" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/", "reference_id": "LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/" }, { "reference_url": "https://usn.ubuntu.com/7474-1/", "reference_id": "USN-7474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7474-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/", "reference_id": "XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/", "reference_id": "ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T21:32:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/" } ], "weaknesses": [ { "cwe_id": 420, "name": "Unprotected Alternate Channel", "description": "The product protects a primary channel, but it does not use the same level of protection for an alternate channel." }, { "cwe_id": 636, "name": "Not Failing Securely ('Failing Open')", "description": "When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e82r-vc77-f7bz" }