Publish Advisories

GHSA-39v3-f278-vj3g GHSA-3x3f-jcp3-g22j GHSA-4p75-5p53-65m9 GHSA-64vr-g452-qvp3 GHSA-9cwx-2883-4wfx GHSA-gc7q-jgjv-vjr2 GHSA-v345-w9f2-mpm5
github · Sep 17, 2024 · d862f54 · d862f54
1 parent 1329657
commit d862f54
Show file tree

Hide file tree

Showing 7 changed files with 220 additions and 12 deletions.
diff --git a/advisories/github-reviewed/2024/09/GHSA-39v3-f278-vj3g/GHSA-39v3-f278-vj3g.json b/advisories/github-reviewed/2024/09/GHSA-39v3-f278-vj3g/GHSA-39v3-f278-vj3g.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-39v3-f278-vj3g",
-  "modified": "2024-09-17T21:30:20Z",
+  "modified": "2024-09-17T22:29:19Z",
   "published": "2024-09-17T21:30:20Z",
   "aliases": [
     "CVE-2024-45816"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45816"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/backstage/backstage"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-09-17T21:30:20Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-09-17T21:15:12Z"
   }
 }
diff --git a/advisories/github-reviewed/2024/09/GHSA-3x3f-jcp3-g22j/GHSA-3x3f-jcp3-g22j.json b/advisories/github-reviewed/2024/09/GHSA-3x3f-jcp3-g22j/GHSA-3x3f-jcp3-g22j.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3x3f-jcp3-g22j",
-  "modified": "2024-09-17T21:29:49Z",
+  "modified": "2024-09-17T22:29:09Z",
   "published": "2024-09-17T21:29:49Z",
   "aliases": [
     "CVE-2024-45815"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45815"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/backstage/backstage"
@@ -56,6 +60,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-09-17T21:29:49Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-09-17T21:15:12Z"
   }
 }
diff --git a/advisories/github-reviewed/2024/09/GHSA-4p75-5p53-65m9/GHSA-4p75-5p53-65m9.json b/advisories/github-reviewed/2024/09/GHSA-4p75-5p53-65m9/GHSA-4p75-5p53-65m9.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4p75-5p53-65m9",
-  "modified": "2024-09-17T14:58:45Z",
+  "modified": "2024-09-17T22:27:56Z",
   "published": "2024-09-17T14:58:45Z",
   "aliases": [
     "CVE-2024-45604"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45604"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/contao/contao/commit/63409c6bdfd95197d9906e229d765b630d45742e"
@@ -64,6 +68,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-09-17T14:58:45Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-09-17T20:15:04Z"
   }
 }
diff --git a/advisories/github-reviewed/2024/09/GHSA-64vr-g452-qvp3/GHSA-64vr-g452-qvp3.json b/advisories/github-reviewed/2024/09/GHSA-64vr-g452-qvp3/GHSA-64vr-g452-qvp3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-64vr-g452-qvp3",
-  "modified": "2024-09-17T19:28:01Z",
+  "modified": "2024-09-17T22:28:57Z",
   "published": "2024-09-17T19:28:01Z",
   "aliases": [
     "CVE-2024-45812"
@@ -129,6 +129,14 @@
       "type": "WEB",
       "url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af"
@@ -141,6 +149,10 @@
       "type": "WEB",
       "url": "https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3"
@@ -152,6 +164,14 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/vitejs/vite"
+    },
+    {
+      "type": "WEB",
+      "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
+    },
+    {
+      "type": "WEB",
+      "url": "https://scnps.co/papers/sp23_domclob.pdf"
     }
   ],
   "database_specific": {
@@ -161,6 +181,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-09-17T19:28:01Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-09-17T20:15:06Z"
   }
 }
diff --git a/advisories/github-reviewed/2024/09/GHSA-9cwx-2883-4wfx/GHSA-9cwx-2883-4wfx.json b/advisories/github-reviewed/2024/09/GHSA-9cwx-2883-4wfx/GHSA-9cwx-2883-4wfx.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9cwx-2883-4wfx",
-  "modified": "2024-09-17T18:44:13Z",
+  "modified": "2024-09-17T22:28:27Z",
   "published": "2024-09-17T18:44:12Z",
   "aliases": [
     "CVE-2024-45811"
@@ -132,6 +132,10 @@
       "type": "WEB",
       "url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249"
@@ -165,6 +169,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-09-17T18:44:12Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-09-17T20:15:05Z"
   }
 }
diff --git a/advisories/github-reviewed/2024/09/GHSA-gc7q-jgjv-vjr2/GHSA-gc7q-jgjv-vjr2.json b/advisories/github-reviewed/2024/09/GHSA-gc7q-jgjv-vjr2/GHSA-gc7q-jgjv-vjr2.json
@@ -0,0 +1,164 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gc7q-jgjv-vjr2",
+  "modified": "2024-09-17T22:29:01Z",
+  "published": "2024-09-17T22:29:01Z",
+  "aliases": [
+    "CVE-2024-4629"
+  ],
+  "summary": "Keycloak Services has a potential bypass of brute force protection",
+  "details": "If an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user.\n\n**Acknowledgements:**\nSpecial thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.keycloak:keycloak-services"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "22.0.12"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.keycloak:keycloak-services"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "23.0.0"
+            },
+            {
+              "fixed": "24.0.7"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.keycloak:keycloak-services"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "25.0.0"
+            },
+            {
+              "fixed": "25.0.4"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4629"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/keycloak/keycloak"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2024-4629"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:6501"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:6500"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:6499"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:6497"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:6495"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:6494"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:6493"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307",
+      "CWE-837"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2024-09-17T22:29:01Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2024/09/GHSA-v345-w9f2-mpm5/GHSA-v345-w9f2-mpm5.json b/advisories/github-reviewed/2024/09/GHSA-v345-w9f2-mpm5/GHSA-v345-w9f2-mpm5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v345-w9f2-mpm5",
-  "modified": "2024-09-17T17:55:38Z",
+  "modified": "2024-09-17T22:28:09Z",
   "published": "2024-09-17T17:55:38Z",
   "aliases": [
     "CVE-2024-45606"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/getsentry/sentry/security/advisories/GHSA-v345-w9f2-mpm5"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45606"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/getsentry/sentry/pull/77016"
@@ -52,6 +56,10 @@
       "type": "WEB",
       "url": "https://github.com/getsentry/sentry/commit/e8e71708758e1f9f56ce815ace73fe60d9e608dc"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/getsentry/self-hosted"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/getsentry/sentry"
@@ -64,6 +72,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2024-09-17T17:55:38Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2024-09-17T20:15:05Z"
   }
 }