[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 22 Jun 2022 13:36:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b111ac86 by Salvatore Bonaccorso at 2022-06-22T22:36:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,7 +62,7 @@ CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 
allows a "replace Sam
 CVE-2022-34297
        RESERVED
 CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be 
bypasse ...)
-       TODO: check
+       NOT-FOR-US: Zalando Skipper
 CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
        TODO: check
 CVE-2022-34294
@@ -126,7 +126,7 @@ CVE-2022-2176
 CVE-2022-2175
        RESERVED
 CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
microweber ...)
-       TODO: check
+       NOT-FOR-US: microweber
 CVE-2022-2173
        RESERVED
 CVE-2022-2172
@@ -256,81 +256,81 @@ CVE-2022-34215
 CVE-2022-34214
        RESERVED
 CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and 
earlier  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator 
Plugin 3.0 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34211 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
vRealize  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34210 (A missing permission check in Jenkins ThreadFix Plugin 1.5.4 
and earli ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34209 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
ThreadFix ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34208 (A missing permission check in Jenkins Beaker builder Plugin 
1.10 and e ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34207 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Beaker bu ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34206 (A missing permission check in Jenkins Jianliao Notification 
Plugin 1.1 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34205 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Jianliao  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34204 (A missing permission check in Jenkins EasyQA Plugin 1.0 and 
earlier al ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34203 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
EasyQA Pl ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34202 (Jenkins EasyQA Plugin 1.0 and earlier stores user passwords 
unencrypte ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34201 (A missing permission check in Jenkins Convertigo Mobile 
Platform Plugi ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34200 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Convertig ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34199 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier 
stores passw ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34198 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does 
not escap ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34197 (Jenkins Sauce OnDemand Plugin 1.204 and earlier does not 
escape the na ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34196 (Jenkins REST List Parameter Plugin 1.5.2 and earlier does not 
escape t ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34195 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not 
escape  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34194 (Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not 
escape th ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34193 (Jenkins Package Version Plugin 1.0.1 and earlier does not 
escape the n ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34192 (Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not 
escape the n ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34191 (Jenkins NS-ND Integration Performance Publisher Plugin 
4.8.0.77 and ea ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34190 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 
and ear ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34189 (Jenkins Image Tag Parameter Plugin 1.10 and earlier does not 
escape th ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34188 (Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not 
escape the  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34187 (Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier 
does not es ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34186 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and 
earlier doe ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34185 (Jenkins Date Parameter Plugin 0.0.4 and earlier does not 
escape the na ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34184 (Jenkins CRX Content Package Deployer Plugin 1.9 and earlier 
does not e ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34183 (Jenkins Agent Server Parameter Plugin 1.1 and earlier does not 
escape  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34182 (Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) 
does not ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34181 (Jenkins xUnit Plugin 3.0.8 and earlier implements an 
agent-to-controll ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34180 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does 
not corr ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34179 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier 
allows specif ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34178 (Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying 
a 'link ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34177 (Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and 
earlier a ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34176 (Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does 
not escape ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-34175 (Jenkins 2.335 through 2.355 (both inclusive) allows attackers 
in some  ...)
        TODO: check
 CVE-2022-34174 (In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an 
observable t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b111ac867a67e143baf9b8b687c719d434560509

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b111ac867a67e143baf9b8b687c719d434560509
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to