[Git][security-tracker-team/security-tracker][master] 2 commits: Marked hoteldruid CVE-2023-34537 as no-dsa (minor issue).

Ola Lundqvist (@opal) Wed, 14 Jun 2023 12:39:05 -0700


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7c4868c6 by Ola Lundqvist at 2023-06-14T21:32:24+02:00
Marked hoteldruid CVE-2023-34537 as no-dsa (minor issue).

This follows the practice for many other CVEs with XSS class.

- - - - -
fd9d2737 by Ola Lundqvist at 2023-06-14T21:34:47+02:00
Marked hoteldruid CVE-2023-33817 as no-dsa (minor issue).

SQL injection is a fairly severe issue but this is only for authenticated users.
In hotel management they should be trusted enough to not break things. What is 
more there
is another CVE-2021-37832 marked as no-dsa. So leaving this do not cause the 
system to be
more vulnerable than before.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,6 +60,7 @@ CVE-2023-34944 (An arbitrary file upload vulnerability in the 
/fileUpload.lib.ph
        NOT-FOR-US: Chamilo LMS
 CVE-2023-34537 (A Reflected XSS was discovered in HotelDruid version 3.0.5, an 
attacke ...)
        - hoteldruid <unfixed>
+       [buster] - hoteldruid <no-dsa> (Minor issue)
        NOTE: 
https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5
 CVE-2023-34396 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
        - libstruts1.2-java <removed>
@@ -77,6 +78,7 @@ CVE-2023-33933 (Exposure of Sensitive Information to an 
Unauthorized Actor vulne
        NOTE: 
https://github.com/apache/trafficserver/commit/496fa2c4cbdf2b3d6c61760a3fb6675b74b549f0
 (8.1.x)
 CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection 
vulnerabil ...)
        - hoteldruid <unfixed>
+       [buster] - hoteldruid <no-dsa> (Minor issue)
        NOTE: 
https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5
 CVE-2023-33146 (Microsoft Office Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d39061dc961caa5ce769d7285fde225c27673e3...fd9d2737eebad69a4254e1d30ea78353994ddc9b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0d39061dc961caa5ce769d7285fde225c27673e3...fd9d2737eebad69a4254e1d30ea78353994ddc9b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Marked hoteldruid CVE-2023-34537 as no-dsa (minor issue).

Reply via email to