Skip to content

Commit

Permalink
Updated target CVE & integration test
Browse files Browse the repository at this point in the history
  • Loading branch information
@skahn007gl
skahn007gl committed Jul 16, 2024
1 parent 213a0ef commit c0eff22
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 68 deletions.
9 changes: 4 additions & 5 deletions integration/testdata/fixtures/db/ubuntu.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,13 @@
- key: CVE-2019-5094
value:
FixedVersion: 1.44.1-1ubuntu1.2
- bucket: freeradius
- bucket: coreutils
pairs:
- key: CVE-2024-3596
value:
Status: 6
- key: CVE-2016-2781
value: {}
- bucket: ubuntu 22.04
pairs:
- bucket: bash
pairs:
- key: CVE-2022-3715
value: {}
value: {}
31 changes: 13 additions & 18 deletions integration/testdata/fixtures/db/vulnerability.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1391,26 +1391,21 @@
- "https://nvd.nist.gov/vuln/detail/CVE-2020-14155"
PublishedDate: "2020-06-15T17:15:00Z"
LastModifiedDate: "2022-04-28T15:06:00Z"
- key: CVE-2024-3596
- key: CVE-2016-2781
value:
Title: "RADIUS Protocol forgery"
Description: "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature."
Severity: MEDIUM
Status: 6
CweIDs:
- CWE-111
VendorSeverity:
ubuntu: 8.1
Title: ""
Description: "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer."
Severity: UNKNOWN
CVSS:
nvd:
V3Vector: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
V3Score: 8.1
V3Vector: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"
V3Score: 6.5
References:
- "https://www.cve.org/CVERecord?id=CVE-2024-3596"
- "https://kb.cert.org/vince/comm/case/1515/"
- "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
- "https://nvd.nist.gov/vuln/detail/CVE-2024-3596"
- "https://launchpad.net/bugs/cve/CVE-2024-3596"
- "https://security-tracker.debian.org/tracker/CVE-2024-3596"
- "http://seclists.org/oss-sec/2016/q1/452"
- "https://lore.kernel.org/patchwork/patch/793178/"
- "https://www.cve.org/CVERecord?id=CVE-2016-2781"
- "https://nvd.nist.gov/vuln/detail/CVE-2016-2781"
- "https://launchpad.net/bugs/cve/CVE-2016-2781"
- "https://security-tracker.debian.org/tracker/CVE-2016-2781"
PublishedDate: "2024-07-09T17:15:00Z"
LastModifiedDate: "2024-07-09T15:06:00Z"
LastModifiedDate: "2024-07-09T16:06:00Z"
90 changes: 45 additions & 45 deletions integration/testdata/ubuntu-1804.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,50 @@
"PublishedDate": "2019-11-28T01:15:00Z",
"LastModifiedDate": "2021-05-26T12:15:00Z"
},
{
"VulnerabilityID": "CVE-2016-2781",
"PkgID": "coreutils@8.28-1ubuntu1",
"PkgName": "coreutils",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/coreutils@8.28-1ubuntu1?arch=amd64\u0026distro=ubuntu-18.04",
"UID": "87f56d9cd92819fc"
},
"InstalledVersion": "8.28-1ubuntu1",
"FixedVersion": "",
"Status": "affected",
"Layer": {
"Digest": "",
"DiffID": "sha256:6cebf3abed5fac58d2e792ce8461454e92c245d5312c42118f02e231a73b317f"
},
"SeveritySource": "",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "",
"Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer.",
"Severity": "UNKNOWN",
"CVSS": {
"nvd": {
"V2Vector": "",
"V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"V2Score": 0,
"V3Score": 6.5
}
},
"References": [
"http://seclists.org/oss-sec/2016/q1/452",
"https://lore.kernel.org/patchwork/patch/793178/",
"https://www.cve.org/CVERecord?id=CVE-2016-2781",
"https://nvd.nist.gov/vuln/detail/CVE-2016-2781",
"https://launchpad.net/bugs/cve/CVE-2016-2781",
"https://security-tracker.debian.org/tracker/CVE-2016-2781"
],
"PublishedDate": "2024-07-09T17:15:00Z",
"LastModifiedDate": "2024-07-09T16:06:00Z"
},
{
"VulnerabilityID": "CVE-2019-5094",
"PkgID": "e2fsprogs@1.44.1-1ubuntu1.1",
Expand Down Expand Up @@ -417,52 +461,8 @@
],
"PublishedDate": "2019-09-24T22:15:00Z",
"LastModifiedDate": "2021-01-11T19:21:00Z"
},
{
"VulnerabilityID": "CVE-2024-3596",
"PkgID": "abc",
"PkgName": "freeradius",
"PkgIdentifier": {
"PURL": "pkg:deb/ubuntu/libss2@1.44.1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-18.04",
"UID": "7a50c6bc4279c93b"
},
"InstalledVersion": "dd",
"Status": "needed",
"Layer": {
"Digest": "sha256:",
"DiffID": "sha256:"
},
"SeveritySource": "ubuntu",
"PrimaryURL": "https://avd.aquasec.com/nvd/CVE-2024-3596",
"DataSource": {
"ID": "ubuntu",
"Name": "Ubuntu CVE Tracker",
"URL": "https://git.launchpad.net/ubuntu-cve-tracker"
},
"Title": "tbd",
"Description": "tbd",
"Severity": "tbd",
"CweIDs": [
"CWE-xxx"
],
"VendorSeverity": {
"ubuntu": 0
},
"CVSS": {
"nvd": {
"V2Vector": "tbd",
"V3Vector": "tbd",
"V2Score": 0,
"V3Score": 0
}
},
"References": [
"https://access.redhat.com/security/cve/xxx"
],
"PublishedDate": "2019-09-24T22:15:00Z",
"LastModifiedDate": "2021-01-11T19:21:00Z"
}
]
}
]
}
}

0 comments on commit c0eff22

Please sign in to comment.