svn commit: r1917591 - in /karaf/site/production: documentation.html feed.xml security/cve-2024-34365.txt

Wed, 08 May 2024 22:01:46 -0700 

Author: jbonofre
Date: Thu May  9 05:01:33 2024
New Revision: 1917591

URL: http://svn.apache.org/viewvc?rev=1917591&view=rev
Log:
[scm-publish] Updating main website contents

Added:
    karaf/site/production/security/cve-2024-34365.txt
Modified:
    karaf/site/production/documentation.html
    karaf/site/production/feed.xml

Modified: karaf/site/production/documentation.html
URL: 
http://svn.apache.org/viewvc/karaf/site/production/documentation.html?rev=1917591&r1=1917590&r2=1917591&view=diff
==============================================================================
--- karaf/site/production/documentation.html (original)
+++ karaf/site/production/documentation.html Thu May  9 05:01:33 2024
@@ -467,6 +467,10 @@
                <p>CVE-2022-40145: JDBC JAAS LDAP injection</p>
                <a class="btn btn-outline-primary" 
href="/security/cve-2022-40145.txt">Notes &raquo;</a>
              </div>
+             <div class="pb-4 mb-3">
+               <p>CVE-2024-34365: Cave SSRF and arbitrary file access</p>
+               <a class="btn btn-outline-primary" 
href="/security/cve-2024-34365.txt">Notes &raquo;</a>
+             </div>
 
             </div><!-- /.blog-main -->
         </div>

Modified: karaf/site/production/feed.xml
URL: 
http://svn.apache.org/viewvc/karaf/site/production/feed.xml?rev=1917591&r1=1917590&r2=1917591&view=diff
==============================================================================
--- karaf/site/production/feed.xml (original)
+++ karaf/site/production/feed.xml Thu May  9 05:01:33 2024
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8"?><feed 
xmlns="http://www.w3.org/2005/Atom"; ><generator uri="https://jekyllrb.com/"; 
version="4.0.1">Jekyll</generator><link 
href="https://karaf.apache.org/feed.xml"; rel="self" type="application/atom+xml" 
/><link href="https://karaf.apache.org/"; rel="alternate" type="text/html" 
/><updated>2024-04-12T16:05:08+02:00</updated><id>https://karaf.apache.org/feed.xml</id><title
 type="html">Apache Karaf - The modulith runtime</title><subtitle>Karaf 
provides modulith runtime for the enterprise, running on premise or on cloud. 
Focus on your business code and applications, Apache Karaf deals with the 
rest.</subtitle></feed>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8"?><feed 
xmlns="http://www.w3.org/2005/Atom"; ><generator uri="https://jekyllrb.com/"; 
version="4.0.1">Jekyll</generator><link 
href="https://karaf.apache.org/feed.xml"; rel="self" type="application/atom+xml" 
/><link href="https://karaf.apache.org/"; rel="alternate" type="text/html" 
/><updated>2024-05-09T07:00:04+02:00</updated><id>https://karaf.apache.org/feed.xml</id><title
 type="html">Apache Karaf - The modulith runtime</title><subtitle>Karaf 
provides modulith runtime for the enterprise, running on premise or on cloud. 
Focus on your business code and applications, Apache Karaf deals with the 
rest.</subtitle></feed>
\ No newline at end of file

Added: karaf/site/production/security/cve-2024-34365.txt
URL: 
http://svn.apache.org/viewvc/karaf/site/production/security/cve-2024-34365.txt?rev=1917591&view=auto
==============================================================================
--- karaf/site/production/security/cve-2024-34365.txt (added)
+++ karaf/site/production/security/cve-2024-34365.txt Thu May  9 05:01:33 2024
@@ -0,0 +1,38 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access 
+
+Severity: important
+
+Affected versions:
+
+- - Apache Karaf Cave, all versions
+
+Description:
+
+** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in 
Apache Karaf Cave. This issue affects all versions of Apache Karaf Cave.
+
+As this project is retired, we do not plan to release a version that fixes 
this issue. Users are recommended to find an alternative or restrict access to 
the instance to trusted users.
+
+NOTE: This vulnerability only affects products that are no longer supported by 
the maintainer.
+
+Credit:
+
+cigar (finder)
+
+References:
+
+https://karaf.apache.org/
+https://www.cve.org/CVERecord?id=CVE-2024-34365
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEEKl6NhJXdZT91PEx+BhEHsPdKbaoFAmY4ztMACgkQBhEHsPdK
+bar7rwf8C6Zsbg/O5M01KmfUo00qtKrI1pxeUPYAmEwhAocLxxvPEUYtpQnv2BlS
+n3b/a6SA8eMo5PtT4dMPFQhsBsCz5ZipHKyWHEQNzM9OGCZBI2p8Lkvng5Z90tcY
+6/76OuTLichYakwuaHX6OOiBTQJm9zNIKcxzT+QpBAO8N4r8olF8EiJORKJkLgrf
+7ykiYDH45ACW0tI+5AbS9XkxRpgyO1GtDtQnGFetDmp/FgaAKUEboZ9Xf1Dx/PGc
+F3QQQV0e/JEo3OMPJV3FZIAV3VqzbanjNIoDKjrfBpxI8OjkPGSmaKlipfrOM33w
+UFNTlJuC8REmW+0wHYWQZp0IEPmQRQ==
+=D7zv
+-----END PGP SIGNATURE-----

Reply via email to