Author: jbonofre Date: Thu May 9 05:01:33 2024 New Revision: 1917591 URL: http://svn.apache.org/viewvc?rev=1917591&view=rev Log: [scm-publish] Updating main website contents
Added: karaf/site/production/security/cve-2024-34365.txt Modified: karaf/site/production/documentation.html karaf/site/production/feed.xml Modified: karaf/site/production/documentation.html URL: http://svn.apache.org/viewvc/karaf/site/production/documentation.html?rev=1917591&r1=1917590&r2=1917591&view=diff ============================================================================== --- karaf/site/production/documentation.html (original) +++ karaf/site/production/documentation.html Thu May 9 05:01:33 2024 @@ -467,6 +467,10 @@ <p>CVE-2022-40145: JDBC JAAS LDAP injection</p> <a class="btn btn-outline-primary" href="/security/cve-2022-40145.txt">Notes »</a> </div> + <div class="pb-4 mb-3"> + <p>CVE-2024-34365: Cave SSRF and arbitrary file access</p> + <a class="btn btn-outline-primary" href="/security/cve-2024-34365.txt">Notes »</a> + </div> </div><!-- /.blog-main --> </div> Modified: karaf/site/production/feed.xml URL: http://svn.apache.org/viewvc/karaf/site/production/feed.xml?rev=1917591&r1=1917590&r2=1917591&view=diff ============================================================================== --- karaf/site/production/feed.xml (original) +++ karaf/site/production/feed.xml Thu May 9 05:01:33 2024 @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.0.1">Jekyll</generator><link href="https://karaf.apache.org/feed.xml" rel="self" type="application/atom+xml" /><link href="https://karaf.apache.org/" rel="alternate" type="text/html" /><updated>2024-04-12T16:05:08+02:00</updated><id>https://karaf.apache.org/feed.xml</id><title type="html">Apache Karaf - The modulith runtime</title><subtitle>Karaf provides modulith runtime for the enterprise, running on premise or on cloud. Focus on your business code and applications, Apache Karaf deals with the rest.</subtitle></feed> \ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.0.1">Jekyll</generator><link href="https://karaf.apache.org/feed.xml" rel="self" type="application/atom+xml" /><link href="https://karaf.apache.org/" rel="alternate" type="text/html" /><updated>2024-05-09T07:00:04+02:00</updated><id>https://karaf.apache.org/feed.xml</id><title type="html">Apache Karaf - The modulith runtime</title><subtitle>Karaf provides modulith runtime for the enterprise, running on premise or on cloud. Focus on your business code and applications, Apache Karaf deals with the rest.</subtitle></feed> \ No newline at end of file Added: karaf/site/production/security/cve-2024-34365.txt URL: http://svn.apache.org/viewvc/karaf/site/production/security/cve-2024-34365.txt?rev=1917591&view=auto ============================================================================== --- karaf/site/production/security/cve-2024-34365.txt (added) +++ karaf/site/production/security/cve-2024-34365.txt Thu May 9 05:01:33 2024 @@ -0,0 +1,38 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access + +Severity: important + +Affected versions: + +- - Apache Karaf Cave, all versions + +Description: + +** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave. This issue affects all versions of Apache Karaf Cave. + +As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. + +NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + +Credit: + +cigar (finder) + +References: + +https://karaf.apache.org/ +https://www.cve.org/CVERecord?id=CVE-2024-34365 +-----BEGIN PGP SIGNATURE----- + +iQEzBAEBCAAdFiEEKl6NhJXdZT91PEx+BhEHsPdKbaoFAmY4ztMACgkQBhEHsPdK +bar7rwf8C6Zsbg/O5M01KmfUo00qtKrI1pxeUPYAmEwhAocLxxvPEUYtpQnv2BlS +n3b/a6SA8eMo5PtT4dMPFQhsBsCz5ZipHKyWHEQNzM9OGCZBI2p8Lkvng5Z90tcY +6/76OuTLichYakwuaHX6OOiBTQJm9zNIKcxzT+QpBAO8N4r8olF8EiJORKJkLgrf +7ykiYDH45ACW0tI+5AbS9XkxRpgyO1GtDtQnGFetDmp/FgaAKUEboZ9Xf1Dx/PGc +F3QQQV0e/JEo3OMPJV3FZIAV3VqzbanjNIoDKjrfBpxI8OjkPGSmaKlipfrOM33w +UFNTlJuC8REmW+0wHYWQZp0IEPmQRQ== +=D7zv +-----END PGP SIGNATURE-----