diff --git a/advisories/github-reviewed/2024/01/GHSA-7mgx-gvjw-m3w3/GHSA-7mgx-gvjw-m3w3.json b/advisories/github-reviewed/2024/01/GHSA-7mgx-gvjw-m3w3/GHSA-7mgx-gvjw-m3w3.json index 353a3427e3e6f..5d479a5381049 100644 --- a/advisories/github-reviewed/2024/01/GHSA-7mgx-gvjw-m3w3/GHSA-7mgx-gvjw-m3w3.json +++ b/advisories/github-reviewed/2024/01/GHSA-7mgx-gvjw-m3w3/GHSA-7mgx-gvjw-m3w3.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-7mgx-gvjw-m3w3", - "modified": "2024-09-13T18:28:16Z", + "modified": "2024-09-13T18:28:18Z", "published": "2024-01-30T03:30:30Z", "aliases": [ "CVE-2023-51982" @@ -9,10 +9,6 @@ "summary": "CrateDB authentication bypass vulnerability", "details": "CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" - }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" @@ -94,25 +90,6 @@ ] } ] - }, - { - "package": { - "ecosystem": "PyPI", - "name": "crate" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "0.35.2" - } - ] - } - ] } ], "references": [ @@ -128,10 +105,6 @@ "type": "WEB", "url": "https://github.com/crate/crate/pull/15234" }, - { - "type": "WEB", - "url": "https://github.com/crate/crate-python/commit/813946b9420d45877ef7c369311dbc8804d6674f" - }, { "type": "WEB", "url": "https://github.com/crate/crate/commit/0c166ef083bec4d64dd55c1d8cb9b3dec350d241"