0d8233dfb4
Some checks failed
Build Test Deploy / authority-container (push) Has been cancelled
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
182 lines
4.9 KiB
JSON
182 lines
4.9 KiB
JSON
{
|
|
"advisoryKey": "CVE-2025-4242",
|
|
"affectedPackages": [
|
|
{
|
|
"type": "cpe",
|
|
"identifier": "cpe:2.3:a:conflict:package:1.0:*:*:*:*:*:*:*",
|
|
"platform": null,
|
|
"versionRanges": [
|
|
{
|
|
"fixedVersion": "1.4",
|
|
"introducedVersion": "1.0",
|
|
"lastAffectedVersion": "1.0",
|
|
"primitives": {
|
|
"evr": null,
|
|
"hasVendorExtensions": true,
|
|
"nevra": null,
|
|
"semVer": {
|
|
"constraintExpression": ">=1.0 <1.4 ==1.0",
|
|
"exactValue": "1.0.0",
|
|
"fixed": "1.4.0",
|
|
"fixedInclusive": false,
|
|
"introduced": "1.0.0",
|
|
"introducedInclusive": true,
|
|
"lastAffected": "1.0.0",
|
|
"lastAffectedInclusive": true,
|
|
"style": "exact"
|
|
},
|
|
"vendorExtensions": {
|
|
"versionStartIncluding": "1.0",
|
|
"versionEndExcluding": "1.4",
|
|
"version": "1.0"
|
|
}
|
|
},
|
|
"provenance": {
|
|
"source": "nvd",
|
|
"kind": "cpe",
|
|
"value": "https://services.nvd.nist.gov/rest/json/cve/2.0?cveId=CVE-2025-4242",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-03-04T02:00:00+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[].versionranges[]"
|
|
]
|
|
},
|
|
"rangeExpression": ">=1.0 <1.4 ==1.0",
|
|
"rangeKind": "cpe"
|
|
}
|
|
],
|
|
"normalizedVersions": [
|
|
{
|
|
"scheme": "semver",
|
|
"type": "exact",
|
|
"min": null,
|
|
"minInclusive": null,
|
|
"max": null,
|
|
"maxInclusive": null,
|
|
"value": "1.0.0",
|
|
"notes": "nvd:CVE-2025-4242"
|
|
}
|
|
],
|
|
"statuses": [],
|
|
"provenance": [
|
|
{
|
|
"source": "nvd",
|
|
"kind": "cpe",
|
|
"value": "https://services.nvd.nist.gov/rest/json/cve/2.0?cveId=CVE-2025-4242",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-03-04T02:00:00+00:00",
|
|
"fieldMask": [
|
|
"affectedpackages[]"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"aliases": [
|
|
"CVE-2025-4242"
|
|
],
|
|
"canonicalMetricId": "3.1|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"credits": [],
|
|
"cvssMetrics": [
|
|
{
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "critical",
|
|
"provenance": {
|
|
"source": "nvd",
|
|
"kind": "cvss",
|
|
"value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-03-04T02:00:00+00:00",
|
|
"fieldMask": [
|
|
"cvssmetrics[]"
|
|
]
|
|
},
|
|
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
],
|
|
"cwes": [
|
|
{
|
|
"taxonomy": "cwe",
|
|
"identifier": "CWE-269",
|
|
"name": null,
|
|
"uri": "https://cwe.mitre.org/data/definitions/269.html",
|
|
"provenance": [
|
|
{
|
|
"source": "nvd",
|
|
"kind": "weakness",
|
|
"value": "CWE-269",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-03-04T02:00:00+00:00",
|
|
"fieldMask": [
|
|
"cwes[]"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"description": "NVD baseline summary for conflict-package allowing container escape.",
|
|
"exploitKnown": false,
|
|
"language": "en",
|
|
"modified": "2025-03-03T09:45:00+00:00",
|
|
"provenance": [
|
|
{
|
|
"source": "nvd",
|
|
"kind": "document",
|
|
"value": "https://services.nvd.nist.gov/rest/json/cve/2.0?cveId=CVE-2025-4242",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-03-03T10:00:00+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd",
|
|
"kind": "mapping",
|
|
"value": "CVE-2025-4242",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-03-04T02:00:00+00:00",
|
|
"fieldMask": [
|
|
"advisory"
|
|
]
|
|
}
|
|
],
|
|
"published": "2025-03-01T10:15:00+00:00",
|
|
"references": [
|
|
{
|
|
"kind": "weakness",
|
|
"provenance": {
|
|
"source": "nvd",
|
|
"kind": "reference",
|
|
"value": "https://cwe.mitre.org/data/definitions/269.html",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-03-04T02:00:00+00:00",
|
|
"fieldMask": [
|
|
"references[]"
|
|
]
|
|
},
|
|
"sourceTag": "CWE-269",
|
|
"summary": null,
|
|
"url": "https://cwe.mitre.org/data/definitions/269.html"
|
|
},
|
|
{
|
|
"kind": "vendor advisory",
|
|
"provenance": {
|
|
"source": "nvd",
|
|
"kind": "reference",
|
|
"value": "https://nvd.nist.gov/vuln/detail/CVE-2025-4242",
|
|
"decisionReason": null,
|
|
"recordedAt": "2025-03-04T02:00:00+00:00",
|
|
"fieldMask": [
|
|
"references[]"
|
|
]
|
|
},
|
|
"sourceTag": "NVD",
|
|
"summary": null,
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4242"
|
|
}
|
|
],
|
|
"severity": "critical",
|
|
"summary": "NVD baseline summary for conflict-package allowing container escape.",
|
|
"title": "CVE-2025-4242"
|
|
} |