tschmidtb51
commented
9 months ago Note: The sort function in Secvisogram should not be changed...
Closed tschmidtb51 closed 7 months ago
tschmidtb51
commented
9 months ago Note: The sort function in Secvisogram should not be changed...
tschmidtb51
commented
9 months ago Example:
{
"document" : {
"aggregate_severity" : {
"text" : "mittel"
},
"category" : "csaf_base",
"csaf_version" : "2.0",
"distribution" : {
"tlp" : {
"label" : "WHITE",
"url" : "https://www.first.org/tlp/"
}
},
"lang" : "de-DE",
"notes" : [ {
"category" : "legal_disclaimer",
"text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
}, {
"category" : "description",
"text" : "OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.\r\nPuTTY ist ein freier, Open Source Terminal Emulator der als Client für SSH, Telnet, rlogin und die Serielle Konsole dient.\r\nlibssh ist eine C Bibliothek für das Anbieten von SSH Diensten auf Client- und Serverseite. Sie kann genutzt werden, um aus der Ferne Programme auszuführen, Dateien zu übertragen oder als sicherer und transparenter Tunnel für entfernte Programme genutzt werden.\r\nAmazon Linux ist eine Linux Distribition, die für Amazon Clouddienste optimiert ist.\r\nFedora ist eine von Red Hat abstammende Linux-Distribution.",
"title" : "Produktbeschreibung"
}, {
"category" : "summary",
"text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle im SSH Protokoll ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title" : "Angriff"
}, {
"category" : "general",
"text" : "- UNIX\n- Linux\n- Windows\n- Sonstiges\n- Hardware Appliance\n- Appliance",
"title" : "Betroffene Betriebssysteme"
} ],
"publisher" : {
"category" : "other",
"contact_details" : "csaf-provider@cert-bund.de",
"name" : "Bundesamt für Sicherheit in der Informationstechnik",
"namespace" : "https://www.bsi.bund.de"
},
"references" : [ {
"category" : "self",
"summary" : "WID-SEC-W-2023-3192 - CSAF Version",
"url" : "https://bsi-wid-s.dcert.de/.well-known/csaf/white/2023/WID-SEC-W-2023-3192.json"
}, {
"category" : "self",
"summary" : "WID-SEC-2023-3192 - Portal Version",
"url" : "https://bsi-wid-s.dcert.de/portal/wid/securityadvisory?name=WID-SEC-2023-3192"
}, {
"category" : "external",
"summary" : "NIST Vulnerability Database vom 2023-12-18",
"url" : "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
}, {
"category" : "external",
"summary" : "Amazon Linux 1 Security Advisory vom 2023-12-18",
"url" : "https://alas.aws.amazon.com/ALAS-2023-1898.html"
}, {
"category" : "external",
"summary" : "Amazon Linux 2 Security Advisory vom 2023-12-18",
"url" : "https://alas.aws.amazon.com/AL2/ALAS-2023-2376.html"
}, {
"category" : "external",
"summary" : "Fedora Advisory vom 2023-12-18",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0733306be9"
}, {
"category" : "external",
"summary" : "Fedora Advisory vom 2023-12-18",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d296850e7e"
}, {
"category" : "external",
"summary" : "Putty Latest News vom 2023-12-18",
"url" : "https://www.chiark.greenend.org.uk/~sgtatham/putty/"
}, {
"category" : "external",
"summary" : "SUSE CVE-2023-48795",
"url" : "https://www.suse.com/security/cve/CVE-2023-48795.html"
}, {
"category" : "external",
"summary" : "Ubuntu Security Notice USN-6561-1 vom 2023-12-19",
"url" : "https://www.cybersecurity-help.cz/vdb/SB2023121948"
}, {
"category" : "external",
"summary" : "FreeBSD Security Advisory FREEBSD-SA-23:19.OPENSSH vom 2023-12-19",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:19.openssh.asc"
}, {
"category" : "external",
"summary" : "Ubuntu Security Notice USN-6560-1 vom 2023-12-19",
"url" : "https://www.cybersecurity-help.cz/vdb/SB2023121949"
}, {
"category" : "external",
"summary" : "FreeBSD Security Advisory FREEBSD-SA-23:19.OPENSSH vom 2023-12-19",
"url" : "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275845"
}, {
"category" : "external",
"summary" : "Ubuntu Security Notice USN-6561-1 vom 2023-12-19",
"url" : "https://ubuntu.com/security/notices/USN-6561-1"
}, {
"category" : "external",
"summary" : "Ubuntu Security Notice USN-6560-1 vom 2023-12-19",
"url" : "https://ubuntu.com/security/notices/USN-6560-1"
}, {
"category" : "external",
"summary" : "SUSE Security Update SUSE-SU-2023:4905-1 vom 2023-12-20",
"url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017491.html"
}, {
"category" : "external",
"summary" : "SUSE Security Update SUSE-SU-2023:4904-1 vom 2023-12-20",
"url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017492.html"
}, {
"category" : "external",
"summary" : "SUSE Security Update SUSE-SU-2023:4903-1 vom 2023-12-20",
"url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017493.html"
}, {
"category" : "external",
"summary" : "SUSE Security Update SUSE-SU-2023:4902-1 vom 2023-12-20",
"url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017494.html"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2023-CB8C606FBB vom 2023-12-20",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-cb8c606fbb"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2023-20FEB865D8 vom 2023-12-20",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-20feb865d8"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-EPEL-2023-7FF32FC746 vom 2023-12-20",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7ff32fc746"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2023-153404713B vom 2023-12-21",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-153404713b"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2023-B87EC6CF47 vom 2023-12-21",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b87ec6cf47"
}, {
"category" : "external",
"summary" : "Gitea Release Notes",
"url" : "https://blog.gitea.com/release-of-1.21.3/"
}, {
"category" : "external",
"summary" : "Golang Announce Mailing List vom 2023-12-18",
"url" : "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2023-7141950083 vom 2023-12-21",
"url" : "https://www.cybersecurity-help.cz/vdb/SB2023122119"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2023-7934EFB5E3 vom 2023-12-21",
"url" : "https://www.cybersecurity-help.cz/vdb/SB2023122122"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-EPEL-2023-B698D8C031 vom 2023-12-21",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b698d8c031"
}, {
"category" : "external",
"summary" : "SUSE Security Update SUSE-SU-2023:4946-1 vom 2023-12-21",
"url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017514.html"
}, {
"category" : "external",
"summary" : "LANCOM Allgemeine Sicherheitshinweise vom 2023-12-21",
"url" : "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
}, {
"category" : "external",
"summary" : "Debian Security Advisory DSA-5588 vom 2023-12-24",
"url" : "https://www.debian.org/security/2023/dsa-5588"
}, {
"category" : "external",
"summary" : "Debian Security Advisory DSA-5588 vom 2023-12-24",
"url" : "https://lists.debian.org/debian-security-announce/2023/msg00285.html"
}, {
"category" : "external",
"summary" : "Debian Security Advisory DLA-3694 vom 2023-12-26",
"url" : "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
}, {
"category" : "external",
"summary" : "Debian Security Advisory DSA-5586 vom 2023-12-22",
"url" : "https://lists.debian.org/debian-security-announce/2023/msg00283.html"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2023-55800423A8 vom 2023-12-23",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-55800423a8"
}, {
"category" : "external",
"summary" : "Gentoo Linux Security Advisory GLSA-202312-16 vom 2023-12-28",
"url" : "https://security.gentoo.org/glsa/202312-16"
}, {
"category" : "external",
"summary" : "Gentoo Linux Security Advisory GLSA-202312-17 vom 2023-12-28",
"url" : "https://security.gentoo.org/glsa/202312-17"
}, {
"category" : "external",
"summary" : "Debian Security Advisory DSA-5591 vom 2023-12-28",
"url" : "https://lists.debian.org/debian-security-announce/2023/msg00288.html"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2023-0355346550 vom 2023-12-31",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0355346550"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-EPEL-2024-F0D88B447F vom 2024-01-03",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f0d88b447f"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-39A8C72EA9 vom 2024-01-02",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-39a8c72ea9"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-71C2C6526C vom 2024-01-03",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-71c2c6526c"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-D946B9AD25 vom 2024-01-03",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-d946b9ad25"
}, {
"category" : "external",
"summary" : "SUSE Security Update SUSE-SU-2024:0006-1 vom 2024-01-02",
"url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017579.html"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-EPEL-2024-B45B6EADA5 vom 2024-01-02",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-b45b6eada5"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-EPEL-2024-155A6AC298 vom 2024-01-03",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-155a6ac298"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-EPEL-2024-3A29F0D349 vom 2024-01-03",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-3a29f0d349"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-3BB23C77F3 vom 2024-01-03",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-3bb23c77f3"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-06EBB70BDD vom 2024-01-03",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-06ebb70bdd"
}, {
"category" : "external",
"summary" : "SUSE Security Update SUSE-SU-2024:0035-1 vom 2024-01-05",
"url" : "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017588.html"
}, {
"category" : "external",
"summary" : "NetApp Security Advisory NTAP-20240105-0004 vom 2024-01-05",
"url" : "https://security.netapp.com/advisory/ntap-20240105-0004/"
}, {
"category" : "external",
"summary" : "Palo Alto Networks Security Advisory PAN-241547 vom 2024-01-09",
"url" : "https://security.paloaltonetworks.com/CVE-2023-48795"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-48AA5F1DAE vom 2024-01-08",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-48aa5f1dae"
}, {
"category" : "external",
"summary" : "FortiGuard Labs PSIRT Advisory FG-IR-23-490 vom 2024-01-09",
"url" : "https://fortiguard.fortinet.com/psirt/FG-IR-23-490"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-2705241461 vom 2024-01-09",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-2705241461"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-7B08207CDB vom 2024-01-09",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-7b08207cdb"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-AE653FB07B vom 2024-01-09",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ae653fb07b"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-FB32950D11 vom 2024-01-09",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-fb32950d11"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-EPEL-2024-8D101D5E22 vom 2024-01-09",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8d101d5e22"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-EPEL-2024-E21A9204D2 vom 2024-01-09",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e21a9204d2"
}, {
"category" : "external",
"summary" : "Fedora Security Advisory FEDORA-2024-0D8D3B8DCC vom 2024-01-09",
"url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2024-0d8d3b8dcc"
} ],
"source_lang" : "en-US",
"title" : "SSH Protokoll: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen",
"tracking" : {
"current_release_date" : "2024-01-09T23:00:00.000+00:00",
"generator" : {
"date" : "2024-01-10T09:19:38.712+00:00",
"engine" : {
"name" : "BSI-WID",
"version" : "1.1.0"
}
},
"id" : "WID-SEC-W-2023-3192",
"initial_release_date" : "2023-12-18T23:00:00.000+00:00",
"revision_history" : [ {
"date" : "2023-12-18T23:00:00.000+00:00",
"number" : "1",
"summary" : "Initiale Fassung"
}, {
"date" : "2023-12-19T23:00:00.000+00:00",
"number" : "2",
"summary" : "Neue Updates von Ubuntu und FreeBSD aufgenommen"
}, {
"date" : "2023-12-20T23:00:00.000+00:00",
"number" : "3",
"summary" : "Neue Updates von Fedora aufgenommen"
}, {
"date" : "2023-12-21T23:00:00.000+00:00",
"number" : "4",
"summary" : "Neue Updates von Dropbear, Fedora und SUSE aufgenommen"
}, {
"date" : "2023-12-26T23:00:00.000+00:00",
"number" : "5",
"summary" : "Neue Updates von Debian und Fedora aufgenommen"
}, {
"date" : "2023-12-27T23:00:00.000+00:00",
"number" : "6",
"summary" : "Neue Updates von Gentoo aufgenommen"
}, {
"date" : "2023-12-28T23:00:00.000+00:00",
"number" : "7",
"summary" : "Neue Updates von Debian aufgenommen"
}, {
"date" : "2024-01-01T23:00:00.000+00:00",
"number" : "8",
"summary" : "Neue Updates von Fedora aufgenommen"
}, {
"date" : "2024-01-02T23:00:00.000+00:00",
"number" : "9",
"summary" : "Neue Updates von Fedora und SUSE aufgenommen"
}, {
"date" : "2024-01-03T23:00:00.000+00:00",
"number" : "10",
"summary" : "Neue Updates von Fedora aufgenommen"
}, {
"date" : "2024-01-07T23:00:00.000+00:00",
"number" : "11",
"summary" : "Neue Updates von SUSE und NetApp aufgenommen"
}, {
"date" : "2024-01-08T23:00:00.000+00:00",
"number" : "12",
"summary" : "Neue Updates von Palo Alto Networks und Fedora aufgenommen"
}, {
"date" : "2024-01-09T23:00:00.000+00:00",
"number" : "13",
"summary" : "Neue Updates von Fortinet und Fedora aufgenommen"
} ],
"status" : "final",
"version" : "13"
}
},
"product_tree" : {
"branches" : [ {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "Amazon Linux 2",
"product" : {
"name" : "Amazon Linux 2",
"product_id" : "T028903",
"product_identification_helper" : {
"cpe" : "cpe:/o:amazon:linux_2:-"
}
}
} ],
"category" : "product_name",
"name" : "linux_2"
} ],
"category" : "vendor",
"name" : "amazon"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "Ubuntu Linux",
"product" : {
"name" : "Ubuntu Linux",
"product_id" : "T000126",
"product_identification_helper" : {
"cpe" : "cpe:/o:canonical:ubuntu_linux:-"
}
}
} ],
"category" : "product_name",
"name" : "ubuntu_linux"
} ],
"category" : "vendor",
"name" : "canonical"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "Debian Linux",
"product" : {
"name" : "Debian Linux",
"product_id" : "2951",
"product_identification_helper" : {
"cpe" : "cpe:/o:debian:debian_linux:-"
}
}
} ],
"category" : "product_name",
"name" : "debian_linux"
} ],
"category" : "vendor",
"name" : "debian"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "Open Source Dropbear SSH",
"product" : {
"name" : "Open Source Dropbear SSH",
"product_id" : "T031811",
"product_identification_helper" : {
"cpe" : "cpe:/a:dropbear_ssh_project:dropbear_ssh:-"
}
}
} ],
"category" : "product_name",
"name" : "dropbear_ssh"
} ],
"category" : "vendor",
"name" : "dropbear_ssh_project"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "Fedora Linux",
"product" : {
"name" : "Fedora Linux",
"product_id" : "74185",
"product_identification_helper" : {
"cpe" : "cpe:/o:fedoraproject:fedora:-"
}
}
} ],
"category" : "product_name",
"name" : "fedora"
} ],
"category" : "vendor",
"name" : "fedoraproject"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_version",
"name" : "7",
"product" : {
"name" : "Fortinet FortiOS 7.0",
"product_id" : "T031929",
"product_identification_helper" : {
"cpe" : "cpe:/o:fortinet:fortios:7.0"
}
}
}, {
"category" : "product_version",
"name" : "7.2",
"product" : {
"name" : "Fortinet FortiOS 7.2",
"product_id" : "T031930",
"product_identification_helper" : {
"cpe" : "cpe:/o:fortinet:fortios:7.2"
}
}
}, {
"category" : "product_version",
"name" : "7.4",
"product" : {
"name" : "Fortinet FortiOS 7.4",
"product_id" : "T031931",
"product_identification_helper" : {
"cpe" : "cpe:/o:fortinet:fortios:7.4"
}
}
} ],
"category" : "product_name",
"name" : "fortios"
} ],
"category" : "vendor",
"name" : "fortinet"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "FreeBSD Project FreeBSD OS",
"product" : {
"name" : "FreeBSD Project FreeBSD OS",
"product_id" : "4035",
"product_identification_helper" : {
"cpe" : "cpe:/o:freebsd:freebsd:-"
}
}
} ],
"category" : "product_name",
"name" : "freebsd"
} ],
"category" : "vendor",
"name" : "freebsd"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "Gentoo Linux",
"product" : {
"name" : "Gentoo Linux",
"product_id" : "T012167",
"product_identification_helper" : {
"cpe" : "cpe:/o:gentoo:linux:-"
}
}
} ],
"category" : "product_name",
"name" : "linux"
} ],
"category" : "vendor",
"name" : "gentoo"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_version_range",
"name" : "< 1.21.3",
"product" : {
"name" : "Open Source Gitea < 1.21.3",
"product_id" : "T031778",
"product_identification_helper" : {
"cpe" : "cpe:/a:gitea:gitea:1.21.3"
}
}
} ],
"category" : "product_name",
"name" : "gitea"
} ],
"category" : "vendor",
"name" : "gitea"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "Golang Go",
"product" : {
"name" : "Golang Go",
"product_id" : "T029035",
"product_identification_helper" : {
"cpe" : "cpe:/a:golang:go:-"
}
}
} ],
"category" : "product_name",
"name" : "go"
} ],
"category" : "vendor",
"name" : "golang"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_version",
"name" : "SX 4.20",
"product" : {
"name" : "LANCOM LCOS SX 4.20",
"product_id" : "T026553",
"product_identification_helper" : {
"cpe" : "cpe:/o:lancom:lcos:sx_4.20"
}
}
}, {
"category" : "product_name",
"name" : "LANCOM LCOS",
"product" : {
"name" : "LANCOM LCOS",
"product_id" : "T026953",
"product_identification_helper" : {
"cpe" : "cpe:/o:lancom:lcos:-"
}
}
}, {
"category" : "product_version",
"name" : "LX",
"product" : {
"name" : "LANCOM LCOS LX",
"product_id" : "T026954",
"product_identification_helper" : {
"cpe" : "cpe:/o:lancom:lcos:lx"
}
}
}, {
"category" : "product_version",
"name" : "FX",
"product" : {
"name" : "LANCOM LCOS FX",
"product_id" : "T031787",
"product_identification_helper" : {
"cpe" : "cpe:/o:lancom:lcos:fx"
}
}
}, {
"category" : "product_version",
"name" : "SX 5.20",
"product" : {
"name" : "LANCOM LCOS SX 5.20",
"product_id" : "T031788",
"product_identification_helper" : {
"cpe" : "cpe:/o:lancom:lcos:sx_5.20"
}
}
} ],
"category" : "product_name",
"name" : "lcos"
} ],
"category" : "vendor",
"name" : "lancom"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_version_range",
"name" : "< 0.10.6",
"product" : {
"name" : "Open Source libssh < 0.10.6",
"product_id" : "T031750",
"product_identification_helper" : {
"cpe" : "cpe:/a:libssh:libssh:0.10.6"
}
}
}, {
"category" : "product_version_range",
"name" : "< 0.9.8",
"product" : {
"name" : "Open Source libssh < 0.9.8",
"product_id" : "T031751",
"product_identification_helper" : {
"cpe" : "cpe:/a:libssh:libssh:0.9.8"
}
}
} ],
"category" : "product_name",
"name" : "libssh"
} ],
"category" : "vendor",
"name" : "libssh"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "NetApp Data ONTAP",
"product" : {
"name" : "NetApp Data ONTAP",
"product_id" : "T027038",
"product_identification_helper" : {
"cpe" : "cpe:/a:netapp:data_ontap:9"
}
}
} ],
"category" : "product_name",
"name" : "data_ontap"
}, {
"branches" : [ {
"category" : "product_name",
"name" : "NetApp FAS",
"product" : {
"name" : "NetApp FAS",
"product_id" : "T011540",
"product_identification_helper" : {
"cpe" : "cpe:/h:netapp:fas:-"
}
}
} ],
"category" : "product_name",
"name" : "fas"
} ],
"category" : "vendor",
"name" : "netapp"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_version_range",
"name" : "< 9.6",
"product" : {
"name" : "Open Source OpenSSH < 9.6",
"product_id" : "T031748",
"product_identification_helper" : {
"cpe" : "cpe:/a:openbsd:openssh:9.6"
}
}
} ],
"category" : "product_name",
"name" : "openssh"
} ],
"category" : "vendor",
"name" : "openbsd"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "PaloAlto Networks PAN-OS",
"product" : {
"name" : "PaloAlto Networks PAN-OS",
"product_id" : "T016533",
"product_identification_helper" : {
"cpe" : "cpe:/o:paloaltonetworks:pan-os:-"
}
}
} ],
"category" : "product_name",
"name" : "pan-os"
} ],
"category" : "vendor",
"name" : "paloaltonetworks"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_version_range",
"name" : "< 0.80",
"product" : {
"name" : "Open Source PuTTY < 0.80",
"product_id" : "T031749",
"product_identification_helper" : {
"cpe" : "cpe:/a:simon_tatham:putty:0.80"
}
}
} ],
"category" : "product_name",
"name" : "putty"
} ],
"category" : "vendor",
"name" : "simon_tatham"
}, {
"branches" : [ {
"branches" : [ {
"category" : "product_name",
"name" : "SUSE Linux",
"product" : {
"name" : "SUSE Linux",
"product_id" : "T002207",
"product_identification_helper" : {
"cpe" : "cpe:/o:suse:suse_linux:-"
}
}
} ],
"category" : "product_name",
"name" : "suse_linux"
} ],
"category" : "vendor",
"name" : "suse"
} ]
},
"vulnerabilities" : [ {
"cve" : "CVE-2023-48795",
"notes" : [ {
"category" : "description",
"text" : "Es existiert eine Schwachstelle im SSH-Protokoll. Diese erlaubt es, Integritätsprüfungen zu umgehen, indem Sequenznummern während des Handshakes manipuliert werden. Dadurch ist es möglich, Teile von Nachrichten zu entfernen, ohne einen MAC-Fehler zu verursachen. Ein Angreifer mit Zugriff auf den Netzwerkverkehr kann diese Schwachstelle ausnutzen, um Nachrichten zu entfernen und so die Integrität der Verbindung zu gefährden."
} ],
"product_status" : {
"known_affected" : [ "T029035", "T031788", "T031931", "T031787", "T031930", "4035", "T031778", "T031811", "T011540", "T012167", "T016533", "74185", "2951", "T002207", "T028903", "T000126", "T026954", "T026953", "T027038", "T026553", "T031929" ]
},
"release_date" : "2023-12-18T23:00:00Z",
"title" : "CVE-2023-48795"
} ]
}Results with the current implementation in:
instance path: /document/references
message: not sorted alphabetically
instance path: /document/tracking/revision_history
message: not sorted alphabetically
instance path: /product_tree/branches
message: not sorted alphabetically
instance path: /vulnerabilities/0/product_status/known_affected
message: not sorted alphabetically
instance path: /vulnerabilities/0/product_status/known_affected
message: not sorted alphabeticallyI can't find the JSON keys that are sorted incorrectly - please verify. I think, this the test also checks values which is wrong / not intended by 6.2.13.
Note: The example is not perfect nor conform, but should do the job.
The CSAF standard requires that all "keys in a CSAF document are sorted alphabetically". It looks like the current implementation also checking elements like
/vulnerabilities/product_status[].This must be corrected to reflect the standard.