Werk 17145 was adapted. The following is the new Werk, a diff is shown at the end of the
message.
Title: Information leak in mknotifyd
Class: security
Compatible: compat
Component: notifications
Date: 1721042620
Edition: cee
Level: 1
Version: 2.2.0p36
When a notification context is sent to mknotifyd a "result message" is generated
by mknotifyd and sent back so the original site so it can show if there were problems
handling that notification.
This result message could contain secrets that were not meant to be sent to remote sites,
e.g. passwords/secrets.
These secrets were not processed by the remote site but a rough site would have been able
to retrieve these.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 5.3 Medium
(<code>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</code>) and assigned
<code>CVE-2024-6747</code>.
------------------------------------<diff>-------------------------------------------
Title: Information leak in mknotifyd
Class: security
Compatible: compat
Component: notifications
Date: 1721042620
Edition: cee
Level: 1
- Version: 2.2.0p35
? ^
+ Version: 2.2.0p36
? ^
When a notification context is sent to mknotifyd a "result message" is
generated by mknotifyd and sent back so the original site so it can show if there were
problems handling that notification.
This result message could contain secrets that were not meant to be sent to remote
sites, e.g. passwords/secrets.
These secrets were not processed by the remote site but a rough site would have been
able to retrieve these.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 5.3 Medium
(<code>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</code>) and assigned
<code>CVE-2024-6747</code>.