doc/security: update CVE list

Update the list of CVEs in doc/security/cves.rst.

Co-authored-by: Ilya Dryomov <idryomov@redhat.com>
Signed-off-by: Zac Dover <zac.dover@proton.me>
(cherry picked from commit 8381259a46fbd04218946b67e73e140cb054e3d8)

diff --git a/doc/security/cves.rst b/doc/security/cves.rst
index 8bbccbf64d6ea4a04dd4a60470100029df6eadad..fcb3440c70c6a1045ddca869e686bdbde70eaba8 100644 (file)
--- a/doc/security/cves.rst
+++ b/doc/security/cves.rst
@@ -5,6 +5,10 @@ Past vulnerabilities
 +------------+-------------------+-------------+---------------------------------------------+
 | Published  | CVE               | Severity    | Summary                                     |
 +------------+-------------------+-------------+---------------------------------------------+
+| 2023-02-02 | `CVE-2023-46159`_ | Medium      | DoS from RGW                                |
++------------+-------------------+-------------+---------------------------------------------+
+| 2023-01-17 | `CVE-2022-3650`_  | High        | ceph-crash run as user, not root            |
++------------+-------------------+-------------+---------------------------------------------+
 | 2022-07-21 | `CVE-2022-0670`_  | Medium      | Native-CephFS Manila Path-restriction bypass|
 +------------+-------------------+-------------+---------------------------------------------+
 | 2021-05-13 | `CVE-2021-3531`_  | Medium      | Swift API denial of service                 |
@@ -80,6 +84,8 @@ Past vulnerabilities
     CVE-2021-3509 <CVE-2021-3509.rst>
     CVE-2021-20288 <CVE-2021-20288.rst>
 
+.. _CVE-2023-46159: https://nvd.nist.gov/vuln/detail/cve-2023-46159
+.. _CVE-2022-3650: https://nvd.nist.gov/vuln/detail/cve-2022-3650
 .. _CVE-2022-0670: ../CVE-2022-0670
 .. _CVE-2021-3531: ../CVE-2021-3531
 .. _CVE-2021-3524: ../CVE-2021-3524