From: Zac Dover <zac.dover@proton.me>
Date: Mon, 15 Apr 2024 15:41:51 +0000 (+1000)
Subject: doc/security: update CVE list
X-Git-Tag: v19.1.0~63^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=c61762dd29ce0486267343ff1a5132e2513bdc26;p=ceph.git

doc/security: update CVE list

Update the list of CVEs in doc/security/cves.rst.

Co-authored-by: Ilya Dryomov <idryomov@redhat.com>
Signed-off-by: Zac Dover <zac.dover@proton.me>
(cherry picked from commit 8381259a46fbd04218946b67e73e140cb054e3d8)
---

diff --git a/doc/security/cves.rst b/doc/security/cves.rst
index 8bbccbf64d6ea..fcb3440c70c6a 100644
--- a/doc/security/cves.rst
+++ b/doc/security/cves.rst
@@ -5,6 +5,10 @@ Past vulnerabilities
 +------------+-------------------+-------------+---------------------------------------------+
 | Published  | CVE               | Severity    | Summary                                     |
 +------------+-------------------+-------------+---------------------------------------------+
+| 2023-02-02 | `CVE-2023-46159`_ | Medium      | DoS from RGW                                |
++------------+-------------------+-------------+---------------------------------------------+
+| 2023-01-17 | `CVE-2022-3650`_  | High        | ceph-crash run as user, not root            |
++------------+-------------------+-------------+---------------------------------------------+
 | 2022-07-21 | `CVE-2022-0670`_  | Medium      | Native-CephFS Manila Path-restriction bypass|
 +------------+-------------------+-------------+---------------------------------------------+
 | 2021-05-13 | `CVE-2021-3531`_  | Medium      | Swift API denial of service                 |
@@ -80,6 +84,8 @@ Past vulnerabilities
     CVE-2021-3509 <CVE-2021-3509.rst>
     CVE-2021-20288 <CVE-2021-20288.rst>
 
+.. _CVE-2023-46159: https://nvd.nist.gov/vuln/detail/cve-2023-46159
+.. _CVE-2022-3650: https://nvd.nist.gov/vuln/detail/cve-2022-3650
 .. _CVE-2022-0670: ../CVE-2022-0670
 .. _CVE-2021-3531: ../CVE-2021-3531
 .. _CVE-2021-3524: ../CVE-2021-3524