You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficcontrol.apache.org by zr...@apache.org on 2022/02/05 00:25:19 UTC

[trafficcontrol-website] branch asf-site updated: CVE-2022-23206

This is an automated email from the ASF dual-hosted git repository.

zrhoffman pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/trafficcontrol-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 06ce1a6  CVE-2022-23206
06ce1a6 is described below

commit 06ce1a69e4680fbd2fd3dfeb2b16ccf6989a9cd4
Author: Zach Hoffman <zr...@apache.org>
AuthorDate: Fri Feb 4 17:22:59 2022 -0700

    CVE-2022-23206
---
 security/index.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/index.html b/security/index.html
index dd5b33c..0fd96bd 100644
--- a/security/index.html
+++ b/security/index.html
@@ -103,6 +103,7 @@
                     <div class="card-body">
                         <h4 class="card-title">Past Vulnerabilities</h4>
                         <ul>
+                            <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23206">Apache Traffic Control: Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth</a></li>
                             <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43350">CVE-2021-43350: Apache Traffic
                                     Control: LDAP filter injection vulnerability in Traffic Ops</a></li>
                             <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42009">CVE-2021-42009: Apache Traffic