From 60ede4b148c4aea54660764bfe834f0fba676032 Mon Sep 17 00:00:00 2001 From: Postmodern Date: Thu, 21 Nov 2024 12:37:11 -0800 Subject: [PATCH] DRY up the links in the markdown description --- gems/pwpush/CVE-2024-52796.yml | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/gems/pwpush/CVE-2024-52796.yml b/gems/pwpush/CVE-2024-52796.yml index cd037c6e1a..3b31406e96 100644 --- a/gems/pwpush/CVE-2024-52796.yml +++ b/gems/pwpush/CVE-2024-52796.yml @@ -9,16 +9,13 @@ description: | ### Impact Password Pusher comes with a configurable rate limiter. - In versions prior to - [v1.49.0](https://github.com/pglombardo/PasswordPusher/releases/tag/v1.49.0), - the rate limiter could be bypassed by forging proxy headers allowing - bad actors to send unlimited traffic to the site potentially causing - a denial of service. + In versions prior to [v1.49.0], the rate limiter could be bypassed by forging + proxy headers allowing bad actors to send unlimited traffic to the site + potentially causing a denial of service. ### Patches - In [v1.49.0](https://github.com/pglombardo/PasswordPusher/releases/tag/v1.49.0), - a fix was implemented to only authorize proxies on local IPs which + In [v1.49.0], a fix was implemented to only authorize proxies on local IPs which resolves this issue. If you are running a remote proxy, please see @@ -27,9 +24,7 @@ description: | ### Workarounds - It is highly suggested to upgrade to at least - [v1.49.0](https://github.com/pglombardo/PasswordPusher/releases/tag/v1.49.0) - to mitigate this risk. + It is highly suggested to upgrade to at least [v1.49.0] to mitigate this risk. If for some reason you cannot immediately upgrade, the alternative is that you can add rules to your proxy and/or firewall to not @@ -37,8 +32,10 @@ description: | ### References - The new settings are - [configurable to authorize remote proxies](https://docs.pwpush.com/docs/proxies/#trusted-proxies). + The new settings are [configurable to authorize remote proxies][1]. + + [v1.49.0]: https://github.com/pglombardo/PasswordPusher/releases/tag/v1.49.0 + [1]: https://docs.pwpush.com/docs/proxies/#trusted-proxies cvss_v3: 5.3 patched_versions: - ">= 1.49.0"