docs: update security policy and add CVE info (#24769)

2026-04-17 15:15:20 +00:00 · 2023-07-26 14:21:26 +01:00
parent a9c4472d25
commit 165afee55a
4 changed files with 71 additions and 2 deletions
--- a/docs/docs/security/_category_.json
+++ b/docs/docs/security/_category_.json
@@ -0,0 +1,4 @@
+{
+  "label": "Security",
+  "position": 10
+}
--- a/docs/docs/security/cves.mdx
+++ b/docs/docs/security/cves.mdx
@@ -0,0 +1,27 @@
+---
+title: CVEs by release
+hide_title: true
+sidebar_position: 2
+---
+
+#### Version 2.1.0
+
+| CVE            | Title                                                                   | Affected          |
+| :------------- | :---------------------------------------------------------------------- | -----------------:|
+| CVE-2023-25504 | Possible SSRF on import datasets                                        | <= 2.1.0          |
+| CVE-2023-27524 | Session validation vulnerability when using provided default SECRET_KEY | <= 2.1.0          |
+| CVE-2023-27525 | Incorrect default permissions for Gamma role                            | <= 2.1.0          |
+| CVE-2023-30776 | Database connection password leak                                       | <= 2.1.0          |
+
+
+#### Version 2.0.1
+
+| CVE            | Title                                                       | Affected          |
+| :------------- | :---------------------------------------------------------- | -----------------:|
+| CVE-2022-41703 | SQL injection vulnerability in adhoc clauses                | < 2.0.1 or <1.5.2 |
+| CVE-2022-43717 | Cross-Site Scripting on dashboards                          | < 2.0.1 or <1.5.2 |
+| CVE-2022-43718 | Cross-Site Scripting vulnerability on upload forms          | < 2.0.1 or <1.5.2 |
+| CVE-2022-43719 | Cross Site Request Forgery (CSRF) on accept, request access | < 2.0.1 or <1.5.2 |
+| CVE-2022-43720 | Improper rendering of user input                            | < 2.0.1 or <1.5.2 |
+| CVE-2022-43721 | Open Redirect Vulnerability                                 | < 2.0.1 or <1.5.2 |
+| CVE-2022-45438 | Dashboard metadata information leak                         | < 2.0.1 or <1.5.2 |
--- a/docs/docs/security/security.mdx
+++ b/docs/docs/security/security.mdx
@@ -1,7 +1,7 @@
 ---
-title: Security
+title: Role based Access
 hide_title: true
-sidebar_position: 10
+sidebar_position: 1
 ---

 ### Roles