Vulnerability Report (User Notification)
Template: Security Advisory for Users
Security Advisory: [Product Name] -- [CVE-ID]
Published: [YYYY-MM-DD] Last Updated: [YYYY-MM-DD] Severity: [CRITICAL / HIGH / MEDIUM] CVE: [CVE-YYYY-XXXXX]
Summary
[1-2 sentences describing the vulnerability and its impact]
Affected Versions
| Product | Affected Versions | Fixed Version |
|---|---|---|
| [Name] | [< v1.3.3] | [v1.3.3] |
Vulnerability
Description: [Clear description of the vulnerability for end users]
Impact: [What could an attacker do? What data/functions are at risk?]
Severity:
- CVSS Score: [X.X]
- Attack Vector: [Network / Local / Physical]
Recommended Action
Immediate:
- Update to version [X.Y.Z]
For Containers:
bash
docker pull ghcr.io/bauer-group/[image]:[new-tag]For Firmware: [Specific update instructions]
Workaround (if an update is not immediately possible): [Description of temporary measures]
Timeline
| Date | Event |
|---|---|
| [Date] | Vulnerability identified |
| [Date] | Patch developed and tested |
| [Date] | Patch released (v[X.Y.Z]) |
| [Date] | Security advisory published |
Further Information
- GitHub Security Advisory: [Link]
- Release Notes: [Link]
- SBOM: [Link]
Contact
For questions regarding this vulnerability: disclosure@cra.docs.bauer-group.com
Credit
[If the vulnerability was reported by an external researcher and they wish to be credited]