From 243e1e1b8463a280d8156795767e4b4cae893db1 Mon Sep 17 00:00:00 2001
From: besawn <38794505+besawn@users.noreply.github.com>
Date: Wed, 8 Mar 2023 13:02:28 -0500
Subject: [PATCH 1/2] Added security advisory documentation for xCAT
 CVE-2023-27486 - zone permissions

---
 docs/source/security/2023/20230308_xcat.rst | 18 ++++++++++++++++++
 docs/source/security/2023/index.rst         |  7 +++++++
 docs/source/security/index.rst              |  1 +
 3 files changed, 26 insertions(+)
 create mode 100644 docs/source/security/2023/20230308_xcat.rst
 create mode 100644 docs/source/security/2023/index.rst

diff --git a/docs/source/security/2023/20230308_xcat.rst b/docs/source/security/2023/20230308_xcat.rst
new file mode 100644
index 000000000..f75e3dee8
--- /dev/null
+++ b/docs/source/security/2023/20230308_xcat.rst
@@ -0,0 +1,18 @@
+2023-03-08 - xCAT Vulnerabilities
+====================================
+
+*Mar 8, 2023*, xCAT announced the following security advisory: https://github.com/xcat2/xcat-core/security/advisories/GHSA-hpxg-7428-6jvv
+
+
+Advisory CVEs
+-------------
+
+* CVE-2023-27486 - **Insufficient authorization validation between zones when xCAT zones are enabled** (Severity: High)
+
+Please see the security bulletin above for patch, upgrade, or suggested work around information.
+
+Action
+------
+
+The issue described in CVE-2023-27486 only impacts users making use of the optional xCAT zones feature. xCAT zones are not enabled by default. Users making use of xCAT zones should upgrade to xCAT 2.16.5 or newer. Users that do not use xCAT zones are not impacted and do not need to upgrade.
+
diff --git a/docs/source/security/2023/index.rst b/docs/source/security/2023/index.rst
new file mode 100644
index 000000000..2f3c9052e
--- /dev/null
+++ b/docs/source/security/2023/index.rst
@@ -0,0 +1,7 @@
+2023 Notices
+============
+
+.. toctree::
+   :maxdepth: 1
+
+   20230308_xcat.rst
diff --git a/docs/source/security/index.rst b/docs/source/security/index.rst
index c97f5e61c..2dd825d56 100644
--- a/docs/source/security/index.rst
+++ b/docs/source/security/index.rst
@@ -4,6 +4,7 @@ Security Notices
 .. toctree::
    :maxdepth: 2
 
+   2023/index.rst
    2018/index.rst
    2017/index.rst
    2016/index.rst

From 85f551e9db5470f68cb5faa7c425b9aa1e64b828 Mon Sep 17 00:00:00 2001
From: besawn <38794505+besawn@users.noreply.github.com>
Date: Wed, 8 Mar 2023 13:30:25 -0500
Subject: [PATCH 2/2] Fixed formatting issue

---
 docs/source/security/2023/20230308_xcat.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/security/2023/20230308_xcat.rst b/docs/source/security/2023/20230308_xcat.rst
index f75e3dee8..6d065e832 100644
--- a/docs/source/security/2023/20230308_xcat.rst
+++ b/docs/source/security/2023/20230308_xcat.rst
@@ -1,5 +1,5 @@
 2023-03-08 - xCAT Vulnerabilities
-====================================
+=================================
 
 *Mar 8, 2023*, xCAT announced the following security advisory: https://github.com/xcat2/xcat-core/security/advisories/GHSA-hpxg-7428-6jvv