Security Log

The following high-profile (or widely published) bugs were mitigated or deemed not relevant for ClauseBase:

• 21 July 2025 — CVE-2025-53770 (Sharepoint): As this only affects on-premise installations of Sharepoint, ClauseBase is not vulnerable.

• 23 June 2025 — CVE-2025-6019 (udisks vulnerability): This widely published exploit requires the udisks daemon, which is primarily installed on desktop Linux systems for managing removable storage through GUI interfaces. Our Ubuntu servers don't run udisks as it's unnecessary for server operations. Additionally, the exploit requires local user access.

• 23 June 2025 — CVE-2025-6018 (PAM vulnerability): This widely published vulnerability allows bypassing password prompts when chained with the udisks exploit, but also requires an existing local user session to trigger. Our servers have no local users, no physical access, and only allow authenticated SSH connections behind a firewall.

• 2 July 2024 — Affected (but mitigated through other measures, so probably not exploitable) by the "regreSSHion" exploit in SSH; patched all servers

• 9 June 2024 — ClauseBase is not affected by the 9.8 severity PHP-CGI issue (Windows only).

• 29 March 2024 — ClauseBase is not affected by the xz Utils backdoor.

• 7 June 2023 — ClauseBase is not affected by the VMware Aria Operations for Networks exploit.

• 11 April 2023 — ClauseBase is not affected by the Common Log File System vulnerability (Windows only).

• 24 December 2022 — ClauseBase is not affected by the SMB issue for Linux kernel 5.15.

• 19 May 2022 — ClauseBase is not affected by VMWare security issue CVE-2022-22960 or BIG-IP exploit CVE-2022-1388.

• 21st April 2022 — ClauseBase has been patched against the cryptographic security issue CVE-2022-21449.

• 12 December 2021 — ClauseBase is not affected by the Log4J vulnerability CVE-2021-44228.