A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote unauthenticated attacker to identify and forge requests to internal systems via a specially crafted request allowing the attacker to determine if specific files or paths exist. This issue affects all versions of SCT/SCT Pro prior to version 14.2.2. https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02 https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Why the heck did you add all those CCs? I do not see how this vulnerability would affect me or any of my packages.
Why did you add me to this issue? I'm not maintainer of SCT package.
Apologies, I am working on correcting this. An issue with tooling arose.
This is a result of a tooling mishap. All products listed here are considered NOTAFFECTED.