Merge pull request #18078 from newrelic/rhs-NR24-02-OpenSSH

Security: Add new bulletin for NR24-02
newrelic · Jul 19, 2024 · 243026e · 243026e
2 parents bcee3e4 + d9b1a90
commit 243026e
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 5 deletions.
diff --git a/...cs/security/new-relic-security/security-bulletins/security-bulletin-nr24-02.mdx b/...cs/security/new-relic-security/security-bulletins/security-bulletin-nr24-02.mdx
@@ -0,0 +1,43 @@
+---
+title:  "NR24-02 - OpenSSH in New Relic Salesforce Exporter"
+tags:
+  - Security
+  - Security bulletin
+  - Salesforce Exporter 
+metaDescription: "Security bulletin for all customers using the New Relic Salesforce Exporter." 
+releaseDate: '2024-07-18' 
+---
+
+<DNT>**Vulnerability Identifier:**</DNT> NR24-02
+
+<DNT>**Priority:**</DNT> High
+
+## Summary
+
+New Relic advises all customers using the New Relic Salesforce Exporter to update to version 2.2.0, which New Relic has released to eliminate a recently announced [vulnerable version of OpenSSH](https://nvd.nist.gov/vuln/detail/CVE-2024-6387).  
+
+## Action required
+
+New Relic is recommending that customers who use the New Relic Salesforce Exporter immediately update to version 2.2.0.
+
+New Relic has provided the following resources to assist with these updates:
+
+* [Salesforce Exporter Release Notes](https://github.com/newrelic/newrelic-salesforce-exporter/releases/tag/2.2.0) 
+* [Detecting & Upgrading on-host deployments](https://github.com/newrelic/newrelic-salesforce-exporter?tab=readme-ov-file#upgrading-on-host-deployments)
+
+If customers are unable to upgrade their New Relic Salesforce Exporter, limit SSH access through network-based controls to minimize the attack risks.
+
+
+
+## Supporting Release Notes
+
+[Salesforce Exporter Release Notes](https://github.com/newrelic/newrelic-salesforce-exporter/releases/tag/2.2.0)
+
+## Technical vulnerability information
+
+[CVE-2024-6387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387)
+
+## Publication History
+
+July 18, 2024 - NR24-02 Published
+
diff --git a/...tent/docs/security/security-privacy/information-security/security-bulletins.mdx b/...tent/docs/security/security-privacy/information-security/security-bulletins.mdx
@@ -594,6 +594,44 @@ Security bulletins for [synthetic monitoring](/docs/synthetics/new-relic-synthet
   </tbody>
 </table>
 
+## Other [#other]
+
+Security bulletins in this general category include a [vulnerability rating](#severity_ratings).
+
+<table>
+  <thead>
+    <tr>
+      <th width={200}>
+        Security bulletin
+      </th>
+
+      <th>
+        Summary and related release notes
+      </th>
+
+      <th width={100}>
+        Rating
+      </th>
+    </tr>
+  </thead>
+
+  <tbody>
+    <tr>
+      <td>
+        [NR24-02](/docs/security/new-relic-security/security-bulletins/security-bulletin-nr24-02), 07/18/2024
+      </td>
+
+      <td>
+        Procedures to address a vulnerability in OpenSSH that affects New Relic Salesforce Exporter.
+      </td>
+
+      <td>
+        High
+      </td>
+    </tr>
+  </tbody>
+</table>
+
 ## Security vulnerability ratings [#severity_ratings]
 
 At New Relic, we use four levels to rate security vulnerability.

diff --git a/src/nav/new-relic-security.yml b/src/nav/new-relic-security.yml
@@ -47,15 +47,17 @@ pages:
         path: /docs/security/security-privacy/information-security/security-bulletins
   - title: Security bulletins
     pages:
-      - title: 'NR24-01 — Security Advisory'
+      - title: 'NR24-02'
+        path: /docs/security/new-relic-security/security-bulletins/security-bulletin-nr24-02
+      - title: 'NR24-01'
         path: /docs/security/new-relic-security/security-bulletins/security-bulletin-nr24-01
-      - title: 'NR23-01 — Security Advisory'
+      - title: 'NR23-01'
         path: /docs/security/new-relic-security/security-bulletins/security-bulletin-nr23-01-security-advisory
-      - title: 'Apache Log4j - CPM, NR22-01'
+      - title: 'NR22-01'
         path: /docs/security/new-relic-security/security-bulletins/security-bulletin-nr22-01
-      - title: 'Apache Log4j - CPM, NR21-04'
+      - title: 'NR21-04'
         path: /docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04
-      - title: 'Apache Log4j - Java, NR21-03'
+      - title: 'NR21-03'
         path: /docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-03
       - title: NRSG22-01
         path: /docs/security/new-relic-security/security-bulletins/security-bulletin-nrsg2202-01