From 015f3996a35b4db01947d8c63b5e590f3e21cbb2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 25 Oct 2023 17:35:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10279.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10280.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10281.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10282.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10283.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10284.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10285.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10286.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10287.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10288.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10289.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10290.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10291.json | 69 +++++++++++----------- 2019/10xxx/CVE-2019-10292.json | 69 +++++++++++----------- 2020/2xxx/CVE-2020-2222.json | 71 +++++++++++------------ 2020/2xxx/CVE-2020-2223.json | 71 +++++++++++------------ 2020/2xxx/CVE-2020-2224.json | 67 +++++++++++----------- 2020/2xxx/CVE-2020-2225.json | 67 +++++++++++----------- 2020/2xxx/CVE-2020-2226.json | 67 +++++++++++----------- 2020/2xxx/CVE-2020-2227.json | 67 +++++++++++----------- 2020/2xxx/CVE-2020-2228.json | 67 +++++++++++----------- 2020/2xxx/CVE-2020-2229.json | 83 +++++++++++++-------------- 2020/2xxx/CVE-2020-2230.json | 83 +++++++++++++-------------- 2020/2xxx/CVE-2020-2231.json | 83 +++++++++++++-------------- 2020/2xxx/CVE-2020-2232.json | 76 +++++++++++++------------ 2020/2xxx/CVE-2020-2233.json | 69 +++++++++++----------- 2020/2xxx/CVE-2020-2234.json | 69 +++++++++++----------- 2020/2xxx/CVE-2020-2235.json | 69 +++++++++++----------- 2021/21xxx/CVE-2021-21604.json | 65 ++++++++++----------- 2021/21xxx/CVE-2021-21605.json | 65 ++++++++++----------- 2021/21xxx/CVE-2021-21606.json | 74 ++++++++++++------------ 2021/21xxx/CVE-2021-21607.json | 65 ++++++++++----------- 2021/21xxx/CVE-2021-21608.json | 65 ++++++++++----------- 2021/21xxx/CVE-2021-21609.json | 65 ++++++++++----------- 2021/21xxx/CVE-2021-21610.json | 65 ++++++++++----------- 2021/21xxx/CVE-2021-21611.json | 65 ++++++++++----------- 2021/21xxx/CVE-2021-21612.json | 61 ++++++++++---------- 2021/21xxx/CVE-2021-21613.json | 61 ++++++++++---------- 2021/21xxx/CVE-2021-21614.json | 61 ++++++++++---------- 2021/21xxx/CVE-2021-21615.json | 74 ++++++++++++------------ 2021/21xxx/CVE-2021-21616.json | 67 +++++++++++----------- 2021/21xxx/CVE-2021-21617.json | 67 +++++++++++----------- 2022/34xxx/CVE-2022-34183.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34184.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34185.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34186.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34187.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34188.json | 61 ++++++++++---------- 2022/34xxx/CVE-2022-34189.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34190.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34191.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34192.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34193.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34194.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34195.json | 79 +++++++++++++++----------- 2022/34xxx/CVE-2022-34196.json | 61 ++++++++++---------- 2023/3xxx/CVE-2023-3828.json | 3 +- 2023/3xxx/CVE-2023-3829.json | 3 +- 2023/3xxx/CVE-2023-3830.json | 3 +- 2023/3xxx/CVE-2023-3831.json | 3 +- 2023/3xxx/CVE-2023-3832.json | 3 +- 2023/3xxx/CVE-2023-3833.json | 3 +- 2023/3xxx/CVE-2023-3834.json | 3 +- 2023/3xxx/CVE-2023-3835.json | 3 +- 2023/3xxx/CVE-2023-3836.json | 3 +- 2023/3xxx/CVE-2023-3837.json | 3 +- 2023/3xxx/CVE-2023-3838.json | 3 +- 2023/3xxx/CVE-2023-3839.json | 3 +- 2023/3xxx/CVE-2023-3840.json | 3 +- 2023/3xxx/CVE-2023-3841.json | 3 +- 2023/3xxx/CVE-2023-3842.json | 3 +- 2023/43xxx/CVE-2023-43508.json | 92 ++++++++++++++++++++++++++++-- 2023/43xxx/CVE-2023-43509.json | 92 ++++++++++++++++++++++++++++-- 2023/43xxx/CVE-2023-43510.json | 92 ++++++++++++++++++++++++++++-- 2023/45xxx/CVE-2023-45837.json | 85 +++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5023.json | 3 +- 2023/5xxx/CVE-2023-5024.json | 3 +- 2023/5xxx/CVE-2023-5721.json | 84 +++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5722.json | 67 ++++++++++++++++++++-- 2023/5xxx/CVE-2023-5723.json | 67 ++++++++++++++++++++-- 2023/5xxx/CVE-2023-5724.json | 84 +++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5725.json | 84 +++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5726.json | 101 +++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5727.json | 101 +++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5728.json | 101 +++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5730.json | 101 +++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5732.json | 84 +++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5757.json | 18 ++++++ 2023/5xxx/CVE-2023-5758.json | 18 ++++++ 89 files changed, 3267 insertions(+), 2020 deletions(-) create mode 100644 2023/5xxx/CVE-2023-5757.json create mode 100644 2023/5xxx/CVE-2023-5758.json diff --git a/2019/10xxx/CVE-2019-10279.json b/2019/10xxx/CVE-2019-10279.json index 7f20e3da406..7eabef67c3b 100644 --- a/2019/10xxx/CVE-2019-10279.json +++ b/2019/10xxx/CVE-2019-10279.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10279", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins jenkins-reviewbot Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-285" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins jenkins-reviewbot Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1091", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1091" } ] diff --git a/2019/10xxx/CVE-2019-10280.json b/2019/10xxx/CVE-2019-10280.json index ba05f37aac4..34a7d23f23a 100644 --- a/2019/10xxx/CVE-2019-10280.json +++ b/2019/10xxx/CVE-2019-10280.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10280", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Assembla Auth Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Assembla Auth Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1093", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1093" } ] diff --git a/2019/10xxx/CVE-2019-10281.json b/2019/10xxx/CVE-2019-10281.json index 52179f30faa..3517b4aaa19 100644 --- a/2019/10xxx/CVE-2019-10281.json +++ b/2019/10xxx/CVE-2019-10281.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10281", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Relution Enterprise Appstore Publisher Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Relution Enterprise Appstore Publisher Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-828", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-828" } ] diff --git a/2019/10xxx/CVE-2019-10282.json b/2019/10xxx/CVE-2019-10282.json index b1e75f17157..300e8999d84 100644 --- a/2019/10xxx/CVE-2019-10282.json +++ b/2019/10xxx/CVE-2019-10282.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10282", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Klaros-Testmanagement Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Klaros-Testmanagement Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-843", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-843" } ] diff --git a/2019/10xxx/CVE-2019-10283.json b/2019/10xxx/CVE-2019-10283.json index 558fa49ae18..fbd6eb63fbf 100644 --- a/2019/10xxx/CVE-2019-10283.json +++ b/2019/10xxx/CVE-2019-10283.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10283", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins mabl Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins mabl Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-946", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-946" } ] diff --git a/2019/10xxx/CVE-2019-10284.json b/2019/10xxx/CVE-2019-10284.json index 5edecedfc61..673d032c78d 100644 --- a/2019/10xxx/CVE-2019-10284.json +++ b/2019/10xxx/CVE-2019-10284.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10284", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Diawi Upload Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Diawi Upload Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-947", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-947" } ] diff --git a/2019/10xxx/CVE-2019-10285.json b/2019/10xxx/CVE-2019-10285.json index fa168d4d3cb..85f1cc0d686 100644 --- a/2019/10xxx/CVE-2019-10285.json +++ b/2019/10xxx/CVE-2019-10285.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10285", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Minio Storage Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Minio Storage Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-955", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-955" } ] diff --git a/2019/10xxx/CVE-2019-10286.json b/2019/10xxx/CVE-2019-10286.json index 9dddfe99140..cba0d09552e 100644 --- a/2019/10xxx/CVE-2019-10286.json +++ b/2019/10xxx/CVE-2019-10286.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10286", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins DeployHub Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins DeployHub Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-959", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-959" } ] diff --git a/2019/10xxx/CVE-2019-10287.json b/2019/10xxx/CVE-2019-10287.json index 15cf14d7c13..9d9c8bd526e 100644 --- a/2019/10xxx/CVE-2019-10287.json +++ b/2019/10xxx/CVE-2019-10287.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10287", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins youtrack-plugin Plugin", - "version": { - "version_data": [ - { - "version_value": "0.7.1 and older" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins youtrack-plugin Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.7.1 and older" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-963", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-963" } ] diff --git a/2019/10xxx/CVE-2019-10288.json b/2019/10xxx/CVE-2019-10288.json index ce5c4df1678..05fb93e7def 100644 --- a/2019/10xxx/CVE-2019-10288.json +++ b/2019/10xxx/CVE-2019-10288.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10288", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Jabber Server Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Jabber Server Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1031", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1031" } ] diff --git a/2019/10xxx/CVE-2019-10289.json b/2019/10xxx/CVE-2019-10289.json index 8291fb58520..87b287cdbdb 100644 --- a/2019/10xxx/CVE-2019-10289.json +++ b/2019/10xxx/CVE-2019-10289.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10289", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Netsparker Cloud Scan Plugin", - "version": { - "version_data": [ - { - "version_value": "1.1.5 and older" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-352" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Netsparker Cloud Scan Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.5 and older" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1032", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1032" } ] diff --git a/2019/10xxx/CVE-2019-10290.json b/2019/10xxx/CVE-2019-10290.json index d81a9581506..20333efdd62 100644 --- a/2019/10xxx/CVE-2019-10290.json +++ b/2019/10xxx/CVE-2019-10290.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10290", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Netsparker Cloud Scan Plugin", - "version": { - "version_data": [ - { - "version_value": "1.1.5 and older" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-285" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Netsparker Cloud Scan Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.5 and older" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1032", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1032" } ] diff --git a/2019/10xxx/CVE-2019-10291.json b/2019/10xxx/CVE-2019-10291.json index 4333dbe734d..d871404efdc 100644 --- a/2019/10xxx/CVE-2019-10291.json +++ b/2019/10xxx/CVE-2019-10291.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10291", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Netsparker Cloud Scan Plugin", - "version": { - "version_data": [ - { - "version_value": "1.1.5 and older" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Netsparker Cloud Scan Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1.5 and older" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1040", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1040" } ] diff --git a/2019/10xxx/CVE-2019-10292.json b/2019/10xxx/CVE-2019-10292.json index cb9d3c0dc0a..34034b05585 100644 --- a/2019/10xxx/CVE-2019-10292.json +++ b/2019/10xxx/CVE-2019-10292.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10292", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Kmap Plugin", - "version": { - "version_data": [ - { - "version_value": "all versions as of 2019-04-03" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-352" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Kmap Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "BID", - "name": "107790", - "url": "http://www.securityfocus.com/bid/107790" + "url": "http://www.securityfocus.com/bid/107790", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/107790" }, { - "refsource": "MLIST", - "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2" + "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/04/12/2" }, { "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1055", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1055" } ] diff --git a/2020/2xxx/CVE-2020-2222.json b/2020/2xxx/CVE-2020-2222.json index a2c114f4d89..b3fca713783 100644 --- a/2020/2xxx/CVE-2020-2222.json +++ b/2020/2xxx/CVE-2020-2222.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2222", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.244", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.235.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.244" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902", "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1902" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5" + "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/07/15/5" } ] } diff --git a/2020/2xxx/CVE-2020-2223.json b/2020/2xxx/CVE-2020-2223.json index 8edb5c2e6f3..2fa126316be 100644 --- a/2020/2xxx/CVE-2020-2223.json +++ b/2020/2xxx/CVE-2020-2223.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2223", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.244", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.235.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.244" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945", "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1945" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5" + "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/07/15/5" } ] } diff --git a/2020/2xxx/CVE-2020-2224.json b/2020/2xxx/CVE-2020-2224.json index 636eaa7fb02..745e7d97852 100644 --- a/2020/2xxx/CVE-2020-2224.json +++ b/2020/2xxx/CVE-2020-2224.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2224", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Matrix Project Plugin", - "version": { - "version_data": [ - { - "version_value": "1.16", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Matrix Project Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.16" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924", "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1924" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5" + "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/07/15/5" } ] } diff --git a/2020/2xxx/CVE-2020-2225.json b/2020/2xxx/CVE-2020-2225.json index faea6ead58b..2e4ec7e281c 100644 --- a/2020/2xxx/CVE-2020-2225.json +++ b/2020/2xxx/CVE-2020-2225.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2225", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Matrix Project Plugin", - "version": { - "version_data": [ - { - "version_value": "1.16", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Matrix Project Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.16" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925", "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1925" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5" + "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/07/15/5" } ] } diff --git a/2020/2xxx/CVE-2020-2226.json b/2020/2xxx/CVE-2020-2226.json index 0e27b3ed37f..edca054443f 100644 --- a/2020/2xxx/CVE-2020-2226.json +++ b/2020/2xxx/CVE-2020-2226.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2226", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Matrix Authorization Strategy Plugin", - "version": { - "version_data": [ - { - "version_value": "2.6.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Matrix Authorization Strategy Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.6.1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1909", "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1909", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1909" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5" + "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/07/15/5" } ] } diff --git a/2020/2xxx/CVE-2020-2227.json b/2020/2xxx/CVE-2020-2227.json index 20287b7f977..2f0430d212d 100644 --- a/2020/2xxx/CVE-2020-2227.json +++ b/2020/2xxx/CVE-2020-2227.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2227", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Deployer Framework Plugin", - "version": { - "version_data": [ - { - "version_value": "1.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Deployer Framework Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1915", "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1915", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1915" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5" + "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/07/15/5" } ] } diff --git a/2020/2xxx/CVE-2020-2228.json b/2020/2xxx/CVE-2020-2228.json index 4efda8055b8..e795d9c8b10 100644 --- a/2020/2xxx/CVE-2020-2228.json +++ b/2020/2xxx/CVE-2020-2228.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2228", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Gitlab Authentication Plugin", - "version": { - "version_data": [ - { - "version_value": "1.5", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-269: Improper Privilege Management" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Gitlab Authentication Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.5" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792", "url": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5" + "url": "http://www.openwall.com/lists/oss-security/2020/07/15/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/07/15/5" } ] } diff --git a/2020/2xxx/CVE-2020-2229.json b/2020/2xxx/CVE-2020-2229.json index 4beda55703c..a6a9eaac4ba 100644 --- a/2020/2xxx/CVE-2020-2229.json +++ b/2020/2xxx/CVE-2020-2229.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2229", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.251", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.235.3", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,28 +21,53 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.251" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955", "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955", - "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4" - }, - { "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html", - "url": "http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html" + "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1955" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/08/12/4" + }, + { + "url": "http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html" } ] } diff --git a/2020/2xxx/CVE-2020-2230.json b/2020/2xxx/CVE-2020-2230.json index c52d101f818..1882aa31723 100644 --- a/2020/2xxx/CVE-2020-2230.json +++ b/2020/2xxx/CVE-2020-2230.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2230", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.251", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.235.3", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,28 +21,53 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.251" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957", "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957", - "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4" - }, - { "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html", - "url": "http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html" + "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1957" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/08/12/4" + }, + { + "url": "http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160443/Jenkins-2.235.3-Cross-Site-Scripting.html" } ] } diff --git a/2020/2xxx/CVE-2020-2231.json b/2020/2xxx/CVE-2020-2231.json index d51c6b34465..0b31cc743be 100644 --- a/2020/2xxx/CVE-2020-2231.json +++ b/2020/2xxx/CVE-2020-2231.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2231", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.251", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.235.3", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,28 +21,53 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.251" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960", "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960", - "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4" - }, - { "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html", - "url": "http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html" + "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1960" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/08/12/4" + }, + { + "url": "http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/160616/Jenkins-2.251-LTS-2.235.3-Cross-Site-Scripting.html" } ] } diff --git a/2020/2xxx/CVE-2020-2232.json b/2020/2xxx/CVE-2020-2232.json index 7fe2f9bfdff..b6a99dd5ee4 100644 --- a/2020/2xxx/CVE-2020-2232.json +++ b/2020/2xxx/CVE-2020-2232.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2232", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Email Extension Plugin", - "version": { - "version_data": [ - { - "version_value": "2.72", - "version_affected": ">=" - }, - { - "version_value": "2.73", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,53 @@ "description": [ { "lang": "eng", - "value": "CWE-319: Cleartext Transmission of Sensitive Information" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Email Extension Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.72", + "version_value": "unspecified" + }, + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.73" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975", "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1975" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4" + "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/08/12/4" } ] } diff --git a/2020/2xxx/CVE-2020-2233.json b/2020/2xxx/CVE-2020-2233.json index d0f96428e85..cb32a2910cf 100644 --- a/2020/2xxx/CVE-2020-2233.json +++ b/2020/2xxx/CVE-2020-2233.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2233", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Pipeline Maven Integration Plugin", - "version": { - "version_data": [ - { - "version_value": "3.8.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-285: Improper Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline Maven Integration Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "3.8.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(1)", - "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(1)", - "refsource": "CONFIRM" + "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%281%29", + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%281%29" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4" + "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/08/12/4" } ] } diff --git a/2020/2xxx/CVE-2020-2234.json b/2020/2xxx/CVE-2020-2234.json index 76b0f0e3273..9f60601ff85 100644 --- a/2020/2xxx/CVE-2020-2234.json +++ b/2020/2xxx/CVE-2020-2234.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2234", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Pipeline Maven Integration Plugin", - "version": { - "version_data": [ - { - "version_value": "3.8.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-285: Improper Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline Maven Integration Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "3.8.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(2)", - "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(2)", - "refsource": "CONFIRM" + "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%282%29", + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%282%29" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4" + "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/08/12/4" } ] } diff --git a/2020/2xxx/CVE-2020-2235.json b/2020/2xxx/CVE-2020-2235.json index 49251ee51bc..a9086df5da7 100644 --- a/2020/2xxx/CVE-2020-2235.json +++ b/2020/2xxx/CVE-2020-2235.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2235", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Pipeline Maven Integration Plugin", - "version": { - "version_data": [ - { - "version_value": "3.8.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline Maven Integration Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "3.8.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(2)", - "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(2)", - "refsource": "CONFIRM" + "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%282%29", + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%282%29" }, { - "refsource": "MLIST", - "name": "[oss-security] 20200812 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4" + "url": "http://www.openwall.com/lists/oss-security/2020/08/12/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/08/12/4" } ] } diff --git a/2021/21xxx/CVE-2021-21604.json b/2021/21xxx/CVE-2021-21604.json index d459fe6cc84..08905783e3d 100644 --- a/2021/21xxx/CVE-2021-21604.json +++ b/2021/21xxx/CVE-2021-21604.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21604", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.274", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.263.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-502: Deserialization of Untrusted Data" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.274" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923" } ] } diff --git a/2021/21xxx/CVE-2021-21605.json b/2021/21xxx/CVE-2021-21605.json index 3bc018626b3..005d528c4ce 100644 --- a/2021/21xxx/CVE-2021-21605.json +++ b/2021/21xxx/CVE-2021-21605.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21605", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.274", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.263.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-20: Improper Input Validation" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.274" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021" } ] } diff --git a/2021/21xxx/CVE-2021-21606.json b/2021/21xxx/CVE-2021-21606.json index 4ca00b87996..4ae3c5c1290 100644 --- a/2021/21xxx/CVE-2021-21606.json +++ b/2021/21xxx/CVE-2021-21606.json @@ -1,44 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21606", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.242", - "version_affected": ">=" - }, - { - "version_value": "2.274", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.263.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -53,18 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-20: Improper Input Validation" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.242", + "version_value": "unspecified" + }, + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.274" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2023", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2023", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2023" } ] } diff --git a/2021/21xxx/CVE-2021-21607.json b/2021/21xxx/CVE-2021-21607.json index 8c8672441e8..15bfc4fe162 100644 --- a/2021/21xxx/CVE-2021-21607.json +++ b/2021/21xxx/CVE-2021-21607.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21607", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.274", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.263.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-789: Memory Allocation with Excessive Size Value" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.274" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2025", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2025", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2025" } ] } diff --git a/2021/21xxx/CVE-2021-21608.json b/2021/21xxx/CVE-2021-21608.json index c3671624e53..10b516e0326 100644 --- a/2021/21xxx/CVE-2021-21608.json +++ b/2021/21xxx/CVE-2021-21608.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21608", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.274", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.263.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.274" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2035", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2035", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2035" } ] } diff --git a/2021/21xxx/CVE-2021-21609.json b/2021/21xxx/CVE-2021-21609.json index acf29396dac..7c4c5c6c7d6 100644 --- a/2021/21xxx/CVE-2021-21609.json +++ b/2021/21xxx/CVE-2021-21609.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21609", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.274", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.263.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-863: Incorrect Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.274" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2047", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2047", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2047" } ] } diff --git a/2021/21xxx/CVE-2021-21610.json b/2021/21xxx/CVE-2021-21610.json index e1a4f140356..ac352f64adf 100644 --- a/2021/21xxx/CVE-2021-21610.json +++ b/2021/21xxx/CVE-2021-21610.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21610", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.274", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.263.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.274" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2153", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2153", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2153" } ] } diff --git a/2021/21xxx/CVE-2021-21611.json b/2021/21xxx/CVE-2021-21611.json index ec72a5f1e06..5333e480416 100644 --- a/2021/21xxx/CVE-2021-21611.json +++ b/2021/21xxx/CVE-2021-21611.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21611", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.274", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.263.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.274" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2171", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2171", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2171" } ] } diff --git a/2021/21xxx/CVE-2021-21612.json b/2021/21xxx/CVE-2021-21612.json index da55e7263a8..ec5ed471cb1 100644 --- a/2021/21xxx/CVE-2021-21612.json +++ b/2021/21xxx/CVE-2021-21612.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21612", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins TraceTronic ECU-TEST Plugin", - "version": { - "version_data": [ - { - "version_value": "2.23.1", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-256: Unprotected Storage of Credentials" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins TraceTronic ECU-TEST Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.23.1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2057" } ] } diff --git a/2021/21xxx/CVE-2021-21613.json b/2021/21xxx/CVE-2021-21613.json index 4716dbe7a89..fb53c936694 100644 --- a/2021/21xxx/CVE-2021-21613.json +++ b/2021/21xxx/CVE-2021-21613.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21613", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins TICS Plugin", - "version": { - "version_data": [ - { - "version_value": "2020.3.0.6", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins TICS Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2020.3.0.6" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2098", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2098", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2098" } ] } diff --git a/2021/21xxx/CVE-2021-21614.json b/2021/21xxx/CVE-2021-21614.json index f1a4109f328..c798bfa4919 100644 --- a/2021/21xxx/CVE-2021-21614.json +++ b/2021/21xxx/CVE-2021-21614.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21614", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Bumblebee HP ALM Plugin", - "version": { - "version_data": [ - { - "version_value": "4.1.5", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-256: Unprotected Storage of Credentials" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Bumblebee HP ALM Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "4.1.5" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2156", "url": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2156", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2156" } ] } diff --git a/2021/21xxx/CVE-2021-21615.json b/2021/21xxx/CVE-2021-21615.json index aa928a696d8..7b545f1e128 100644 --- a/2021/21xxx/CVE-2021-21615.json +++ b/2021/21xxx/CVE-2021-21615.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21615", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.275", - "version_affected": "=" - }, - { - "version_value": "LTS 2.263.2", - "version_affected": "=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.275" + }, + { + "version_affected": "=", + "version_value": "LTS 2.263.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197", "url": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197" }, { - "refsource": "MLIST", - "name": "[oss-security] 20210126 Vulnerability in Jenkins", - "url": "http://www.openwall.com/lists/oss-security/2021/01/26/2" + "url": "http://www.openwall.com/lists/oss-security/2021/01/26/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/01/26/2" } ] } diff --git a/2021/21xxx/CVE-2021-21616.json b/2021/21xxx/CVE-2021-21616.json index 7ed4f70b52c..5dba714dc03 100644 --- a/2021/21xxx/CVE-2021-21616.json +++ b/2021/21xxx/CVE-2021-21616.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21616", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Active Choices Plugin", - "version": { - "version_data": [ - { - "version_value": "2.5.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Active Choices Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.5.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2192", "url": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2192", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2192" }, { - "refsource": "MLIST", - "name": "[oss-security] 20210224 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/02/24/3" + "url": "http://www.openwall.com/lists/oss-security/2021/02/24/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/02/24/3" } ] } diff --git a/2021/21xxx/CVE-2021-21617.json b/2021/21xxx/CVE-2021-21617.json index 7da60753cd9..24df3f238f0 100644 --- a/2021/21xxx/CVE-2021-21617.json +++ b/2021/21xxx/CVE-2021-21617.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21617", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Configuration Slicing Plugin", - "version": { - "version_data": [ - { - "version_value": "1.51", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Configuration Slicing Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.51" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2003", "url": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2003", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2003" }, { - "refsource": "MLIST", - "name": "[oss-security] 20210224 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/02/24/3" + "url": "http://www.openwall.com/lists/oss-security/2021/02/24/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/02/24/3" } ] } diff --git a/2022/34xxx/CVE-2022-34183.json b/2022/34xxx/CVE-2022-34183.json index 6f83624d9ea..7dae8ae3342 100644 --- a/2022/34xxx/CVE-2022-34183.json +++ b/2022/34xxx/CVE-2022-34183.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34183", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Agent Server Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "1.1", - "version_affected": "<=" - }, - { - "version_value": "1.1", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Agent Server Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.1", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.1", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34184.json b/2022/34xxx/CVE-2022-34184.json index b1f7e6f2e4d..5635c2cf70b 100644 --- a/2022/34xxx/CVE-2022-34184.json +++ b/2022/34xxx/CVE-2022-34184.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34184", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins CRX Content Package Deployer Plugin", - "version": { - "version_data": [ - { - "version_value": "1.9", - "version_affected": "<=" - }, - { - "version_value": "1.9", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins CRX Content Package Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.9", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.9", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34185.json b/2022/34xxx/CVE-2022-34185.json index 3ed8a65b395..1f5d327a79a 100644 --- a/2022/34xxx/CVE-2022-34185.json +++ b/2022/34xxx/CVE-2022-34185.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34185", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Date Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "0.0.4", - "version_affected": "<=" - }, - { - "version_value": "0.0.4", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Date Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "0.0.4", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 0.0.4", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34186.json b/2022/34xxx/CVE-2022-34186.json index f7e4d7042f5..3dcf4b40485 100644 --- a/2022/34xxx/CVE-2022-34186.json +++ b/2022/34xxx/CVE-2022-34186.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34186", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Dynamic Extended Choice Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.1", - "version_affected": "<=" - }, - { - "version_value": "1.0.1", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Dynamic Extended Choice Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0.1", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.0.1", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34187.json b/2022/34xxx/CVE-2022-34187.json index 44a16e4cf8d..c2d38961849 100644 --- a/2022/34xxx/CVE-2022-34187.json +++ b/2022/34xxx/CVE-2022-34187.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34187", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Filesystem List Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "0.0.7", - "version_affected": "<=" - }, - { - "version_value": "0.0.7", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Filesystem List Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "0.0.7", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 0.0.7", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34188.json b/2022/34xxx/CVE-2022-34188.json index fa2a611266c..103f8e3dfe2 100644 --- a/2022/34xxx/CVE-2022-34188.json +++ b/2022/34xxx/CVE-2022-34188.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34188", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Hidden Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "0.0.4", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Hidden Parameter Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "0.0.4" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34189.json b/2022/34xxx/CVE-2022-34189.json index 60f79e2dd49..81a3c399835 100644 --- a/2022/34xxx/CVE-2022-34189.json +++ b/2022/34xxx/CVE-2022-34189.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34189", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Image Tag Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "1.10", - "version_affected": "<=" - }, - { - "version_value": "1.10", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Image Tag Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.10", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.10", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34190.json b/2022/34xxx/CVE-2022-34190.json index e2d438b2b00..b27ca21aac2 100644 --- a/2022/34xxx/CVE-2022-34190.json +++ b/2022/34xxx/CVE-2022-34190.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34190", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Maven Metadata Plugin for Jenkins CI server Plugin", - "version": { - "version_data": [ - { - "version_value": "2.1", - "version_affected": "<=" - }, - { - "version_value": "2.1", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Maven Metadata Plugin for Jenkins CI server Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.1", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 2.1", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34191.json b/2022/34xxx/CVE-2022-34191.json index fa6bd5e4489..f2c053f91d2 100644 --- a/2022/34xxx/CVE-2022-34191.json +++ b/2022/34xxx/CVE-2022-34191.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34191", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins NS-ND Integration Performance Publisher Plugin", - "version": { - "version_data": [ - { - "version_value": "4.8.0.77", - "version_affected": "<=" - }, - { - "version_value": "4.8.0.77", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins NS-ND Integration Performance Publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "4.8.0.77", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 4.8.0.77", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34192.json b/2022/34xxx/CVE-2022-34192.json index 0e774589906..9a628d903af 100644 --- a/2022/34xxx/CVE-2022-34192.json +++ b/2022/34xxx/CVE-2022-34192.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34192", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins ontrack Jenkins Plugin", - "version": { - "version_data": [ - { - "version_value": "4.0.0", - "version_affected": "<=" - }, - { - "version_value": "4.0.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins ontrack Jenkins Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "4.0.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 4.0.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34193.json b/2022/34xxx/CVE-2022-34193.json index ce494f32a1f..a32a6744f59 100644 --- a/2022/34xxx/CVE-2022-34193.json +++ b/2022/34xxx/CVE-2022-34193.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34193", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Package Version Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.1", - "version_affected": "<=" - }, - { - "version_value": "1.0.1", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Package Version Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0.1", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.0.1", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34194.json b/2022/34xxx/CVE-2022-34194.json index 8a5ce27c12f..7c8ae0a7c7b 100644 --- a/2022/34xxx/CVE-2022-34194.json +++ b/2022/34xxx/CVE-2022-34194.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34194", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Readonly Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.0", - "version_affected": "<=" - }, - { - "version_value": "1.0.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Readonly Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.0.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34195.json b/2022/34xxx/CVE-2022-34195.json index 704e10636fa..ee663670cf3 100644 --- a/2022/34xxx/CVE-2022-34195.json +++ b/2022/34xxx/CVE-2022-34195.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34195", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Repository Connector Plugin", - "version": { - "version_data": [ - { - "version_value": "2.2.0", - "version_affected": "<=" - }, - { - "version_value": "2.2.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Repository Connector Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.2.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 2.2.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2022/34xxx/CVE-2022-34196.json b/2022/34xxx/CVE-2022-34196.json index 6d04e074e6e..991f8239ce1 100644 --- a/2022/34xxx/CVE-2022-34196.json +++ b/2022/34xxx/CVE-2022-34196.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-34196", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins REST List Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "1.5.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins REST List Parameter Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.5.2" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", "url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784" } ] } diff --git a/2023/3xxx/CVE-2023-3828.json b/2023/3xxx/CVE-2023-3828.json index d7f9a57d4b0..608d7fb5c90 100644 --- a/2023/3xxx/CVE-2023-3828.json +++ b/2023/3xxx/CVE-2023-3828.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3829.json b/2023/3xxx/CVE-2023-3829.json index 58c7735f18b..cb17f0feeda 100644 --- a/2023/3xxx/CVE-2023-3829.json +++ b/2023/3xxx/CVE-2023-3829.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3830.json b/2023/3xxx/CVE-2023-3830.json index 93044665bb6..2a370e98f1a 100644 --- a/2023/3xxx/CVE-2023-3830.json +++ b/2023/3xxx/CVE-2023-3830.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3831.json b/2023/3xxx/CVE-2023-3831.json index d69fe011bcf..0e9e69d744f 100644 --- a/2023/3xxx/CVE-2023-3831.json +++ b/2023/3xxx/CVE-2023-3831.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3832.json b/2023/3xxx/CVE-2023-3832.json index c5df020626c..1fef46f5a91 100644 --- a/2023/3xxx/CVE-2023-3832.json +++ b/2023/3xxx/CVE-2023-3832.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3833.json b/2023/3xxx/CVE-2023-3833.json index 03eed029cbc..8fe0990e0d5 100644 --- a/2023/3xxx/CVE-2023-3833.json +++ b/2023/3xxx/CVE-2023-3833.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3834.json b/2023/3xxx/CVE-2023-3834.json index 37710f7af15..932cd5abab9 100644 --- a/2023/3xxx/CVE-2023-3834.json +++ b/2023/3xxx/CVE-2023-3834.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3835.json b/2023/3xxx/CVE-2023-3835.json index f73d3cefffd..4d9e2fd56d1 100644 --- a/2023/3xxx/CVE-2023-3835.json +++ b/2023/3xxx/CVE-2023-3835.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3836.json b/2023/3xxx/CVE-2023-3836.json index 9c0c7a19852..08da157c7a7 100644 --- a/2023/3xxx/CVE-2023-3836.json +++ b/2023/3xxx/CVE-2023-3836.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/3xxx/CVE-2023-3837.json b/2023/3xxx/CVE-2023-3837.json index 616f64cceb0..8ceed824a60 100644 --- a/2023/3xxx/CVE-2023-3837.json +++ b/2023/3xxx/CVE-2023-3837.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 2.6, - "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "baseSeverity": "LOW" + "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3838.json b/2023/3xxx/CVE-2023-3838.json index 091190520b8..9e2de526df1 100644 --- a/2023/3xxx/CVE-2023-3838.json +++ b/2023/3xxx/CVE-2023-3838.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 3.3, - "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", - "baseSeverity": "LOW" + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3839.json b/2023/3xxx/CVE-2023-3839.json index ebfe936f9fe..a7a6b9aecbf 100644 --- a/2023/3xxx/CVE-2023-3839.json +++ b/2023/3xxx/CVE-2023-3839.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4.3, - "vectorString": "AV:N/AC:H/Au:M/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:H/Au:M/C:P/I:P/A:P" } ] } diff --git a/2023/3xxx/CVE-2023-3840.json b/2023/3xxx/CVE-2023-3840.json index 4218cddd04b..3ec2c0442d7 100644 --- a/2023/3xxx/CVE-2023-3840.json +++ b/2023/3xxx/CVE-2023-3840.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3841.json b/2023/3xxx/CVE-2023-3841.json index c69e8e46772..e1fd428b0fd 100644 --- a/2023/3xxx/CVE-2023-3841.json +++ b/2023/3xxx/CVE-2023-3841.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2023/3xxx/CVE-2023-3842.json b/2023/3xxx/CVE-2023-3842.json index 27a8100ec67..b5d83d528e9 100644 --- a/2023/3xxx/CVE-2023-3842.json +++ b/2023/3xxx/CVE-2023-3842.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6.8, - "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", - "baseSeverity": "MEDIUM" + "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C" } ] } diff --git a/2023/43xxx/CVE-2023-43508.json b/2023/43xxx/CVE-2023-43508.json index 7c8ec0aa23b..69e7ffce035 100644 --- a/2023/43xxx/CVE-2023-43508.json +++ b/2023/43xxx/CVE-2023-43508.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerabilities in the web-based management interface of\u00a0ClearPass Policy Manager allow an attacker with read-only\u00a0privileges to perform actions that change the state of the\u00a0ClearPass Policy Manager instance. Successful exploitation\u00a0of these vulnerabilities allow an attacker to complete\u00a0state-changing actions in the web-based management interface\u00a0that should not be allowed by their current level of\u00a0authorization on the platform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "ClearPass Policy Manager 6.11.x: 6.11.4 and below", + "version_value": "<=6.11.4" + }, + { + "version_affected": "=", + "version_value": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below" + }, + { + "version_affected": "=", + "version_value": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Mateusz Dabrowski (dbrwsky)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43509.json b/2023/43xxx/CVE-2023-43509.json index 2e75a6acda1..4dc47f71f86 100644 --- a/2023/43xxx/CVE-2023-43509.json +++ b/2023/43xxx/CVE-2023-43509.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of\u00a0ClearPass Policy Manager could allow an unauthenticated\u00a0remote attacker to send notifications to computers that are\u00a0running ClearPass OnGuard. These notifications can then be\u00a0used to phish users or trick them into downloading malicious\u00a0software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "ClearPass Policy Manager 6.11.x: 6.11.4 and below", + "version_value": "<=6.11.4" + }, + { + "version_affected": "=", + "version_value": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below" + }, + { + "version_affected": "=", + "version_value": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Luke Young (bugcrowd.com/bored-engineer)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/43xxx/CVE-2023-43510.json b/2023/43xxx/CVE-2023-43510.json index 161cd0b929c..5c31602e846 100644 --- a/2023/43xxx/CVE-2023-43510.json +++ b/2023/43xxx/CVE-2023-43510.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-43510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the ClearPass Policy Manager web-based\u00a0management interface allows remote authenticated users to\u00a0run arbitrary commands on the underlying host. A successful\u00a0exploit could allow an attacker to execute arbitrary\u00a0commands as a non-privileged user on the underlying\u00a0operating system leading to partial system compromise." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hewlett Packard Enterprise (HPE)", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "ClearPass Policy Manager 6.11.x: 6.11.4 and below", + "version_value": "<=6.11.4" + }, + { + "version_affected": "=", + "version_value": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below" + }, + { + "version_affected": "=", + "version_value": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt", + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Jensen (@dozernz)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45837.json b/2023/45xxx/CVE-2023-45837.json index 3543a2ef560..180c06b1cad 100644 --- a/2023/45xxx/CVE-2023-45837.json +++ b/2023/45xxx/CVE-2023-45837.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45837", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <=\u00a02.0 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "XYDAC", + "product": { + "product_data": [ + { + "product_name": "Ultimate Taxonomy Manager", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ultimate-taxonomy-manager/wordpress-ultimate-taxonomy-manager-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ultimate-taxonomy-manager/wordpress-ultimate-taxonomy-manager-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "thiennv (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5023.json b/2023/5xxx/CVE-2023-5023.json index 19c0c74cf87..0fd4378dd57 100644 --- a/2023/5xxx/CVE-2023-5023.json +++ b/2023/5xxx/CVE-2023-5023.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 5.2, - "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/5xxx/CVE-2023-5024.json b/2023/5xxx/CVE-2023-5024.json index e5b4dc284a0..16df28eadd4 100644 --- a/2023/5xxx/CVE-2023-5024.json +++ b/2023/5xxx/CVE-2023-5024.json @@ -107,8 +107,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/5xxx/CVE-2023-5721.json b/2023/5xxx/CVE-2023-5721.json index bf59d789247..48b8ec5d937 100644 --- a/2023/5xxx/CVE-2023-5721.json +++ b/2023/5xxx/CVE-2023-5721.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119 and Firefox ESR < 115.4." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Queued up rendering could have allowed websites to clickjack" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1830820", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1830820" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-46/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Kelsey Gilbert" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5722.json b/2023/5xxx/CVE-2023-5722.json index c64e444174c..eca24bc96e9 100644 --- a/2023/5xxx/CVE-2023-5722.json +++ b/2023/5xxx/CVE-2023-5722.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Origin size and header leakage" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1738426", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1738426" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "annevk" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5723.json b/2023/5xxx/CVE-2023-5723.json index edb5c0577e3..8ba74620e7f 100644 --- a/2023/5xxx/CVE-2023-5723.json +++ b/2023/5xxx/CVE-2023-5723.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Invalid cookie characters could have led to unexpected errors" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1802057", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1802057" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Daniel Veditz" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5724.json b/2023/5xxx/CVE-2023-5724.json index 755bb3fa87b..8dea12c7eb4 100644 --- a/2023/5xxx/CVE-2023-5724.json +++ b/2023/5xxx/CVE-2023-5724.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119 and Firefox ESR < 115.4." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Large WebGL draw could have led to a crash" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1836705", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1836705" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-46/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "pwn2car" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5725.json b/2023/5xxx/CVE-2023-5725.json index ce5d8caf738..f05471e1c40 100644 --- a/2023/5xxx/CVE-2023-5725.json +++ b/2023/5xxx/CVE-2023-5725.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119 and Firefox ESR < 115.4." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WebExtensions could open arbitrary URLs" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1845739", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1845739" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-46/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Shaheen Fazim" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5726.json b/2023/5xxx/CVE-2023-5726.json index 7bd62deff8b..337907e8e67 100644 --- a/2023/5xxx/CVE-2023-5726.json +++ b/2023/5xxx/CVE-2023-5726.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. \n*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Full screen notification obscured by file open dialog on macOS" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-46/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-47/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Edgar Chen and Hafiizh" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5727.json b/2023/5xxx/CVE-2023-5727.json index be9f463f981..e44c3fa6999 100644 --- a/2023/5xxx/CVE-2023-5727.json +++ b/2023/5xxx/CVE-2023-5727.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. \n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1847180", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1847180" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-46/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-47/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Bonardo" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5728.json b/2023/5xxx/CVE-2023-5728.json index 88dd3e66e38..fe056dd0216 100644 --- a/2023/5xxx/CVE-2023-5728.json +++ b/2023/5xxx/CVE-2023-5728.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper object tracking during GC in the JavaScript engine could have led to a crash." + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1852729", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1852729" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-46/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-47/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "anbu" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5730.json b/2023/5xxx/CVE-2023-5730.json index 59995060d6c..70e60915c09 100644 --- a/2023/5xxx/CVE-2023-5730.json +++ b/2023/5xxx/CVE-2023-5730.json @@ -1,18 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "119" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-46/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-47/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Randell Jesup, Andrew McCreight, Jed Davis, and the Mozilla Fuzzing Team" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5732.json b/2023/5xxx/CVE-2023-5732.json index fb2c02544fd..53c85f29dba 100644 --- a/2023/5xxx/CVE-2023-5732.json +++ b/2023/5xxx/CVE-2023-5732.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox ESR < 115.4 and Thunderbird < 115.4." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Address bar spoofing via bidirectional characters" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "115.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1690979", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1690979" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-46/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2023-47/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Armin Ebert" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5757.json b/2023/5xxx/CVE-2023-5757.json new file mode 100644 index 00000000000..746a6247272 --- /dev/null +++ b/2023/5xxx/CVE-2023-5757.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5757", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5758.json b/2023/5xxx/CVE-2023-5758.json new file mode 100644 index 00000000000..b7740f0d758 --- /dev/null +++ b/2023/5xxx/CVE-2023-5758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file