admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-20 19:01:35 +00:00
parent 12a03dd9e9
commit 01ad921a54
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 215 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

386
2022/0xxx/CVE-2022-0540.json
View File

@ -1,192 +1,198 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2022-04-20T00:00:00",
"ID": "CVE-2022-0540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Core Server",
"version": {
"version_data": [
{
"version_value": "8.13.18",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.6",
"version_affected": "<"
},
{
"version_value": "8.21.0",
"version_affected": ">="
},
{
"version_value": "8.22.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Software Server",
"version": {
"version_data": [
{
"version_value": "8.13.18",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.6",
"version_affected": "<"
},
{
"version_value": "8.21.0",
"version_affected": ">="
},
{
"version_value": "8.22.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Software Data Center",
"version": {
"version_data": [
{
"version_value": "8.13.18",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.6",
"version_affected": "<"
},
{
"version_value": "8.21.0",
"version_affected": ">="
},
{
"version_value": "8.22.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Service Management Server",
"version": {
"version_data": [
{
"version_value": "4.13.18",
"version_affected": "<"
},
{
"version_value": "4.14.0",
"version_affected": ">="
},
{
"version_value": "4.20.6",
"version_affected": "<"
},
{
"version_value": "4.21.0",
"version_affected": ">="
},
{
"version_value": "4.22.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Service Management Data Center",
"version": {
"version_data": [
{
"version_value": "4.13.18",
"version_affected": "<"
},
{
"version_value": "4.14.0",
"version_affected": ">="
},
{
"version_value": "4.20.6",
"version_affected": "<"
},
{
"version_value": "4.21.0",
"version_affected": ">="
},
{
"version_value": "4.22.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2022-04-20T00:00:00",
"ID": "CVE-2022-0540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Core Server",
"version": {
"version_data": [
{
"version_value": "8.13.18",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.6",
"version_affected": "<"
},
{
"version_value": "8.21.0",
"version_affected": ">="
},
{
"version_value": "8.22.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Software Server",
"version": {
"version_data": [
{
"version_value": "8.13.18",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.6",
"version_affected": "<"
},
{
"version_value": "8.21.0",
"version_affected": ">="
},
{
"version_value": "8.22.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Software Data Center",
"version": {
"version_data": [
{
"version_value": "8.13.18",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.6",
"version_affected": "<"
},
{
"version_value": "8.21.0",
"version_affected": ">="
},
{
"version_value": "8.22.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Service Management Server",
"version": {
"version_data": [
{
"version_value": "4.13.18",
"version_affected": "<"
},
{
"version_value": "4.14.0",
"version_affected": ">="
},
{
"version_value": "4.20.6",
"version_affected": "<"
},
{
"version_value": "4.21.0",
"version_affected": ">="
},
{
"version_value": "4.22.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Service Management Data Center",
"version": {
"version_data": [
{
"version_value": "4.13.18",
"version_affected": "<"
},
{
"version_value": "4.14.0",
"version_affected": ">="
},
{
"version_value": "4.20.6",
"version_affected": "<"
},
{
"version_value": "4.21.0",
"version_affected": ">="
},
{
"version_value": "4.22.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20"
},
{
"url": "https://jira.atlassian.com/browse/JRASERVER-73650"
},
{
"url": "https://jira.atlassian.com/browse/JSDSERVER-11224"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20",
"refsource": "MISC",
"name": "https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20"
},
{
"url": "https://jira.atlassian.com/browse/JRASERVER-73650",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JRASERVER-73650"
},
{
"url": "https://jira.atlassian.com/browse/JSDSERVER-11224",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JSDSERVER-11224"
}
]
}
}

5
2022/20xxx/CVE-2022-20720.json
View File

@ -71,6 +71,11 @@
"name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
},
{
"refsource": "MISC",
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-4qmq-rfw6-f2x2",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-4qmq-rfw6-f2x2"
}
]
},

5
2022/20xxx/CVE-2022-20721.json
View File

@ -71,6 +71,11 @@
"name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
},
{
"refsource": "MISC",
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p3w5-w45c-c34x",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p3w5-w45c-c34x"
}
]
},

2
2022/24xxx/CVE-2022-24862.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF. \n"
"value": "Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Server-Side Request Forgery vulnerability. During the download verification process of a JDBC driver the corresponding JDBC driver download address will be downloaded first, but this address will return a response page with complete error information when accessing a non-existent URL. Attackers can take advantage of this feature for SSRF."
}
]
},

2
2022/24xxx/CVE-2022-24864.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to `/presale/join`. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the founders@originprotocol.com. If the email recipient is using an email program that is susceptible to XSS, then that email recipient will receive an email that may contain malicious XSS. Regardless if the email recipients mail program has vulnerabilities or not, the hacker can at the very least inject malicious HTML that modifies the body content of the email. There are currently no known workarounds.\n"
"value": "Origin Protocol is a blockchain based project. The Origin Protocol project website allows for malicious users to inject malicious Javascript via a POST request to `/presale/join`. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the founders@originprotocol.com. If the email recipient is using an email program that is susceptible to XSS, then that email recipient will receive an email that may contain malicious XSS. Regardless if the email recipient\u2019s mail program has vulnerabilities or not, the hacker can at the very least inject malicious HTML that modifies the body content of the email. There are currently no known workarounds."
}
]
},

10
2022/26xxx/CVE-2022-26133.json
View File

@ -87,11 +87,15 @@
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/BSERV-13173"
"url": "https://jira.atlassian.com/browse/BSERV-13173",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/BSERV-13173"
},
{
"url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
"url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
"refsource": "MISC",
"name": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
}
]
}
}
}