admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-12 00:00:37 +00:00
parent a9e1375c07
commit 02ff99acc5
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
4 changed files with 199 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
2024/28xxx/CVE-2024-28981.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-28981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security.vulnerabilities@hitachivantara.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitachi Vantara",
"product": {
"product_data": [
{
"product_name": "Pentaho Data Integration & Analytics",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0",
"version_value": "9.3.0.8"
},
{
"version_affected": "<",
"version_name": "9.4.0.0",
"version_value": "10.1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/27569056997261--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-1-0-0-including-9-3-x-and-8-3-x-impacted-CVE-2024-28981",
"refsource": "MISC",
"name": "https://support.pentaho.com/hc/en-us/articles/27569056997261--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-1-0-0-including-9-3-x-and-8-3-x-impacted-CVE-2024-28981"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Hitachi Group Member"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
]
}

6
2024/28xxx/CVE-2024-28982.json
View File

@ -73,6 +73,12 @@
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Yesenia Trejo - Strike Security"
}
],
"impact": {
"cvss": [
{

6
2024/28xxx/CVE-2024-28983.json
View File

@ -73,6 +73,12 @@
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Yesenia Trejo - Strike Security"
}
],
"impact": {
"cvss": [
{

105
2024/8xxx/CVE-2024-8706.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in JFinalCMS bis 20240903 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft die Funktion update der Datei /admin/template/update der Komponente com.cms.util.TemplateUtils. Durch Manipulation des Arguments fileName mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Path Traversal",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "JFinalCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "20240903"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.277215",
"refsource": "MISC",
"name": "https://vuldb.com/?id.277215"
},
{
"url": "https://vuldb.com/?ctiid.277215",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.277215"
},
{
"url": "https://vuldb.com/?submit.402346",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.402346"
},
{
"url": "https://gitee.com/heyewei/JFinalcms/issues/IAOSJG",
"refsource": "MISC",
"name": "https://gitee.com/heyewei/JFinalcms/issues/IAOSJG"
},
{
"url": "https://github.com/xingjiuW/cve/blob/main/wh.md",
"refsource": "MISC",
"name": "https://github.com/xingjiuW/cve/blob/main/wh.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "xinjiuW (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
}
]
}