From 0475ef7e8f805e0438dde14dc177caf96aea546c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 12 Mar 2025 21:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/25xxx/CVE-2025-25291.json | 101 +++++++++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25292.json | 101 +++++++++++++++++++++++++++++++-- 2025/25xxx/CVE-2025-25293.json | 92 ++++++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27407.json | 5 ++ 2025/29xxx/CVE-2025-29980.json | 18 ++++++ 2025/2xxx/CVE-2025-2268.json | 18 ++++++ 2025/2xxx/CVE-2025-2269.json | 18 ++++++ 7 files changed, 341 insertions(+), 12 deletions(-) create mode 100644 2025/29xxx/CVE-2025-29980.json create mode 100644 2025/2xxx/CVE-2025-2268.json create mode 100644 2025/2xxx/CVE-2025-2269.json diff --git a/2025/25xxx/CVE-2025-25291.json b/2025/25xxx/CVE-2025-25291.json index d87ad7d0bf3..ce363fa76cd 100644 --- a/2025/25xxx/CVE-2025-25291.json +++ b/2025/25xxx/CVE-2025-25291.json @@ -1,18 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25291", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-436: Interpretation Conflict", + "cweId": "CWE-436" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAML-Toolkits", + "product": { + "product_data": [ + { + "product_name": "ruby-saml", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.12.4" + }, + { + "version_affected": "=", + "version_value": ">= 1.13.0, < 1.18.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm" + }, + { + "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv", + "refsource": "MISC", + "name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97" + }, + { + "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0" + } + ] + }, + "source": { + "advisory": "GHSA-4vc4-m8qh-g8jm", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25292.json b/2025/25xxx/CVE-2025-25292.json index 9e23aa6cb8a..18025417336 100644 --- a/2025/25xxx/CVE-2025-25292.json +++ b/2025/25xxx/CVE-2025-25292.json @@ -1,18 +1,111 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25292", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-436: Interpretation Conflict", + "cweId": "CWE-436" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAML-Toolkits", + "product": { + "product_data": [ + { + "product_name": "ruby-saml", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.12.4" + }, + { + "version_affected": "=", + "version_value": ">= 1.13.0, < 1.18.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2" + }, + { + "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv", + "refsource": "MISC", + "name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97" + }, + { + "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0" + } + ] + }, + "source": { + "advisory": "GHSA-754f-8gm6-c4r2", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/25xxx/CVE-2025-25293.json b/2025/25xxx/CVE-2025-25293.json index 8ef35778b6c..ec8bc0dab91 100644 --- a/2025/25xxx/CVE-2025-25293.json +++ b/2025/25xxx/CVE-2025-25293.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-25293", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAML-Toolkits", + "product": { + "product_data": [ + { + "product_name": "ruby-saml", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.12.4" + }, + { + "version_affected": "=", + "version_value": ">= 1.13.0, < 1.18.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq" + }, + { + "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv", + "refsource": "MISC", + "name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1" + }, + { + "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4" + }, + { + "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", + "refsource": "MISC", + "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0" + } + ] + }, + "source": { + "advisory": "GHSA-92rq-c8cf-prrq", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27407.json b/2025/27xxx/CVE-2025-27407.json index cc6d22c6d6b..d22b5fd2b00 100644 --- a/2025/27xxx/CVE-2025-27407.json +++ b/2025/27xxx/CVE-2025-27407.json @@ -118,6 +118,11 @@ "refsource": "MISC", "name": "https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367" }, + { + "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released" + }, { "url": "https://github.com/github-community-projects/graphql-client", "refsource": "MISC", diff --git a/2025/29xxx/CVE-2025-29980.json b/2025/29xxx/CVE-2025-29980.json new file mode 100644 index 00000000000..b60aeed6e09 --- /dev/null +++ b/2025/29xxx/CVE-2025-29980.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29980", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2268.json b/2025/2xxx/CVE-2025-2268.json new file mode 100644 index 00000000000..bbede833ae6 --- /dev/null +++ b/2025/2xxx/CVE-2025-2268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2269.json b/2025/2xxx/CVE-2025-2269.json new file mode 100644 index 00000000000..0ede8c7f0d2 --- /dev/null +++ b/2025/2xxx/CVE-2025-2269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file