diff --git a/2023/4xxx/CVE-2023-4895.json b/2023/4xxx/CVE-2023-4895.json index 93b0beb03ac..10b0e36aa8c 100644 --- a/2023/4xxx/CVE-2023-4895.json +++ b/2023/4xxx/CVE-2023-4895.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.0", + "version_value": "16.7.6" + }, + { + "version_affected": "<", + "version_name": "16.8", + "version_value": "16.8.3" + }, + { + "version_affected": "<", + "version_name": "16.9", + "version_value": "16.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/424766", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/424766" + }, + { + "url": "https://hackerone.com/reports/2134787", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2134787" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.1, 16.8.3, 16.7.6 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [albatraoz](https://hackerone.com/albatraoz) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/1xxx/CVE-2024-1485.json b/2024/1xxx/CVE-2024-1485.json index 07c12b6a8c4..5733dabcf28 100644 --- a/2024/1xxx/CVE-2024-1485.json +++ b/2024/1xxx/CVE-2024-1485.json @@ -62,7 +62,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -75,7 +75,7 @@ { "version_value": "not down converted", "x_cve_json_5_version_data": { - "defaultStatus": "unknown" + "defaultStatus": "affected" } } ] @@ -99,10 +99,20 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106" }, + { + "url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm", + "refsource": "MISC", + "name": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm" + }, { "url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d", "refsource": "MISC", "name": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d" + }, + { + "url": "https://github.com/devfile/registry-support/pull/197", + "refsource": "MISC", + "name": "https://github.com/devfile/registry-support/pull/197" } ] }, diff --git a/2024/1xxx/CVE-2024-1731.json b/2024/1xxx/CVE-2024-1731.json new file mode 100644 index 00000000000..81437c4fab7 --- /dev/null +++ b/2024/1xxx/CVE-2024-1731.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1731", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/25xxx/CVE-2024-25251.json b/2024/25xxx/CVE-2024-25251.json index a00e180c9fe..5a2eb5a7581 100644 --- a/2024/25xxx/CVE-2024-25251.json +++ b/2024/25xxx/CVE-2024-25251.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25251", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25251", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://code-projects.org/agro-school-management-system-in-php-with-source-code/", + "refsource": "MISC", + "name": "https://code-projects.org/agro-school-management-system-in-php-with-source-code/" + }, + { + "refsource": "MISC", + "name": "https://github.com/ASR511-OO7/CVE-2024-25251/blob/main/CVE-17", + "url": "https://github.com/ASR511-OO7/CVE-2024-25251/blob/main/CVE-17" } ] } diff --git a/2024/25xxx/CVE-2024-25423.json b/2024/25xxx/CVE-2024-25423.json index 35fcfe5b310..da0ced3078f 100644 --- a/2024/25xxx/CVE-2024-25423.json +++ b/2024/25xxx/CVE-2024-25423.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25423", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25423", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://cinema.com", + "refsource": "MISC", + "name": "http://cinema.com" + }, + { + "url": "http://maxon.com", + "refsource": "MISC", + "name": "http://maxon.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/DriverUnload/cve-2024-25423", + "url": "https://github.com/DriverUnload/cve-2024-25423" } ] }