From 06ee5685480b2237c225d2529757684ce3451ac2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 Mar 2025 06:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36843.json | 67 ++++++++++++++++++++++ 2024/11xxx/CVE-2024-11218.json | 23 +++++++- 2024/12xxx/CVE-2024-12380.json | 100 +++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13054.json | 100 +++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13884.json | 81 ++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13885.json | 81 ++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13891.json | 81 ++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8402.json | 100 +++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9675.json | 25 ++++++++- 2025/0xxx/CVE-2025-0652.json | 100 +++++++++++++++++++++++++++++++-- 2025/29xxx/CVE-2025-29981.json | 18 ++++++ 2025/29xxx/CVE-2025-29982.json | 18 ++++++ 2025/29xxx/CVE-2025-29983.json | 18 ++++++ 2025/29xxx/CVE-2025-29984.json | 18 ++++++ 2025/29xxx/CVE-2025-29985.json | 18 ++++++ 2025/29xxx/CVE-2025-29986.json | 18 ++++++ 2025/29xxx/CVE-2025-29987.json | 18 ++++++ 2025/29xxx/CVE-2025-29988.json | 18 ++++++ 2025/29xxx/CVE-2025-29989.json | 18 ++++++ 2025/29xxx/CVE-2025-29990.json | 18 ++++++ 2025/29xxx/CVE-2025-29991.json | 18 ++++++ 2025/29xxx/CVE-2025-29992.json | 18 ++++++ 22 files changed, 938 insertions(+), 36 deletions(-) create mode 100644 2020/36xxx/CVE-2020-36843.json create mode 100644 2025/29xxx/CVE-2025-29981.json create mode 100644 2025/29xxx/CVE-2025-29982.json create mode 100644 2025/29xxx/CVE-2025-29983.json create mode 100644 2025/29xxx/CVE-2025-29984.json create mode 100644 2025/29xxx/CVE-2025-29985.json create mode 100644 2025/29xxx/CVE-2025-29986.json create mode 100644 2025/29xxx/CVE-2025-29987.json create mode 100644 2025/29xxx/CVE-2025-29988.json create mode 100644 2025/29xxx/CVE-2025-29989.json create mode 100644 2025/29xxx/CVE-2025-29990.json create mode 100644 2025/29xxx/CVE-2025-29991.json create mode 100644 2025/29xxx/CVE-2025-29992.json diff --git a/2020/36xxx/CVE-2020-36843.json b/2020/36xxx/CVE-2020-36843.json new file mode 100644 index 00000000000..972568f8206 --- /dev/null +++ b/2020/36xxx/CVE-2020-36843.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-36843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/str4d/ed25519-java/issues/82#issue-727629226", + "refsource": "MISC", + "name": "https://github.com/str4d/ed25519-java/issues/82#issue-727629226" + }, + { + "url": "https://eprint.iacr.org/2020/1244", + "refsource": "MISC", + "name": "https://eprint.iacr.org/2020/1244" + } + ] + } +} \ No newline at end of file diff --git a/2024/11xxx/CVE-2024-11218.json b/2024/11xxx/CVE-2024-11218.json index 558bf9ad05d..67892ac094c 100644 --- a/2024/11xxx/CVE-2024-11218.json +++ b/2024/11xxx/CVE-2024-11218.json @@ -289,7 +289,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-22.rhaos4.14.el8", + "version": "3:4.4.1-22.rhaos4.14.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -318,6 +318,20 @@ ], "defaultStatus": "affected" } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "415.92.202503060749-0", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } } ] } @@ -394,7 +408,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "2:1.33.12-1.rhaos4.17.el9", + "version": "2:1.33.12-1.rhaos4.17.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -543,6 +557,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:1914" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:2454", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:2454" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-11218", "refsource": "MISC", diff --git a/2024/12xxx/CVE-2024-12380.json b/2024/12xxx/CVE-2024-12380.json index d0d70742ad6..9a1b3ce77e6 100644 --- a/2024/12xxx/CVE-2024-12380.json +++ b/2024/12xxx/CVE-2024-12380.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209: Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.5", + "version_value": "17.7.7" + }, + { + "version_affected": "<", + "version_name": "17.8", + "version_value": "17.8.5" + }, + { + "version_affected": "<", + "version_name": "17.9", + "version_value": "17.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508557", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/508557" + }, + { + "url": "https://hackerone.com/reports/2868951", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2868951" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to version 17.9.2, 17.8.5, 17.7.7" + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [sigitsetiawansss](https://hackerone.com/sigitsetiawansss) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13054.json b/2024/13xxx/CVE-2024-13054.json index 8312c038a9b..fcca67128eb 100644 --- a/2024/13xxx/CVE-2024-13054.json +++ b/2024/13xxx/CVE-2024-13054.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "17.7.7" + }, + { + "version_affected": "<", + "version_name": "17.8", + "version_value": "17.8.5" + }, + { + "version_affected": "<", + "version_name": "17.9", + "version_value": "17.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/511004", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/511004" + }, + { + "url": "https://hackerone.com/reports/2911928", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2911928" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to version 17.9.2, 17.8.5, 17.7.7" + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [sim4n6](https://hackerone.com/sim4n6) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/13xxx/CVE-2024-13884.json b/2024/13xxx/CVE-2024-13884.json index 6abfd176f08..ce9fe79fdca 100644 --- a/2024/13xxx/CVE-2024-13884.json +++ b/2024/13xxx/CVE-2024-13884.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Limit Bio", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/759a60ac-c890-4961-91e4-53db5096eb3c/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/759a60ac-c890-4961-91e4-53db5096eb3c/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Hassan Khan Yusufzai - Splint3r7" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13885.json b/2024/13xxx/CVE-2024-13885.json index 5bcb6baad57..c39cdbc9516 100644 --- a/2024/13xxx/CVE-2024-13885.json +++ b/2024/13xxx/CVE-2024-13885.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13885", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP e-Customers Beta", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "0.0.1" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/b64d17d6-8416-476e-ad78-b7b9cb85b84f/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/b64d17d6-8416-476e-ad78-b7b9cb85b84f/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Hassan Khan Yusufzai - Splint3r7" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13891.json b/2024/13xxx/CVE-2024-13891.json index c176beb139a..f296be505f5 100644 --- a/2024/13xxx/CVE-2024-13891.json +++ b/2024/13xxx/CVE-2024-13891.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13891", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Schedule", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.0.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/58c8b73c-3a29-4a66-9b2e-f24b5c2769ac/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/58c8b73c-3a29-4a66-9b2e-f24b5c2769ac/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Hassan Khan Yusufzai - Splint3r7" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8402.json b/2024/8xxx/CVE-2024-8402.json index 0914e88422c..909a38a3efd 100644 --- a/2024/8xxx/CVE-2024-8402.json +++ b/2024/8xxx/CVE-2024-8402.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.7.7" + }, + { + "version_affected": "<", + "version_name": "17.8", + "version_value": "17.8.5" + }, + { + "version_affected": "<", + "version_name": "17.9", + "version_value": "17.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/482813", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/482813" + }, + { + "url": "https://hackerone.com/reports/2601569", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2601569" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 17.7.7, 17.8.5, 17.9.2." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" } ] } diff --git a/2024/9xxx/CVE-2024-9675.json b/2024/9xxx/CVE-2024-9675.json index 3c41f9cb0cd..70da9e5cfd9 100644 --- a/2024/9xxx/CVE-2024-9675.json +++ b/2024/9xxx/CVE-2024-9675.json @@ -288,7 +288,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-15.rhaos4.13.el8", + "version": "3:4.4.1-16.rhaos4.13.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -309,7 +309,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "3:4.4.1-21.rhaos4.14.el8", + "version": "3:4.4.1-21.rhaos4.14.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -338,6 +338,20 @@ ], "defaultStatus": "affected" } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v4.15.0-202503060734.p0.gbc0b789.assembly.stream.el8", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } } ] } @@ -372,7 +386,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "5:5.2.2-1.rhaos4.17.el8", + "version": "5:5.2.2-1.rhaos4.17.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -587,6 +601,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:2449" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:2454", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:2454" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-9675", "refsource": "MISC", diff --git a/2025/0xxx/CVE-2025-0652.json b/2025/0xxx/CVE-2025-0652.json index 43990111a55..6c65b6b73d2 100644 --- a/2025/0xxx/CVE-2025-0652.json +++ b/2025/0xxx/CVE-2025-0652.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.9", + "version_value": "17.7.7" + }, + { + "version_affected": "<", + "version_name": "17.8", + "version_value": "17.8.5" + }, + { + "version_affected": "<", + "version_name": "17.9", + "version_value": "17.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/514532", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/514532" + }, + { + "url": "https://hackerone.com/reports/2947863", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2947863" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 17.7.7, 17.8.5, 17.9.2." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [foxribeye](https://hackerone.com/foxribeye) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/29xxx/CVE-2025-29981.json b/2025/29xxx/CVE-2025-29981.json new file mode 100644 index 00000000000..e2ea76ca4cb --- /dev/null +++ b/2025/29xxx/CVE-2025-29981.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29981", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29982.json b/2025/29xxx/CVE-2025-29982.json new file mode 100644 index 00000000000..2e9312e0b92 --- /dev/null +++ b/2025/29xxx/CVE-2025-29982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29983.json b/2025/29xxx/CVE-2025-29983.json new file mode 100644 index 00000000000..a1926e522b5 --- /dev/null +++ b/2025/29xxx/CVE-2025-29983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29984.json b/2025/29xxx/CVE-2025-29984.json new file mode 100644 index 00000000000..e6e0a0796a6 --- /dev/null +++ b/2025/29xxx/CVE-2025-29984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29985.json b/2025/29xxx/CVE-2025-29985.json new file mode 100644 index 00000000000..2ce127c9fb6 --- /dev/null +++ b/2025/29xxx/CVE-2025-29985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29986.json b/2025/29xxx/CVE-2025-29986.json new file mode 100644 index 00000000000..24cf842f118 --- /dev/null +++ b/2025/29xxx/CVE-2025-29986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29987.json b/2025/29xxx/CVE-2025-29987.json new file mode 100644 index 00000000000..a0355395aaa --- /dev/null +++ b/2025/29xxx/CVE-2025-29987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29988.json b/2025/29xxx/CVE-2025-29988.json new file mode 100644 index 00000000000..8cccf3364e9 --- /dev/null +++ b/2025/29xxx/CVE-2025-29988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29989.json b/2025/29xxx/CVE-2025-29989.json new file mode 100644 index 00000000000..4ca32ccdbcb --- /dev/null +++ b/2025/29xxx/CVE-2025-29989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29990.json b/2025/29xxx/CVE-2025-29990.json new file mode 100644 index 00000000000..9aeec753e46 --- /dev/null +++ b/2025/29xxx/CVE-2025-29990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29991.json b/2025/29xxx/CVE-2025-29991.json new file mode 100644 index 00000000000..7dea4c18a67 --- /dev/null +++ b/2025/29xxx/CVE-2025-29991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/29xxx/CVE-2025-29992.json b/2025/29xxx/CVE-2025-29992.json new file mode 100644 index 00000000000..ea273dd5cee --- /dev/null +++ b/2025/29xxx/CVE-2025-29992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-29992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file