From 0baf8505da6b5105948e6ac5c70de908ffc82c57 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Aug 2022 17:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/20xxx/CVE-2020-20277.json | 5 + 2022/23xxx/CVE-2022-23733.json | 169 +++++++++++++++++---------------- 2022/2xxx/CVE-2022-2631.json | 168 ++++++++++++++++---------------- 3 files changed, 175 insertions(+), 167 deletions(-) diff --git a/2020/20xxx/CVE-2020-20277.json b/2020/20xxx/CVE-2020-20277.json index 854bd8e04d8..4756fb2b464 100644 --- a/2020/20xxx/CVE-2020-20277.json +++ b/2020/20xxx/CVE-2020-20277.json @@ -61,6 +61,11 @@ "url": "https://arinerron.com/blog/posts/6", "refsource": "MISC", "name": "https://arinerron.com/blog/posts/6" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/167908/uftpd-2.10-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/167908/uftpd-2.10-Directory-Traversal.html" } ] } diff --git a/2022/23xxx/CVE-2022-23733.json b/2022/23xxx/CVE-2022-23733.json index 32290f1e232..6e4f47d8dbd 100644 --- a/2022/23xxx/CVE-2022-23733.json +++ b/2022/23xxx/CVE-2022-23733.json @@ -1,91 +1,94 @@ { - "CVE_data_meta": { - "ASSIGNER": "product-cna@github.com", - "ID": "CVE-2022-23733", - "STATE": "PUBLIC", - "TITLE": "Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "GitHub Enterprise Server", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.3", - "version_value": "3.3.11" + "CVE_data_meta": { + "ASSIGNER": "product-cna@github.com", + "ID": "CVE-2022-23733", + "STATE": "PUBLIC", + "TITLE": "Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitHub Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3", + "version_value": "3.3.11" + }, + { + "version_affected": "<", + "version_name": "3.4", + "version_value": "3.4.6" + }, + { + "version_affected": "<", + "version_name": "3.5", + "version_value": "3.5.3" + } + ] + } + } + ] }, - { - "version_affected": "<", - "version_name": "3.4", - "version_value": "3.4.6" - }, - { - "version_affected": "<", - "version_name": "3.5", - "version_value": "3.5.3" - } - ] + "vendor_name": "GitHub" } - } ] - }, - "vendor_name": "GitHub" } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "None" - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { + }, + "credit": [ + { "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS) - Stored" - } + "value": "None" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.11" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.6" - }, - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.3" - } - ] - }, - "source": { - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS) - Stored" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.11", + "name": "https://docs.github.com/en/enterprise-server@3.3/admin/release-notes#3.3.11" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.6", + "name": "https://docs.github.com/en/enterprise-server@3.4/admin/release-notes#3.4.6" + }, + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.3", + "name": "https://docs.github.com/en/enterprise-server@3.5/admin/release-notes#3.5.3" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2631.json b/2022/2xxx/CVE-2022-2631.json index bc11c86d9bd..4afab79ecf4 100644 --- a/2022/2xxx/CVE-2022-2631.json +++ b/2022/2xxx/CVE-2022-2631.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-2631", - "STATE": "PUBLIC", - "TITLE": "Improper Access Control in tooljet/tooljet" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "tooljet/tooljet", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "v1.19.0" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2022-2631", + "STATE": "PUBLIC", + "TITLE": "Improper Access Control in tooljet/tooljet" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tooljet/tooljet", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "v1.19.0" + } + ] + } + } + ] + }, + "vendor_name": "tooljet" } - } ] - }, - "vendor_name": "tooljet" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c" - }, - { - "name": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7", - "refsource": "MISC", - "url": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7" - } - ] - }, - "source": { - "advisory": "86881f9e-ca48-49b5-9782-3c406316930c", - "discovery": "EXTERNAL" - } -} + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/86881f9e-ca48-49b5-9782-3c406316930c" + }, + { + "name": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7", + "refsource": "MISC", + "url": "https://github.com/tooljet/tooljet/commit/b9fa229bcae356cbb33300b31483e97e6ea140a7" + } + ] + }, + "source": { + "advisory": "86881f9e-ca48-49b5-9782-3c406316930c", + "discovery": "EXTERNAL" + } +} \ No newline at end of file