diff --git a/2022/22xxx/CVE-2022-22450.json b/2022/22xxx/CVE-2022-22450.json index 86ccc7c4692..06c2572d563 100644 --- a/2022/22xxx/CVE-2022-22450.json +++ b/2022/22xxx/CVE-2022-22450.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916." - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6603405", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6603405 (Security Verify Governance)", - "name" : "https://www.ibm.com/support/pages/node/6603405" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/224916", - "name" : "ibm-sv-cve202222450-file-upload (224916)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2022-07-13T00:00:00", - "ID" : "CVE-2022-22450", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Governance", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916." } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6603405", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6603405 (Security Verify Governance)", + "name": "https://www.ibm.com/support/pages/node/6603405" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224916", + "name": "ibm-sv-cve202222450-file-upload (224916)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-07-13T00:00:00", + "ID": "CVE-2022-22450", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_format": "MITRE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance", + "version": { + "version_data": [ + { + "version_value": "10.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "A" : "N", - "C" : "L", - "UI" : "N", - "AV" : "N", - "SCORE" : "3.800", - "PR" : "H", - "I" : "L", - "AC" : "L" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "A": "N", + "C": "L", + "UI": "N", + "AV": "N", + "SCORE": "3.800", + "PR": "H", + "I": "L", + "AC": "L" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + } +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22452.json b/2022/22xxx/CVE-2022-22452.json index 5b11400f077..f1790ac04fd 100644 --- a/2022/22xxx/CVE-2022-22452.json +++ b/2022/22xxx/CVE-2022-22452.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6603405", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6603405", - "title" : "IBM Security Bulletin 6603405 (Security Verify Governance)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/224918", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sv-cve202222452-info-disc (224918)" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "PR" : "N", - "SCORE" : "5.300", - "AV" : "N", - "C" : "L", - "UI" : "N", - "S" : "U", - "A" : "N", - "AC" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - } - ] - }, - "product_name" : "Security Verify Governance" - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918.", + "lang": "eng" } - ] - } - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2022-22452", - "DATE_PUBLIC" : "2022-07-13T00:00:00", - "STATE" : "PUBLIC" - }, - "data_version" : "4.0", - "data_format" : "MITRE" -} + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6603405", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6603405", + "title": "IBM Security Bulletin 6603405 (Security Verify Governance)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224918", + "title": "X-Force Vulnerability Report", + "name": "ibm-sv-cve202222452-info-disc (224918)" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "PR": "N", + "SCORE": "5.300", + "AV": "N", + "C": "L", + "UI": "N", + "S": "U", + "A": "N", + "AC": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.0" + } + ] + }, + "product_name": "Security Verify Governance" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2022-22452", + "DATE_PUBLIC": "2022-07-13T00:00:00", + "STATE": "PUBLIC" + }, + "data_version": "4.0", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22453.json b/2022/22xxx/CVE-2022-22453.json index 4ddb7bb37f5..e3bac955f33 100644 --- a/2022/22xxx/CVE-2022-22453.json +++ b/2022/22xxx/CVE-2022-22453.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919." - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6603405", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6603405", - "title" : "IBM Security Bulletin 6603405 (Security Verify Governance)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/224919", - "name" : "ibm-sv-cve202222453-info-disc (224919)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Governance", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919." } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6603405", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6603405", + "title": "IBM Security Bulletin 6603405 (Security Verify Governance)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224919", + "name": "ibm-sv-cve202222453-info-disc (224919)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance", + "version": { + "version_data": [ + { + "version_value": "10.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "5.100", - "AV" : "L", - "S" : "U", - "A" : "N", - "C" : "H", - "UI" : "N", - "I" : "N", - "PR" : "N", - "AC" : "H" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "CVE_data_meta" : { - "ID" : "CVE-2022-22453", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2022-07-13T00:00:00" - }, - "data_version" : "4.0", - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "5.100", + "AV": "L", + "S": "U", + "A": "N", + "C": "H", + "UI": "N", + "I": "N", + "PR": "N", + "AC": "H" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "CVE_data_meta": { + "ID": "CVE-2022-22453", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-07-13T00:00:00" + }, + "data_version": "4.0", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22460.json b/2022/22xxx/CVE-2022-22460.json index 3fa8fbef219..3978d506432 100644 --- a/2022/22xxx/CVE-2022-22460.json +++ b/2022/22xxx/CVE-2022-22460.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "H", - "A" : "N", - "S" : "C", - "C" : "L", - "UI" : "N", - "AV" : "N", - "SCORE" : "3.000", - "PR" : "H", - "I" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Governance", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "AC": "H", + "A": "N", + "S": "C", + "C": "L", + "UI": "N", + "AV": "N", + "SCORE": "3.000", + "PR": "H", + "I": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Governance", + "version": { + "version_data": [ + { + "version_value": "10.0" + } + ] + } + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2022-22460", - "DATE_PUBLIC" : "2022-07-13T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6603405", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6603405", - "title" : "IBM Security Bulletin 6603405 (Security Verify Governance)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/225013", - "refsource" : "XF", - "name" : "ibm-sv-cve202222460-info-disc (225013)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2022-22460", + "DATE_PUBLIC": "2022-07-13T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "value": "IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6603405", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6603405", + "title": "IBM Security Bulletin 6603405 (Security Verify Governance)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225013", + "refsource": "XF", + "name": "ibm-sv-cve202222460-info-disc (225013)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2401.json b/2022/2xxx/CVE-2022-2401.json index f98fe32fc19..a945ba818c2 100644 --- a/2022/2xxx/CVE-2022-2401.json +++ b/2022/2xxx/CVE-2022-2401.json @@ -1,18 +1,118 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "responsibledisclosure@mattermost.com", "ID": "CVE-2022-2401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Team members could access sensitive information of other users via an API call" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.x", + "version_value": "6.3.8" + }, + { + "version_affected": "<=", + "version_name": "6.5.x", + "version_value": "6.5.1" + }, + { + "version_affected": "<=", + "version_name": "6.6.x", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_name": "6.7.x", + "version_value": "6.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Mattermost" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Elias Nahum for contributing to this improvement under the Mattermost responsible disclosure policy." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://mattermost.com/security-updates/", + "name": "https://mattermost.com/security-updates/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update Mattermost to version v7.0.0, 6.7.1, 6.6.2, 6.5.2, 6.3.9 or higher." + } + ], + "source": { + "advisory": "MMSA-2022-00108", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-44568" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2406.json b/2022/2xxx/CVE-2022-2406.json index 9f8e717c273..f314baf5c8d 100644 --- a/2022/2xxx/CVE-2022-2406.json +++ b/2022/2xxx/CVE-2022-2406.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "responsibledisclosure@mattermost.com", "ID": "CVE-2022-2406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Malicious imports can lead to Denial of Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.3.8" + }, + { + "version_affected": "=", + "version_name": "6.4.x", + "version_value": "6.4.x" + }, + { + "version_affected": "<=", + "version_name": "6.5.x", + "version_value": "6.5.1" + }, + { + "version_affected": "<=", + "version_name": "6.6.x", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_name": "6.7.x", + "version_value": "6.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Mattermost" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Juho Nurminen for contributing to this improvement under the Mattermost responsible disclosure policy." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://mattermost.com/security-updates/", + "name": "https://mattermost.com/security-updates/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update Mattermost to version v7.0.0, 6.7.1, 6.6.2, 6.5.2, 6.3.9 or higher." + } + ], + "source": { + "advisory": "MMSA-2022-00102", + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2408.json b/2022/2xxx/CVE-2022-2408.json index 995e21ea275..78177fc814e 100644 --- a/2022/2xxx/CVE-2022-2408.json +++ b/2022/2xxx/CVE-2022-2408.json @@ -1,18 +1,122 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "responsibledisclosure@mattermost.com", "ID": "CVE-2022-2408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Guest accounts can list all public channels" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.3.8" + }, + { + "version_affected": "=", + "version_name": "6.4.x", + "version_value": "6.4.x" + }, + { + "version_affected": "<=", + "version_name": "6.5.x", + "version_value": "6.5.1" + }, + { + "version_affected": "<=", + "version_name": "6.6.x", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_name": "6.7.x", + "version_value": "6.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Mattermost" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Rohit KC for contributing to this improvement under the Mattermost responsible disclosure policy." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://mattermost.com/security-updates/", + "name": "https://mattermost.com/security-updates/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update Mattermost to version v7.0.0, 6.7.1, 6.6.2, 6.5.2, 6.3.9 or higher." + } + ], + "source": { + "advisory": "MMSA-2022-00110", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-44580" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35869.json b/2022/35xxx/CVE-2022-35869.json new file mode 100644 index 00000000000..8dceb5df666 --- /dev/null +++ b/2022/35xxx/CVE-2022-35869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35870.json b/2022/35xxx/CVE-2022-35870.json new file mode 100644 index 00000000000..b844a9c4099 --- /dev/null +++ b/2022/35xxx/CVE-2022-35870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35871.json b/2022/35xxx/CVE-2022-35871.json new file mode 100644 index 00000000000..1685ebbea44 --- /dev/null +++ b/2022/35xxx/CVE-2022-35871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35872.json b/2022/35xxx/CVE-2022-35872.json new file mode 100644 index 00000000000..09268ecd972 --- /dev/null +++ b/2022/35xxx/CVE-2022-35872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/35xxx/CVE-2022-35873.json b/2022/35xxx/CVE-2022-35873.json new file mode 100644 index 00000000000..a44a851ec2c --- /dev/null +++ b/2022/35xxx/CVE-2022-35873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-35873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file