From 0e45d65a253bf1481fdc49183225a23afabc3ee1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Nov 2023 21:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/48xxx/CVE-2023-48228.json | 125 ++++++++++++++++++++++- 2023/48xxx/CVE-2023-48230.json | 86 +++++++++++++++- 2023/48xxx/CVE-2023-48299.json | 91 ++++++++++++++++- 2023/49xxx/CVE-2023-49102.json | 18 ++++ 2023/6xxx/CVE-2023-6238.json | 176 ++++++++++++++++++++++++++++++++- 2023/6xxx/CVE-2023-6247.json | 18 ++++ 6 files changed, 498 insertions(+), 16 deletions(-) create mode 100644 2023/49xxx/CVE-2023-49102.json create mode 100644 2023/6xxx/CVE-2023-6247.json diff --git a/2023/48xxx/CVE-2023-48228.json b/2023/48xxx/CVE-2023-48228.json index d83b13be702..bc3f2b6a5c3 100644 --- a/2023/48xxx/CVE-2023-48228.json +++ b/2023/48xxx/CVE-2023-48228.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48228", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "authentik is an open-source identity provider. When initialising a oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (authentik) must check if there is a matching and existing `code_verifier` during the token step. Prior to versions 2023.10.4 and 2023.8.5, authentik checks if the contents of `code_verifier` is matching only when it is provided. When it is left out completely, authentik simply accepts the token request with out it; even when the flow was started with a `code_challenge`. authentik 2023.8.5 and 2023.10.4 fix this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "goauthentik", + "product": { + "product_data": [ + { + "product_name": "authentik", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2023.10.4" + }, + { + "version_affected": "=", + "version_value": "< 2023.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-fm34-v8xq-f2c3", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-fm34-v8xq-f2c3" + }, + { + "url": "https://github.com/goauthentik/authentik/pull/7666", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/pull/7666" + }, + { + "url": "https://github.com/goauthentik/authentik/pull/7668", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/pull/7668" + }, + { + "url": "https://github.com/goauthentik/authentik/pull/7669", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/pull/7669" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/3af77ab3821fe9c7df8055ba5eade3d1ecea03a6", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/commit/3af77ab3821fe9c7df8055ba5eade3d1ecea03a6" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/6b9afed21f7c39f171a4a445654cfe415bba37d5", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/commit/6b9afed21f7c39f171a4a445654cfe415bba37d5" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/b88e39411c12e3f9e04125a7887f12354f760a14", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/commit/b88e39411c12e3f9e04125a7887f12354f760a14" + }, + { + "url": "https://github.com/goauthentik/authentik/blob/dd4e9030b4e667d3720be2feda24c08972602274/authentik/providers/oauth2/views/token.py#L225", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/blob/dd4e9030b4e667d3720be2feda24c08972602274/authentik/providers/oauth2/views/token.py#L225" + }, + { + "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.4", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.4" + }, + { + "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.5", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.5" + } + ] + }, + "source": { + "advisory": "GHSA-fm34-v8xq-f2c3", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48230.json b/2023/48xxx/CVE-2023-48230.json index 326c3a17b2c..a3d6bba9d14 100644 --- a/2023/48xxx/CVE-2023-48230.json +++ b/2023/48xxx/CVE-2023-48230.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled, likely resulting in a crash, enabling a remote denial-of-service attack. Most Cap'n Proto and KJ users are unlikely to have this functionality enabled and so unlikely to be affected. Maintainers suspect only the Cloudflare Workers Runtime is affected.\n\nIf KJ HTTP is used with WebSocket compression enabled, a malicious peer may be able to cause a buffer underrun on a heap-allocated buffer. KJ HTTP is an optional library bundled with Cap'n Proto, but is not directly used by Cap'n Proto. WebSocket compression is disabled by default. It must be enabled via a setting passed to the KJ HTTP library via `HttpClientSettings` or `HttpServerSettings`. The bytes written out-of-bounds are always a specific constant 4-byte string `{ 0x00, 0x00, 0xFF, 0xFF }`. Because this string is not controlled by the attacker, maintainers believe it is unlikely that remote code execution is possible. However, it cannot be ruled out. This functionality first appeared in Cap'n Proto 1.0. Previous versions are not affected.\n\nThis issue is fixed in Cap'n Proto 1.0.1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-124: Buffer Underwrite ('Buffer Underflow')", + "cweId": "CWE-124" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "capnproto", + "product": { + "product_data": [ + { + "product_name": "capnproto", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.0, < 1.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3", + "refsource": "MISC", + "name": "https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3" + }, + { + "url": "https://github.com/capnproto/capnproto/commit/75c5c1499aa6e7690b741204ff9af91cce526c59", + "refsource": "MISC", + "name": "https://github.com/capnproto/capnproto/commit/75c5c1499aa6e7690b741204ff9af91cce526c59" + }, + { + "url": "https://github.com/capnproto/capnproto/commit/e7f22da9c01286a2b0e1e5fbdf3ec9ab3aa128ff", + "refsource": "MISC", + "name": "https://github.com/capnproto/capnproto/commit/e7f22da9c01286a2b0e1e5fbdf3ec9ab3aa128ff" + } + ] + }, + "source": { + "advisory": "GHSA-r89h-f468-62w3", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48299.json b/2023/48xxx/CVE-2023-48299.json index 66b41a19bc9..5b103f7873b 100644 --- a/2023/48xxx/CVE-2023-48299.json +++ b/2023/48xxx/CVE-2023-48299.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48299", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them. TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pytorch", + "product": { + "product_data": [ + { + "product_name": "serve", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 0.1.0, < 0.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pytorch/serve/security/advisories/GHSA-m2mj-pr4f-h9jp", + "refsource": "MISC", + "name": "https://github.com/pytorch/serve/security/advisories/GHSA-m2mj-pr4f-h9jp" + }, + { + "url": "https://github.com/pytorch/serve/pull/2634", + "refsource": "MISC", + "name": "https://github.com/pytorch/serve/pull/2634" + }, + { + "url": "https://github.com/pytorch/serve/commit/bfb3d42396727614aef625143b4381e64142f9bb", + "refsource": "MISC", + "name": "https://github.com/pytorch/serve/commit/bfb3d42396727614aef625143b4381e64142f9bb" + }, + { + "url": "https://github.com/pytorch/serve/releases/tag/v0.9.0", + "refsource": "MISC", + "name": "https://github.com/pytorch/serve/releases/tag/v0.9.0" + } + ] + }, + "source": { + "advisory": "GHSA-m2mj-pr4f-h9jp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49102.json b/2023/49xxx/CVE-2023-49102.json new file mode 100644 index 00000000000..e26cf0040e8 --- /dev/null +++ b/2023/49xxx/CVE-2023-49102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-49102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6238.json b/2023/6xxx/CVE-2023-6238.json index 5e80e411147..b907ea1b68f 100644 --- a/2023/6xxx/CVE-2023-6238.json +++ b/2023/6xxx/CVE-2023-6238.json @@ -1,17 +1,185 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6238", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "Red Hat Enterprise Linux 6", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 8", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "Red Hat Enterprise Linux 9", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + }, + { + "vendor_name": "Fedora", + "product": { + "product_data": [ + { + "product_name": "Fedora", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6238", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-6238" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250834", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2250834" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6247.json b/2023/6xxx/CVE-2023-6247.json new file mode 100644 index 00000000000..1f798ee9662 --- /dev/null +++ b/2023/6xxx/CVE-2023-6247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file