From 0e921735f62984e1d7d2b2d563f9fbdd3d63e268 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Oct 2021 21:01:05 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/1xxx/CVE-2016-1575.json | 5 +++ 2016/1xxx/CVE-2016-1576.json | 5 +++ 2016/2xxx/CVE-2016-2853.json | 5 +++ 2021/41xxx/CVE-2021-41151.json | 2 +- 2021/42xxx/CVE-2021-42650.json | 61 ++++++++++++++++++++++++++++++---- 5 files changed, 71 insertions(+), 7 deletions(-) diff --git a/2016/1xxx/CVE-2016-1575.json b/2016/1xxx/CVE-2016-1575.json index e984d67898b..6cb9ec21061 100644 --- a/2016/1xxx/CVE-2016-1575.json +++ b/2016/1xxx/CVE-2016-1575.json @@ -76,6 +76,11 @@ "name": "[oss-security] 20160224 User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/24/7" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up", + "url": "http://www.openwall.com/lists/oss-security/2021/10/18/1" } ] } diff --git a/2016/1xxx/CVE-2016-1576.json b/2016/1xxx/CVE-2016-1576.json index 63cf11a4dad..2b8cf8b5a65 100644 --- a/2016/1xxx/CVE-2016-1576.json +++ b/2016/1xxx/CVE-2016-1576.json @@ -86,6 +86,11 @@ "name": "http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/", "refsource": "MISC", "url": "http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up", + "url": "http://www.openwall.com/lists/oss-security/2021/10/18/1" } ] } diff --git a/2016/2xxx/CVE-2016-2853.json b/2016/2xxx/CVE-2016-2853.json index ea5af623503..d4350a406a4 100644 --- a/2016/2xxx/CVE-2016-2853.json +++ b/2016/2xxx/CVE-2016-2853.json @@ -71,6 +71,11 @@ "name": "[aufs] 20160219 aufs3 and aufs4 GIT release", "refsource": "MLIST", "url": "https://sourceforge.net/p/aufs/mailman/message/34864744/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up", + "url": "http://www.openwall.com/lists/oss-security/2021/10/18/1" } ] } diff --git a/2021/41xxx/CVE-2021-41151.json b/2021/41xxx/CVE-2021-41151.json index a2da0dd52d6..5f794935ad4 100644 --- a/2021/41xxx/CVE-2021-41151.json +++ b/2021/41xxx/CVE-2021-41151.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": " Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack is very visible given that the exfiltration happens via a pull request. The vulnerability is patched in the `0.15.9` release of `@backstage/plugin-scaffolder-backend`." + "value": "Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack is very visible given that the exfiltration happens via a pull request. The vulnerability is patched in the `0.15.9` release of `@backstage/plugin-scaffolder-backend`." } ] }, diff --git a/2021/42xxx/CVE-2021-42650.json b/2021/42xxx/CVE-2021-42650.json index b339d50f797..de895b4af7f 100644 --- a/2021/42xxx/CVE-2021-42650.json +++ b/2021/42xxx/CVE-2021-42650.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/portainer/portainer/pull/5766", + "refsource": "MISC", + "name": "https://github.com/portainer/portainer/pull/5766" + }, + { + "refsource": "MISC", + "name": "https://github.com/purple-WL/Security-vulnerability/blob/main/Portainer%20Custom%20Templates%20xss", + "url": "https://github.com/purple-WL/Security-vulnerability/blob/main/Portainer%20Custom%20Templates%20xss" } ] }