admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-25 17:33:54 +00:00
parent 3b89d7d289
commit 0ec3434628
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
100 changed files with 4839 additions and 2707 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2019/1003xxx/CVE-2019-1003011.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.175229",
"ID": "CVE-2019-1003011",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Token Macro Plugin",
"version": {
"version_data": [
{
"version_value": "2.5 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,28 +21,52 @@
"description": [
{
"lang": "eng",
"value": "CWE-200, CWE-674"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Token Macro Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102"
},
{
"name": "RHBA-2019:0326",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0326"
"url": "https://access.redhat.com/errata/RHBA-2019:0326",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:0326"
},
{
"refsource": "REDHAT",
"name": "RHBA-2019:0327",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
"url": "https://access.redhat.com/errata/RHBA-2019:0327",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:0327"
}
]
}

77
2019/1003xxx/CVE-2019-1003012.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.175680",
"ID": "CVE-2019-1003012",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Blue Ocean Plugins",
"version": {
"version_data": [
{
"version_value": "1.10.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,28 +21,52 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Blue Ocean Plugins",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1201"
},
{
"name": "RHBA-2019:0326",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0326"
"url": "https://access.redhat.com/errata/RHBA-2019:0326",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:0326"
},
{
"refsource": "REDHAT",
"name": "RHBA-2019:0327",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
"url": "https://access.redhat.com/errata/RHBA-2019:0327",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:0327"
}
]
}

77
2019/1003xxx/CVE-2019-1003013.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.176126",
"ID": "CVE-2019-1003013",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Blue Ocean Plugins",
"version": {
"version_data": [
{
"version_value": "1.10.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,28 +21,52 @@
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Blue Ocean Plugins",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "RHBA-2019:0326",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0326"
"url": "https://access.redhat.com/errata/RHBA-2019:0326",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:0326"
},
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1204"
},
{
"refsource": "REDHAT",
"name": "RHBA-2019:0327",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
"url": "https://access.redhat.com/errata/RHBA-2019:0327",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:0327"
}
]
}

77
2019/1003xxx/CVE-2019-1003014.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.176566",
"ID": "CVE-2019-1003014",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Config File Provider Plugin",
"version": {
"version_data": [
{
"version_value": "3.4.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,28 +21,52 @@
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Config File Provider Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.4.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1253"
},
{
"name": "RHBA-2019:0326",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0326"
"url": "https://access.redhat.com/errata/RHBA-2019:0326",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:0326"
},
{
"refsource": "REDHAT",
"name": "RHBA-2019:0327",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
"url": "https://access.redhat.com/errata/RHBA-2019:0327",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHBA-2019:0327"
}
]
}

65
2019/1003xxx/CVE-2019-1003015.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.176985",
"ID": "CVE-2019-1003015",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Job Import Plugin",
"version": {
"version_data": [
{
"version_value": "2.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-611"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Job Import Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(1)",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(1)"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20%281%29",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20%281%29"
}
]
}

65
2019/1003xxx/CVE-2019-1003016.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.177456",
"ID": "CVE-2019-1003016",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Job Import Plugin",
"version": {
"version_data": [
{
"version_value": "2.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-285"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Job Import Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(2)",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(2)"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20%282%29",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20%282%29"
}
]
}

65
2019/1003xxx/CVE-2019-1003017.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.178298",
"ID": "CVE-2019-1003017",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Job Import Plugin",
"version": {
"version_data": [
{
"version_value": "3.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Job Import Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1302",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1302"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1302",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1302"
}
]
}

65
2019/1003xxx/CVE-2019-1003018.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.178806",
"ID": "CVE-2019-1003018",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "0.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-549"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.29 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-602"
}
]
}

65
2019/1003xxx/CVE-2019-1003019.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.179227",
"ID": "CVE-2019-1003019",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "0.29 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-384"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Authentication Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.29 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797"
}
]
}

65
2019/1003xxx/CVE-2019-1003020.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.179697",
"ID": "CVE-2019-1003020",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Kanboard Plugin",
"version": {
"version_data": [
{
"version_value": "1.5.10 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Kanboard Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.5.10 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-818",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-818"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-818",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-818"
}
]
}

65
2019/1003xxx/CVE-2019-1003021.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.180484",
"ID": "CVE-2019-1003021",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins OpenId Connect Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "1.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-549"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins OpenId Connect Authentication Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-886",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-886"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-886",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-886"
}
]
}

65
2019/1003xxx/CVE-2019-1003022.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.181409",
"ID": "CVE-2019-1003022",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Monitoring Plugin",
"version": {
"version_data": [
{
"version_value": "1.74.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Monitoring Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.74.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153"
}
]
}

65
2019/1003xxx/CVE-2019-1003023.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-06T02:59:03.182072",
"ID": "CVE-2019-1003023",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Warnings Next Generation Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Warnings Next Generation Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1271",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1271"
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1271",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1271"
}
]
}

77
2019/1003xxx/CVE-2019-1003024.json
View File

@ -1,37 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"DATE_ASSIGNED": "2019-02-19T22:20:51.846360",
"ID": "CVE-2019-1003024",
"REQUESTER": "ml@beckweb.net",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "1.52 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -46,28 +21,52 @@
"description": [
{
"lang": "eng",
"value": "CWE-693"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.52 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320"
"url": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-02-19/#SECURITY-1320"
},
{
"name": "107295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107295"
"url": "http://www.securityfocus.com/bid/107295",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/107295"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:0739",
"url": "https://access.redhat.com/errata/RHSA-2019:0739"
"url": "https://access.redhat.com/errata/RHSA-2019:0739",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:0739"
}
]
}

65
2019/10xxx/CVE-2019-10428.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10428",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Aqua Security Scanner Plugin",
"version": {
"version_data": [
{
"version_value": "3.0.17 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-319"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Aqua Security Scanner Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.17 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10429.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10429",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitLab Logo Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-256"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitLab Logo Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.3 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1575",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1575",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1575"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

65
2019/10xxx/CVE-2019-10430.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10430",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins NeuVector Vulnerability Scanner Plugin",
"version": {
"version_data": [
{
"version_value": "1.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-256"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins NeuVector Vulnerability Scanner Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}

83
2019/10xxx/CVE-2019-10431.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10431",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "1.64 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,38 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-265"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.64 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579",
"url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1579"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4097",
"url": "https://access.redhat.com/errata/RHSA-2019:4097"
"url": "https://access.redhat.com/errata/RHSA-2019:4097",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4097"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4055",
"url": "https://access.redhat.com/errata/RHSA-2019:4055"
"url": "https://access.redhat.com/errata/RHSA-2019:4055",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4055"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4089",
"url": "https://access.redhat.com/errata/RHSA-2019:4089"
"url": "https://access.redhat.com/errata/RHSA-2019:4089",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4089"
}
]
}

83
2019/10xxx/CVE-2019-10432.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10432",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins HTML Publisher Plugin",
"version": {
"version_data": [
{
"version_value": "1.20 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,38 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-79"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins HTML Publisher Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.20 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1590",
"url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1590",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1590"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4097",
"url": "https://access.redhat.com/errata/RHSA-2019:4097"
"url": "https://access.redhat.com/errata/RHSA-2019:4097",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4097"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4055",
"url": "https://access.redhat.com/errata/RHSA-2019:4055"
"url": "https://access.redhat.com/errata/RHSA-2019:4055",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4055"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:4089",
"url": "https://access.redhat.com/errata/RHSA-2019:4089"
"url": "https://access.redhat.com/errata/RHSA-2019:4089",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2019:4089"
}
]
}

77
2019/10xxx/CVE-2019-10433.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10433",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Dingding[\u9489\u9489] Plugin",
"version": {
"version_data": [
{
"version_value": "1.9 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,28 +21,52 @@
"description": [
{
"lang": "eng",
"value": "CWE-256"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Dingding[\u9489\u9489] Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.9 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423",
"url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423"
},
{
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
}
]
}

65
2019/10xxx/CVE-2019-10434.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10434",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins LDAP Email Plugin",
"version": {
"version_data": [
{
"version_value": "0.8 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-319"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins LDAP Email Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.8 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1515",
"url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1515",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1515"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
}
]
}

65
2019/10xxx/CVE-2019-10435.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10435",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins SourceGear Vault Plugin",
"version": {
"version_data": [
{
"version_value": "1.1.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-319"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins SourceGear Vault Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1524",
"url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1524",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1524"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
"url": "http://www.openwall.com/lists/oss-security/2019/10/01/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
}
]
}

59
2019/10xxx/CVE-2019-10436.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10436",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Google OAuth Credentials Plugin",
"version": {
"version_data": [
{
"version_value": "0.9 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-22"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Google OAuth Credentials Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.9 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1583"
}
]
}

61
2019/10xxx/CVE-2019-10437.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10437",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
"refsource": "CONFIRM"
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29"
}
]
}

61
2019/10xxx/CVE-2019-10438.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10438",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-285"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
"refsource": "CONFIRM"
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29"
}
]
}

61
2019/10xxx/CVE-2019-10439.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10439",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-285"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CRX Content Package Deployer Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.8.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(2)",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(2)",
"refsource": "CONFIRM"
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%282%29",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%282%29"
}
]
}

77
2019/10xxx/CVE-2019-10440.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10440",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins NeoLoad Plugin",
"version": {
"version_data": [
{
"version_value": "2.2.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,28 +21,52 @@
"description": [
{
"lang": "eng",
"value": "CWE-256"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins NeoLoad Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.2.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-932/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-932/"
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1427"
},
{
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-932/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-932/"
}
]
}

59
2019/10xxx/CVE-2019-10441.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10441",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins iceScrum Plugin",
"version": {
"version_data": [
{
"version_value": "1.1.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,18 +21,42 @@
"description": [
{
"lang": "eng",
"value": "CWE-352"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins iceScrum Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484"
}
]
}

65
2019/10xxx/CVE-2019-10442.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-10442",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins iceScrum Plugin",
"version": {
"version_data": [
{
"version_value": "1.1.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -44,23 +21,47 @@
"description": [
{
"lang": "eng",
"value": "CWE-285"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins iceScrum Plugin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484",
"url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
"url": "http://www.openwall.com/lists/oss-security/2019/10/16/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2019/10/16/6"
}
]
}

69
2020/2xxx/CVE-2020-2116.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2116",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
"refsource": "CONFIRM"
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%281%29",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%281%29"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

69
2020/2xxx/CVE-2020-2117.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2117",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
"refsource": "CONFIRM"
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%281%29",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%281%29"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

69
2020/2xxx/CVE-2020-2118.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2118",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)",
"refsource": "CONFIRM"
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%282%29",
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%282%29"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

67
2020/2xxx/CVE-2020-2119.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2119",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Azure AD Plugin",
"version": {
"version_data": [
{
"version_value": "1.1.2",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Azure AD Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

67
2020/2xxx/CVE-2020-2120.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2120",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins FitNesse Plugin",
"version": {
"version_data": [
{
"version_value": "1.30",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins FitNesse Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.30"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

67
2020/2xxx/CVE-2020-2121.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2121",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Google Kubernetes Engine Plugin",
"version": {
"version_data": [
{
"version_value": "0.8.0",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Google Kubernetes Engine Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "0.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

67
2020/2xxx/CVE-2020-2122.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2122",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Brakeman Plugin",
"version": {
"version_data": [
{
"version_value": "0.12",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Brakeman Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "0.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

67
2020/2xxx/CVE-2020-2123.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2123",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins RadarGun Plugin",
"version": {
"version_data": [
{
"version_value": "1.7",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins RadarGun Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

85
2020/2xxx/CVE-2020-2124.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2124",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Dynamic Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.1",
"version_affected": "<="
},
{
"version_value": "1.0.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Dynamic Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.1",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

85
2020/2xxx/CVE-2020-2125.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2125",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Debian Package Builder Plugin",
"version": {
"version_data": [
{
"version_value": "1.6.11",
"version_affected": "<="
},
{
"version_value": "1.6.11",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Debian Package Builder Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.6.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.6.11",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

85
2020/2xxx/CVE-2020-2126.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2126",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DigitalOcean Plugin",
"version": {
"version_data": [
{
"version_value": "1.1",
"version_affected": "<="
},
{
"version_value": "1.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DigitalOcean Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.1",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

85
2020/2xxx/CVE-2020-2127.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2127",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins BMC Release Package and Deployment Plugin",
"version": {
"version_data": [
{
"version_value": "1.1",
"version_affected": "<="
},
{
"version_value": "1.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins BMC Release Package and Deployment Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.1",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

85
2020/2xxx/CVE-2020-2128.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2128",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins ECX Copy Data Management Plugin",
"version": {
"version_data": [
{
"version_value": "1.9",
"version_affected": "<="
},
{
"version_value": "1.9",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins ECX Copy Data Management Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.9",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

85
2020/2xxx/CVE-2020-2129.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-2129",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Eagle Tester Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.9",
"version_affected": "<="
},
{
"version_value": "1.0.9",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Eagle Tester Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.9",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20200212 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
"url": "http://www.openwall.com/lists/oss-security/2020/02/12/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2020/02/12/3"
}
]
}

126
2021/41xxx/CVE-2021-41116.json
View File

@ -1,39 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41116",
"STATE": "PUBLIC",
"TITLE": "Command injection in composer on Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "composer",
"version": {
"version_data": [
{
"version_value": "< 1.10.23"
},
{
"version_value": ">= 2.0, < 2.1.9"
}
]
}
}
]
},
"vendor_name": "composer"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-41116",
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -42,55 +15,86 @@
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "composer",
"product": {
"product_data": [
{
"product_name": "composer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.10.23"
},
{
"version_affected": "=",
"version_value": ">= 2.0, < 2.1.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf",
"refsource": "CONFIRM",
"url": "https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf"
},
{
"name": "https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa",
"url": "https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf",
"refsource": "MISC",
"url": "https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa"
"name": "https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2022-09",
"url": "https://www.tenable.com/security/tns-2022-09"
"url": "https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa",
"refsource": "MISC",
"name": "https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa"
},
{
"url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
"refsource": "MISC",
"name": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/"
}
]
},
"source": {
"advisory": "GHSA-frqg-7g38-6gcf",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
]
}
}

124
2021/43xxx/CVE-2021-43809.json
View File

@ -1,98 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43809",
"STATE": "PUBLIC",
"TITLE": "Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rubygems",
"version": {
"version_data": [
{
"version_value": "< 2.2.33"
}
]
}
}
]
},
"vendor_name": "rubygems"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-43809",
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code."
"value": "`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash.\n\nTo exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside.\n\nThis vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"
"value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
"cweId": "CWE-88"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rubygems",
"product": {
"product_data": [
{
"product_name": "rubygems",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.2.33"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43",
"refsource": "CONFIRM",
"url": "https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43"
"url": "https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43",
"refsource": "MISC",
"name": "https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43"
},
{
"name": "https://github.com/rubygems/rubygems/pull/5142",
"url": "https://github.com/rubygems/rubygems/pull/5142",
"refsource": "MISC",
"url": "https://github.com/rubygems/rubygems/pull/5142"
"name": "https://github.com/rubygems/rubygems/pull/5142"
},
{
"name": "https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3",
"url": "https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3",
"refsource": "MISC",
"url": "https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3"
"name": "https://github.com/rubygems/rubygems/commit/0fad1ccfe9dd7a3c5b82c1496df3c2b4842870d3"
},
{
"name": "https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f",
"url": "https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f",
"refsource": "MISC",
"url": "https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f"
"name": "https://github.com/rubygems/rubygems/commit/a4f2f8ac17e6ce81c689527a8b6f14381060d95f"
},
{
"url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
"refsource": "MISC",
"name": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/"
}
]
},
"source": {
"advisory": "GHSA-fj7f-vq84-fh43",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

91
2022/27xxx/CVE-2022-27199.json
View File

@ -1,44 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27199",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CloudBees AWS Credentials Plugin",
"version": {
"version_data": [
{
"version_value": "189.v3551d5642995",
"version_affected": "<="
},
{
"version_value": "1.28.2",
"version_affected": "!"
},
{
"version_value": "1.32.1",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -53,23 +21,64 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CloudBees AWS Credentials Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "189.v3551d5642995",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.28.2"
},
{
"status": "unaffected",
"version": "1.32.1"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2351",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2351",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2351"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

67
2022/27xxx/CVE-2022-27200.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27200",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Folder-based Authorization Strategy Plugin",
"version": {
"version_data": [
{
"version_value": "1.3",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Folder-based Authorization Strategy Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2646",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2646",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2646"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

67
2022/27xxx/CVE-2022-27201.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27201",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Semantic Versioning Plugin",
"version": {
"version_data": [
{
"version_value": "1.13",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Semantic Versioning Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2124",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2124",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2124"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27202.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27202",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "346.vd87693c5a_86c",
"version_affected": "<="
},
{
"version_value": "346.vd87693c5a_86c",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "346.vd87693c5a_86c",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 346.vd87693c5a_86c",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2232",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2232",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2232"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27203.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27203",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "346.vd87693c5a_86c",
"version_affected": "<="
},
{
"version_value": "346.vd87693c5a_86c",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "346.vd87693c5a_86c",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 346.vd87693c5a_86c",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1351",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1351",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1351"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27204.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27204",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "346.vd87693c5a_86c",
"version_affected": "<="
},
{
"version_value": "346.vd87693c5a_86c",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "346.vd87693c5a_86c",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 346.vd87693c5a_86c",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1350",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1350",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1350"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27205.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27205",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "346.vd87693c5a_86c",
"version_affected": "<="
},
{
"version_value": "346.vd87693c5a_86c",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "346.vd87693c5a_86c",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 346.vd87693c5a_86c",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1350",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1350",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1350"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27206.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27206",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitLab Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "1.13",
"version_affected": "<="
},
{
"version_value": "1.13",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Plaintext Storage of a Password"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitLab Authentication Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.13",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27207.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27207",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins global-build-stats Plugin",
"version": {
"version_data": [
{
"version_value": "1.5",
"version_affected": "<="
},
{
"version_value": "1.5",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins global-build-stats Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.5",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27208.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27208",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Continuous Deploy Plugin",
"version": {
"version_data": [
{
"version_value": "2.3.1",
"version_affected": "<="
},
{
"version_value": "2.3.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Continuous Deploy Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.3.1",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2096",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2096",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2096"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27209.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27209",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Continuous Deploy Plugin",
"version": {
"version_data": [
{
"version_value": "2.3.1",
"version_affected": "<="
},
{
"version_value": "2.3.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Continuous Deploy Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.3.1",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2636",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2636",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2636"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/27xxx/CVE-2022-27210.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27210",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Continuous Deploy Plugin",
"version": {
"version_data": [
{
"version_value": "2.3.1",
"version_affected": "<="
},
{
"version_value": "2.3.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Continuous Deploy Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.3.1",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2681",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2681",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2681"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

3
2022/27xxx/CVE-2022-27211.json
View File

@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
"value": "n/a"
}
]
}

85
2022/27xxx/CVE-2022-27212.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-27212",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins List Git Branches Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "0.0.9",
"version_affected": "<="
},
{
"version_value": "0.0.9",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins List Git Branches Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "0.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0.0.9",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2167",
"url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2167",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2167"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
}
]
}

85
2022/41xxx/CVE-2022-41255.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41255",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CONS3RT Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.0",
"version_affected": "<="
},
{
"version_value": "1.0.0",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,62 @@
"description": [
{
"lang": "eng",
"value": "CWE-256: Plaintext Storage of a Password"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins CONS3RT Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.0",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2759"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220921 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/5"
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/09/21/5"
}
]
}

85
2022/43xxx/CVE-2022-43401.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43401",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "1175.1177.vda_175b_77d144",
"version_affected": "!"
},
{
"version_value": "1183.v774b_0b_0a_a_451",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,60 @@
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "1175.1177.vda_175b_77d144"
},
{
"lessThanOrEqual": "1183.v774b_0b_0a_a_451",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"refsource": "CONFIRM"
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

93
2022/43xxx/CVE-2022-43402.json
View File

@ -1,44 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43402",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Groovy Plugin",
"version": {
"version_data": [
{
"version_value": "2759.2761.vd6e8d2a_15980",
"version_affected": "!"
},
{
"version_value": "2746.2748.v365128b_c26d7",
"version_affected": "!"
},
{
"version_value": "2802.v5ea_628154b_c2",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -53,23 +21,64 @@
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Groovy Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2759.2761.vd6e8d2a_15980"
},
{
"status": "unaffected",
"version": "2746.2748.v365128b_c26d7"
},
{
"lessThanOrEqual": "2802.v5ea_628154b_c2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"refsource": "CONFIRM"
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

97
2022/43xxx/CVE-2022-43403.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43403",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "1175.1177.vda_175b_77d144",
"version_affected": "!"
},
{
"version_value": "1183.v774b_0b_0a_a_451",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,28 +21,65 @@
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "1175.1177.vda_175b_77d144"
},
{
"lessThanOrEqual": "1183.v774b_0b_0a_a_451",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
},
{
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
"refsource": "MISC",
"name": "https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/",
"url": "https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/"
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
},
{
"url": "https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/",
"refsource": "MISC",
"name": "https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/"
}
]
}

85
2022/43xxx/CVE-2022-43404.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43404",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "1175.1177.vda_175b_77d144",
"version_affected": "!"
},
{
"version_value": "1183.v774b_0b_0a_a_451",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,60 @@
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "1175.1177.vda_175b_77d144"
},
{
"lessThanOrEqual": "1183.v774b_0b_0a_a_451",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
"refsource": "CONFIRM"
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

85
2022/43xxx/CVE-2022-43405.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43405",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Groovy Libraries Plugin",
"version": {
"version_data": [
{
"version_value": "593.595.vfc6485d13dcd",
"version_affected": "!"
},
{
"version_value": "612.v84da_9c54906d",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,60 @@
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Groovy Libraries Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "593.595.vfc6485d13dcd"
},
{
"lessThanOrEqual": "612.v84da_9c54906d",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
"refsource": "CONFIRM"
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

69
2022/43xxx/CVE-2022-43406.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43406",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Deprecated Groovy Libraries Plugin",
"version": {
"version_data": [
{
"version_value": "583.vf3b_454e43966",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Deprecated Groovy Libraries Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "583.vf3b_454e43966"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
"refsource": "CONFIRM"
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

83
2022/43xxx/CVE-2022-43407.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43407",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Input Step Plugin",
"version": {
"version_data": [
{
"version_value": "449.451.v9c3d42f23975",
"version_affected": "!"
},
{
"version_value": "451.vf1a_a_4f405289",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,60 @@
"description": [
{
"lang": "eng",
"value": "CWE-838: Inappropriate Encoding for Output Context"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Input Step Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "449.451.v9c3d42f23975"
},
{
"lessThanOrEqual": "451.vf1a_a_4f405289",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

83
2022/43xxx/CVE-2022-43408.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43408",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Stage View Plugin",
"version": {
"version_data": [
{
"version_value": "2.24.2",
"version_affected": "!"
},
{
"version_value": "2.26",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,60 @@
"description": [
{
"lang": "eng",
"value": "CWE-838: Inappropriate Encoding for Output Context"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Stage View Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "2.24.2"
},
{
"lessThanOrEqual": "2.26",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

83
2022/43xxx/CVE-2022-43409.json
View File

@ -1,40 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43409",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Supporting APIs Plugin",
"version": {
"version_data": [
{
"version_value": "838.va_3a_087b_4055b",
"version_affected": "<="
},
{
"version_value": "827.829.v01c0a_3d76c4f",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -49,23 +21,60 @@
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Supporting APIs Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "838.va_3a_087b_4055b",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "827.829.v01c0a_3d76c4f"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

67
2022/43xxx/CVE-2022-43410.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43410",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Mercurial Plugin",
"version": {
"version_data": [
{
"version_value": "1251.va_b_121f184902",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Mercurial Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1251.va_b_121f184902"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

67
2022/43xxx/CVE-2022-43411.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43411",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitLab Plugin",
"version": {
"version_data": [
{
"version_value": "1.5.35",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-208: Observable Timing Discrepancy"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitLab Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.5.35"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

67
2022/43xxx/CVE-2022-43412.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43412",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Generic Webhook Trigger Plugin",
"version": {
"version_data": [
{
"version_value": "1.84.1",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-208: Observable Timing Discrepancy"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Generic Webhook Trigger Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "1.84.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

67
2022/43xxx/CVE-2022-43413.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43413",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Job Import Plugin",
"version": {
"version_data": [
{
"version_value": "3.5",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -45,23 +21,48 @@
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Job Import Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "3.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2791"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
]
}

113
2023/25xxx/CVE-2023-25032.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <=\u00a05.5.1 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Print, PDF, & Email by PrintFriendly",
"product": {
"product_data": [
{
"product_name": "Print, PDF, Email by PrintFriendly",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "5.5.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.5.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/printfriendly/wordpress-print-pdf-email-by-printfriendly-plugin-5-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/printfriendly/wordpress-print-pdf-email-by-printfriendly-plugin-5-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;5.5.2 or a higher version."
}
],
"value": "Update to\u00a05.5.2 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

4
2023/29xxx/CVE-2023-29025.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}

56
2023/29xxx/CVE-2023-29973.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-29973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/",
"url": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/"
}
]
}

61
2023/31xxx/CVE-2023-31580.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/networknt/light-oauth2/issues/369",
"url": "https://github.com/networknt/light-oauth2/issues/369"
},
{
"refsource": "MISC",
"name": "https://github.com/KANIXB/JWTIssues/blob/main/Certification%20Verification%20issue%20in%20light-oauth2.md",
"url": "https://github.com/KANIXB/JWTIssues/blob/main/Certification%20Verification%20issue%20in%20light-oauth2.md"
}
]
}

61
2023/31xxx/CVE-2023-31581.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31581",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dromara Sureness before v1.0.8 was discovered to use a hardcoded key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/dromara/sureness/issues/164",
"url": "https://github.com/dromara/sureness/issues/164"
},
{
"refsource": "MISC",
"name": "https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md",
"url": "https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md"
}
]
}

61
2023/31xxx/CVE-2023-31582.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31582",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then",
"refsource": "MISC",
"name": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then"
},
{
"refsource": "MISC",
"name": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md",
"url": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md"
}
]
}

61
2023/43xxx/CVE-2023-43360.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43360",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-43360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sromanhu/CMSmadesimple-Stored-XSS---File-Picker-extension",
"refsource": "MISC",
"name": "https://github.com/sromanhu/CMSmadesimple-Stored-XSS---File-Picker-extension"
},
{
"refsource": "MISC",
"name": "https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension",
"url": "https://github.com/sromanhu/CVE-2023-43360-CMSmadesimple-Stored-XSS---File-Picker-extension"
}
]
}

80
2023/43xxx/CVE-2023-43795.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "geoserver",
"product": {
"product_data": [
{
"product_name": "geoserver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.22.5"
},
{
"version_affected": "=",
"version_value": ">= 2.23.0, < 2.23.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956",
"refsource": "MISC",
"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956"
}
]
},
"source": {
"advisory": "GHSA-5pr3-m5hm-9956",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

56
2023/45xxx/CVE-2023-45554.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md",
"refsource": "MISC",
"name": "https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md"
}
]
}

56
2023/45xxx/CVE-2023-45555.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md",
"refsource": "MISC",
"name": "https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md"
}
]
}

113
2023/45xxx/CVE-2023-45637.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime \u2013 Events Calendar, Bookings and Tickets plugin <=\u00a03.1.5 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EventPrime",
"product": {
"product_data": [
{
"product_name": "EventPrime \u2013 Events Calendar, Bookings and Tickets",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.1.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.1.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;3.1.6 or a higher version."
}
],
"value": "Update to\u00a03.1.6 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Phd (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/45xxx/CVE-2023-45640.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike \u2013 Most Advanced WordPress Marketing Toolkit plugin <=\u00a04.6.8 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TechnoWich",
"product": {
"product_data": [
{
"product_name": "WP ULike \u2013 Most Advanced WordPress Marketing Toolkit",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.6.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.6.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;4.6.9 or a higher version."
}
],
"value": "Update to\u00a04.6.9 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafshanzani Suhada (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2023/45xxx/CVE-2023-45644.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45644",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <=\u00a01.0 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Anurag Deshmukh",
"product": {
"product_data": [
{
"product_name": "CPT Shortcode Generator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/cpt-shortcode/wordpress-cpt-shortcode-generator-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/cpt-shortcode/wordpress-cpt-shortcode-generator-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Lokesh Dachepalli (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2023/45xxx/CVE-2023-45646.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45646",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Henryholtgeerts PDF Block plugin <=\u00a01.1.0 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Henryholtgeerts",
"product": {
"product_data": [
{
"product_name": "PDF Block",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/pdf-block/wordpress-pdf-block-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/pdf-block/wordpress-pdf-block-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2023/45xxx/CVE-2023-45747.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45747",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <=\u00a03.0.6.5 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Syed Balkhi",
"product": {
"product_data": [
{
"product_name": "WP Lightbox 2",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "3.0.6.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-lightbox-2/wordpress-wp-lightbox-2-plugin-3-0-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-lightbox-2/wordpress-wp-lightbox-2-plugin-3-0-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Rio Darmawan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/45xxx/CVE-2023-45750.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <=\u00a02.0.3 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "POSIMYTH",
"product": {
"product_data": [
{
"product_name": "Nexter Extension",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.0.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/nexter-extension/wordpress-nexter-extension-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;2.0.4 or a higher version."
}
],
"value": "Update to\u00a02.0.4 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2023/45xxx/CVE-2023-45754.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <=\u00a01.0.18 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "I Thirteen Web Solution",
"product": {
"product_data": [
{
"product_name": "Easy Testimonial Slider and Form",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.18"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/easy-testimonial-rotator/wordpress-easy-testimonial-slider-and-form-plugin-1-0-18-cross-site-scripting-xss?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/easy-testimonial-rotator/wordpress-easy-testimonial-slider-and-form-plugin-1-0-18-cross-site-scripting-xss?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Rio Darmawan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2023/45xxx/CVE-2023-45755.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BuddyBoss BuddyPress Global Search plugin <=\u00a01.2.1 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BuddyBoss",
"product": {
"product_data": [
{
"product_name": "BuddyPress Global Search",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/buddypress-global-search/wordpress-buddypress-global-search-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/buddypress-global-search/wordpress-buddypress-global-search-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "yuyudhn (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

85
2023/45xxx/CVE-2023-45756.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline \u2013 Application Form Builder and Manager plugin <=\u00a02.5.2 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Spider Teams",
"product": {
"product_data": [
{
"product_name": "ApplyOnline \u2013 Application Form Builder and Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "2.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Le Ngoc Anh (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

113
2023/45xxx/CVE-2023-45758.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45758",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin <=\u00a08.0.2 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Marco Milesi",
"product": {
"product_data": [
{
"product_name": "Amministrazione Trasparente",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "8.0.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/amministrazione-trasparente/wordpress-amministrazione-trasparente-plugin-8-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/amministrazione-trasparente/wordpress-amministrazione-trasparente-plugin-8-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;8.0.5 or a higher version."
}
],
"value": "Update to\u00a08.0.5 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "DoYeon Park / p6rkdoye0n (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

61
2023/45xxx/CVE-2023-45960.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-45960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://dom4j.github.io/",
"refsource": "MISC",
"name": "https://dom4j.github.io/"
},
{
"refsource": "MISC",
"name": "https://github.com/joker-xiaoyan/XXE-SAXReader/tree/main",
"url": "https://github.com/joker-xiaoyan/XXE-SAXReader/tree/main"
}
]
}

86
2023/46xxx/CVE-2023-46124.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ethyca",
"product": {
"product_data": [
{
"product_name": "fides",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4"
},
{
"url": "https://github.com/ethyca/fides/commit/cd344d016b1441662a61d0759e7913e8228ed1ee",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/commit/cd344d016b1441662a61d0759e7913e8228ed1ee"
},
{
"url": "https://github.com/ethyca/fides/releases/tag/2.22.1",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/releases/tag/2.22.1"
}
]
},
"source": {
"advisory": "GHSA-jq3w-9mgf-43m4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
]
}

86
2023/46xxx/CVE-2023-46125.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers\u2019 addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. The vulnerability has been patched in Fides version `2.22.1`. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ethyca",
"product": {
"product_data": [
{
"product_name": "fides",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89"
},
{
"url": "https://github.com/ethyca/fides/commit/c9f3a620a4b4c1916e0941cb5624dcd636f06d06",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/commit/c9f3a620a4b4c1916e0941cb5624dcd636f06d06"
},
{
"url": "https://github.com/ethyca/fides/releases/tag/2.22.1",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/releases/tag/2.22.1"
}
]
},
"source": {
"advisory": "GHSA-rjxg-rpg3-9r89",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

56
2023/46xxx/CVE-2023-46574.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46574",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md",
"refsource": "MISC",
"name": "https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md"
}
]
}

186
2023/5xxx/CVE-2023-5568.json
View File

@ -1,17 +1,195 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5568",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.2",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Storage 3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5568",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-5568"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245174",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2245174"
},
{
"url": "https://bugzilla.samba.org/show_bug.cgi?id=15491",
"refsource": "MISC",
"name": "https://bugzilla.samba.org/show_bug.cgi?id=15491"
},
{
"url": "https://www.samba.org/samba/history/samba-4.19.2.html",
"refsource": "MISC",
"name": "https://www.samba.org/samba/history/samba-4.19.2.html"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

5
2023/5xxx/CVE-2023-5631.json
View File

@ -137,6 +137,11 @@
"url": "https://www.debian.org/security/2023/dsa-5531",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5531"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html"
}
]
},

18
2023/5xxx/CVE-2023-5751.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}