"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2020-07-31 16:01:23 +00:00 · 2020-07-31 16:01:23 +00:00 · 12c8343f62
commit 12c8343f62
parent f022394575
2 changed files with 60 additions and 6 deletions
--- a/2020/15xxx/CVE-2020-15904.json
+++ b/2020/15xxx/CVE-2020-15904.json
@ -56,6 +56,11 @@
                "url": "https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7",
                "refsource": "MISC",
                "name": "https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/ilanschnell/bsdiff4/blob/master/CHANGELOG.txt",
+                "url": "https://github.com/ilanschnell/bsdiff4/blob/master/CHANGELOG.txt"
            }
        ]
    }
--- a/2020/16xxx/CVE-2020-16136.json
+++ b/2020/16xxx/CVE-2020-16136.json
@ -1,17 +1,66 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2020-16136",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2020-16136",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/tgstation/tgstation-server",
+                "refsource": "MISC",
+                "name": "https://github.com/tgstation/tgstation-server"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-r8pp-42wr-2gc4",
+                "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-r8pp-42wr-2gc4"
            }
        ]
    }