admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-19 20:00:34 +00:00
parent 73b49c1cda
commit 13850aa721
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
17 changed files with 784 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2023/33xxx/CVE-2023-33295.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-33295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cohesity.com",
"refsource": "MISC",
"name": "https://cohesity.com"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2023-33295.md",
"url": "https://github.com/cohesity/SecAdvisory/blob/master/CVE-2023-33295.md"
}
]
}

5
2023/38xxx/CVE-2023-38906.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://arxiv.org/abs/2308.09019",
"url": "https://arxiv.org/abs/2308.09019"
},
{
"refsource": "MISC",
"name": "https://www.scitepress.org/Papers/2023/120929/120929.pdf",
"url": "https://www.scitepress.org/Papers/2023/120929/120929.pdf"
}
]
}

5
2023/38xxx/CVE-2023-38907.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://arxiv.org/abs/2308.09019",
"url": "https://arxiv.org/abs/2308.09019"
},
{
"refsource": "MISC",
"name": "https://www.scitepress.org/Papers/2023/120929/120929.pdf",
"url": "https://www.scitepress.org/Papers/2023/120929/120929.pdf"
}
]
}

5
2023/38xxx/CVE-2023-38908.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://arxiv.org/pdf/2308.09019.pdf",
"url": "https://arxiv.org/pdf/2308.09019.pdf"
},
{
"refsource": "MISC",
"name": "https://www.scitepress.org/Papers/2023/120929/120929.pdf",
"url": "https://www.scitepress.org/Papers/2023/120929/120929.pdf"
}
]
}

5
2023/38xxx/CVE-2023-38909.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://arxiv.org/pdf/2308.09019.pdf",
"url": "https://arxiv.org/pdf/2308.09019.pdf"
},
{
"refsource": "MISC",
"name": "https://www.scitepress.org/Papers/2023/120929/120929.pdf",
"url": "https://www.scitepress.org/Papers/2023/120929/120929.pdf"
}
]
}

4
2023/43xxx/CVE-2023-43956.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2023-43956",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-36263. Reason: This record is a duplicate of CVE-2023-36263. Notes: All CVE users should reference CVE-2023-36263 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
]
}

4
2023/45xxx/CVE-2023-45485.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2023-45485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

61
2023/47xxx/CVE-2023-47035.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47035",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-47035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://etherscan.io/token/0x3b08c03fa8278cf81b9043b228183760376fcdbb",
"refsource": "MISC",
"name": "https://etherscan.io/token/0x3b08c03fa8278cf81b9043b228183760376fcdbb"
},
{
"refsource": "MISC",
"name": "https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19-3.md",
"url": "https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19-3.md"
}
]
}

66
2023/50xxx/CVE-2023-50447.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50447",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-50447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/python-pillow/Pillow/releases",
"refsource": "MISC",
"name": "https://github.com/python-pillow/Pillow/releases"
},
{
"refsource": "MISC",
"name": "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/",
"url": "https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/"
},
{
"refsource": "MISC",
"name": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/",
"url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/"
}
]
}

66
2023/50xxx/CVE-2023-50693.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-50693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dom96/jester/issues/326",
"refsource": "MISC",
"name": "https://github.com/dom96/jester/issues/326"
},
{
"url": "https://github.com/dom96/jester/pull/327",
"refsource": "MISC",
"name": "https://github.com/dom96/jester/pull/327"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/anas-cherni/dd297786750f300a2bab3bb73fee919b",
"url": "https://gist.github.com/anas-cherni/dd297786750f300a2bab3bb73fee919b"
}
]
}

66
2023/50xxx/CVE-2023-50694.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50694",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-50694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to execute arbitrary code via a crafted request to the parser.nim component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/dom96/httpbeast/pull/96",
"refsource": "MISC",
"name": "https://github.com/dom96/httpbeast/pull/96"
},
{
"url": "https://github.com/dom96/httpbeast/issues/95",
"refsource": "MISC",
"name": "https://github.com/dom96/httpbeast/issues/95"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8",
"url": "https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8"
}
]
}

8
2024/0xxx/CVE-2024-0663.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** REJECT: This is a false positive report."
}
]
}

95
2024/0xxx/CVE-2024-0731.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In PCMan FTP Server 2.0.7 wurde eine problematische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente PUT Command Handler. Mittels Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PCMan",
"product": {
"product_data": [
{
"product_name": "FTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.251554",
"refsource": "MISC",
"name": "https://vuldb.com/?id.251554"
},
{
"url": "https://vuldb.com/?ctiid.251554",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.251554"
},
{
"url": "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt",
"refsource": "MISC",
"name": "https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt"
}
]
},
"credits": [
{
"lang": "en",
"value": "fernando.mengali (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
}
]
}

95
2024/0xxx/CVE-2024-0732.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0732",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in PCMan FTP Server 2.0.7 gefunden. Davon betroffen ist unbekannter Code der Komponente STOR Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PCMan",
"product": {
"product_data": [
{
"product_name": "FTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.251555",
"refsource": "MISC",
"name": "https://vuldb.com/?id.251555"
},
{
"url": "https://vuldb.com/?ctiid.251555",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.251555"
},
{
"url": "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt",
"refsource": "MISC",
"name": "https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt"
}
]
},
"credits": [
{
"lang": "en",
"value": "fernando.mengali (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
}
]
}

99
2024/22xxx/CVE-2024-22211.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22211",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeRDP",
"product": {
"product_data": [
{
"product_name": "FreeRDP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.11.5"
},
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9"
}
]
},
"source": {
"advisory": "GHSA-rjhp-44rv-7v59",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

81
2024/23xxx/CVE-2024-23329.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23329",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dgtlmoon",
"product": {
"product_data": [
{
"product_name": "changedetection.io",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.39.14, < 0.45.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr",
"refsource": "MISC",
"name": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr"
},
{
"url": "https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f",
"refsource": "MISC",
"name": "https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f"
}
]
},
"source": {
"advisory": "GHSA-hcvp-2cc7-jrwr",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

116
2024/23xxx/CVE-2024-23331.json
View File

@ -1,17 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-178: Improper Handling of Case Sensitivity",
"cweId": "CWE-178"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vitejs",
"product": {
"product_data": [
{
"product_name": "vite",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">=2.7.0, < 2.9.17"
},
{
"version_affected": "=",
"version_value": ">=3.0.0, <3.2.8"
},
{
"version_affected": "=",
"version_value": ">=4.0.0, < 4.5.2"
},
{
"version_affected": "=",
"version_value": ">=5.0.0, < 5.0.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw",
"refsource": "MISC",
"name": "https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw"
},
{
"url": "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5",
"refsource": "MISC",
"name": "https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5"
},
{
"url": "https://vitejs.dev/config/server-options.html#server-fs-deny",
"refsource": "MISC",
"name": "https://vitejs.dev/config/server-options.html#server-fs-deny"
}
]
},
"source": {
"advisory": "GHSA-c24v-8rfc-w8vw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}