From 14aad4e99cc41bd3644f2eebfba951439cf747b0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 16 Mar 2025 00:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/2xxx/CVE-2025-2334.json | 109 +++++++++++++++++++++++++++++++++-- 1 file changed, 105 insertions(+), 4 deletions(-) diff --git a/2025/2xxx/CVE-2025-2334.json b/2025/2xxx/CVE-2025-2334.json index aab5ff80992..0b33edd1d9b 100644 --- a/2025/2xxx/CVE-2025-2334.json +++ b/2025/2xxx/CVE-2025-2334.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2334", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in 274056675 springboot-openai-chatgpt e84f6f5 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion deleteChat der Datei /api/mjkj-chat/chat/ai/delete/chat der Komponente Chat History Handler. Mittels dem Manipulieren des Arguments chatListId mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "274056675", + "product": { + "product_data": [ + { + "product_name": "springboot-openai-chatgpt", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "e84f6f5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.299799", + "refsource": "MISC", + "name": "https://vuldb.com/?id.299799" + }, + { + "url": "https://vuldb.com/?ctiid.299799", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.299799" + }, + { + "url": "https://vuldb.com/?submit.505688", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.505688" + }, + { + "url": "https://www.cnblogs.com/aibot/p/18732182", + "refsource": "MISC", + "name": "https://www.cnblogs.com/aibot/p/18732182" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "aibot88 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.5, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P" } ] }