diff --git a/2024/22xxx/CVE-2024-22236.json b/2024/22xxx/CVE-2024-22236.json index f4e22467092..c4e9be9dbd1 100644 --- a/2024/22xxx/CVE-2024-22236.json +++ b/2024/22xxx/CVE-2024-22236.json @@ -1,17 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22236", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava\u00a0dependency in the org.springframework.cloud:spring-cloud-contract-shade\u00a0dependency.\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Spring", + "product": { + "product_data": [ + { + "product_name": "Spring Cloud Contract", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.1.0", + "version_value": "4.1.1" + }, + { + "version_affected": "<", + "version_name": "4.0.0", + "version_value": "4.0.6" + }, + { + "version_affected": "<", + "version_name": "3.1.0", + "version_value": "3.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://spring.io/security/cve-2024-22236", + "refsource": "MISC", + "name": "https://spring.io/security/cve-2024-22236" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] }