From 1693e520de9b80b4e93a8b3dc35e95450d271f6e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 2 Oct 2023 11:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/3xxx/CVE-2023-3768.json | 97 +++++++++++++++++++++++-- 2023/44xxx/CVE-2023-44228.json | 85 ++++++++++++++++++++-- 2023/44xxx/CVE-2023-44230.json | 85 ++++++++++++++++++++-- 2023/44xxx/CVE-2023-44242.json | 85 ++++++++++++++++++++-- 2023/44xxx/CVE-2023-44264.json | 85 ++++++++++++++++++++-- 2023/44xxx/CVE-2023-44265.json | 85 ++++++++++++++++++++-- 2023/44xxx/CVE-2023-44266.json | 85 ++++++++++++++++++++-- 2023/45xxx/CVE-2023-45002.json | 18 +++++ 2023/45xxx/CVE-2023-45003.json | 18 +++++ 2023/45xxx/CVE-2023-45004.json | 18 +++++ 2023/45xxx/CVE-2023-45005.json | 18 +++++ 2023/45xxx/CVE-2023-45006.json | 18 +++++ 2023/45xxx/CVE-2023-45007.json | 18 +++++ 2023/45xxx/CVE-2023-45008.json | 18 +++++ 2023/45xxx/CVE-2023-45009.json | 18 +++++ 2023/45xxx/CVE-2023-45010.json | 18 +++++ 2023/45xxx/CVE-2023-45011.json | 18 +++++ 2023/5xxx/CVE-2023-5160.json | 125 +++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5330.json | 18 +++++ 19 files changed, 898 insertions(+), 32 deletions(-) create mode 100644 2023/45xxx/CVE-2023-45002.json create mode 100644 2023/45xxx/CVE-2023-45003.json create mode 100644 2023/45xxx/CVE-2023-45004.json create mode 100644 2023/45xxx/CVE-2023-45005.json create mode 100644 2023/45xxx/CVE-2023-45006.json create mode 100644 2023/45xxx/CVE-2023-45007.json create mode 100644 2023/45xxx/CVE-2023-45008.json create mode 100644 2023/45xxx/CVE-2023-45009.json create mode 100644 2023/45xxx/CVE-2023-45010.json create mode 100644 2023/45xxx/CVE-2023-45011.json create mode 100644 2023/5xxx/CVE-2023-5330.json diff --git a/2023/3xxx/CVE-2023-3768.json b/2023/3xxx/CVE-2023-3768.json index 7e08056c634..0b382a79b6d 100644 --- a/2023/3xxx/CVE-2023-3768.json +++ b/2023/3xxx/CVE-2023-3768.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@incibe.es", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ingeteam", + "product": { + "product_data": [ + { + "product_name": "INGEPAC DA3451", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.29.2.42" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products", + "refsource": "MISC", + "name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n\n\n1.0.4.0 version (released on 30-09-2021) and later.
" + } + ], + "value": "\n\n\n1.0.4.0 version (released on 30-09-2021) and later.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aar\u00f3n Flecha Men\u00e9ndez and Gabriel V\u00eda Echezarreta" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44228.json b/2023/44xxx/CVE-2023-44228.json index 721df0c117a..082de433cf5 100644 --- a/2023/44xxx/CVE-2023-44228.json +++ b/2023/44xxx/CVE-2023-44228.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44228", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <=\u00a08.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gopi Ramasamy", + "product": { + "product_data": [ + { + "product_name": "Onclick show popup", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/onclick-show-popup/wordpress-onclick-show-popup-plugin-8-1-cross-site-scripting-xss?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/onclick-show-popup/wordpress-onclick-show-popup-plugin-8-1-cross-site-scripting-xss?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "yuyudhn (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44230.json b/2023/44xxx/CVE-2023-44230.json index d432456e32a..ad22951e41b 100644 --- a/2023/44xxx/CVE-2023-44230.json +++ b/2023/44xxx/CVE-2023-44230.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <=\u00a07.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gopi Ramasamy", + "product": { + "product_data": [ + { + "product_name": "Popup contact form", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/popup-contact-form/wordpress-popup-contact-form-plugin-7-1-cross-site-scripting-xss-2?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/popup-contact-form/wordpress-popup-contact-form-plugin-7-1-cross-site-scripting-xss-2?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "yuyudhn (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44242.json b/2023/44xxx/CVE-2023-44242.json index 01ef1ab8092..1c9d5d3c357 100644 --- a/2023/44xxx/CVE-2023-44242.json +++ b/2023/44xxx/CVE-2023-44242.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44242", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <=\u00a01.3.54 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "2J Slideshow Team", + "product": { + "product_data": [ + { + "product_name": "Slideshow, Image Slider by 2J", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.3.54" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/2j-slideshow/wordpress-slideshow-image-slider-by-2j-plugin-1-3-54-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/2j-slideshow/wordpress-slideshow-image-slider-by-2j-plugin-1-3-54-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44264.json b/2023/44xxx/CVE-2023-44264.json index 3fab38e7235..38f141f7193 100644 --- a/2023/44xxx/CVE-2023-44264.json +++ b/2023/44xxx/CVE-2023-44264.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44264", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed \u2013 Custom Feed plugin <=\u00a02.2.5 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arrow Plugins", + "product": { + "product_data": [ + { + "product_name": "The Awesome Feed \u2013 Custom Feed", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-facebook-feed/wordpress-the-awesome-feed-custom-feed-plugin-2-2-5-cross-site-scripting-xss?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-facebook-feed/wordpress-the-awesome-feed-custom-feed-plugin-2-2-5-cross-site-scripting-xss?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rio Darmawan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44265.json b/2023/44xxx/CVE-2023-44265.json index 84eb19b81c6..4d00a961dcc 100644 --- a/2023/44xxx/CVE-2023-44265.json +++ b/2023/44xxx/CVE-2023-44265.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44265", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <=\u00a07.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gopi Ramasamy", + "product": { + "product_data": [ + { + "product_name": "Popup contact form", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/popup-contact-form/wordpress-popup-contact-form-plugin-7-1-cross-site-scripting-xss?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/popup-contact-form/wordpress-popup-contact-form-plugin-7-1-cross-site-scripting-xss?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rio Darmawan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/44xxx/CVE-2023-44266.json b/2023/44xxx/CVE-2023-44266.json index 67b9add086a..2a0aec0dde7 100644 --- a/2023/44xxx/CVE-2023-44266.json +++ b/2023/44xxx/CVE-2023-44266.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <=\u00a03.1.6 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jewel Theme", + "product": { + "product_data": [ + { + "product_name": "WP Adminify", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/adminify/wordpress-wp-adminify-custom-login-admin-dashboard-admin-columns-plugin-3-1-6-cross-site-scripting-xss?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/adminify/wordpress-wp-adminify-custom-login-admin-dashboard-admin-columns-plugin-3-1-6-cross-site-scripting-xss?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rio Darmawan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45002.json b/2023/45xxx/CVE-2023-45002.json new file mode 100644 index 00000000000..e620a9920b5 --- /dev/null +++ b/2023/45xxx/CVE-2023-45002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45003.json b/2023/45xxx/CVE-2023-45003.json new file mode 100644 index 00000000000..eea87e41a6e --- /dev/null +++ b/2023/45xxx/CVE-2023-45003.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45003", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45004.json b/2023/45xxx/CVE-2023-45004.json new file mode 100644 index 00000000000..bc0e486a4c9 --- /dev/null +++ b/2023/45xxx/CVE-2023-45004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45005.json b/2023/45xxx/CVE-2023-45005.json new file mode 100644 index 00000000000..ad4a99c6714 --- /dev/null +++ b/2023/45xxx/CVE-2023-45005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45006.json b/2023/45xxx/CVE-2023-45006.json new file mode 100644 index 00000000000..21e44bedf76 --- /dev/null +++ b/2023/45xxx/CVE-2023-45006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45007.json b/2023/45xxx/CVE-2023-45007.json new file mode 100644 index 00000000000..d59e1a0e276 --- /dev/null +++ b/2023/45xxx/CVE-2023-45007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45008.json b/2023/45xxx/CVE-2023-45008.json new file mode 100644 index 00000000000..05dc408c862 --- /dev/null +++ b/2023/45xxx/CVE-2023-45008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45009.json b/2023/45xxx/CVE-2023-45009.json new file mode 100644 index 00000000000..e36e5932988 --- /dev/null +++ b/2023/45xxx/CVE-2023-45009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45010.json b/2023/45xxx/CVE-2023-45010.json new file mode 100644 index 00000000000..06f5af3d08c --- /dev/null +++ b/2023/45xxx/CVE-2023-45010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/45xxx/CVE-2023-45011.json b/2023/45xxx/CVE-2023-45011.json new file mode 100644 index 00000000000..9cea3d3b883 --- /dev/null +++ b/2023/45xxx/CVE-2023-45011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-45011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5160.json b/2023/5xxx/CVE-2023-5160.json index 15d346cf9ae..46135232b7f 100644 --- a/2023/5xxx/CVE-2023-5160.json +++ b/2023/5xxx/CVE-2023-5160.json @@ -1,17 +1,134 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing\u00a0a member to get the full name of another user even if the Show Full Name option was disabled\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "7.8.9", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "8.1.0", + "status": "affected", + "version": "0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "7.8.10" + }, + { + "status": "unaffected", + "version": "8.1.1" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "MMSA-2023-00217", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-53191" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Update Mattermost Server to versions 7.8.10, 8.1.1 or higher.

" + } + ], + "value": "Update Mattermost Server to versions 7.8.10, 8.1.1 or higher.\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Hack Cats (aungpyaekoko)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5330.json b/2023/5xxx/CVE-2023-5330.json new file mode 100644 index 00000000000..dea099e9a4d --- /dev/null +++ b/2023/5xxx/CVE-2023-5330.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5330", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file