From 177e8e53a35e6b47a660608801023f9a3065e553 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 25 Aug 2023 20:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/27xxx/CVE-2021-27932.json | 61 +++++++++++++++++++++--- 2023/24xxx/CVE-2023-24620.json | 66 +++++++++++++++++++++++--- 2023/24xxx/CVE-2023-24621.json | 66 +++++++++++++++++++++++--- 2023/36xxx/CVE-2023-36198.json | 56 +++++++++++++++++++--- 2023/36xxx/CVE-2023-36199.json | 56 +++++++++++++++++++--- 2023/37xxx/CVE-2023-37249.json | 61 +++++++++++++++++++++--- 2023/39xxx/CVE-2023-39600.json | 61 +++++++++++++++++++++--- 2023/39xxx/CVE-2023-39707.json | 66 +++++++++++++++++++++++--- 2023/40xxx/CVE-2023-40031.json | 85 +++++++++++++++++++++++++++++++-- 2023/40xxx/CVE-2023-40036.json | 76 ++++++++++++++++++++++++++++-- 2023/40xxx/CVE-2023-40568.json | 8 ++-- 2023/40xxx/CVE-2023-40579.json | 81 ++++++++++++++++++++++++++++++-- 2023/40xxx/CVE-2023-40580.json | 86 ++++++++++++++++++++++++++++++++-- 2023/41xxx/CVE-2023-41259.json | 18 +++++++ 2023/41xxx/CVE-2023-41260.json | 18 +++++++ 15 files changed, 797 insertions(+), 68 deletions(-) create mode 100644 2023/41xxx/CVE-2023-41259.json create mode 100644 2023/41xxx/CVE-2023-41260.json diff --git a/2021/27xxx/CVE-2021-27932.json b/2021/27xxx/CVE-2021-27932.json index 94ef4fb5f01..15511bb8040 100644 --- a/2021/27xxx/CVE-2021-27932.json +++ b/2021/27xxx/CVE-2021-27932.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27932", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27932", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.stormshield.eu", + "refsource": "MISC", + "name": "https://advisories.stormshield.eu" + }, + { + "refsource": "MISC", + "name": "https://advisories.stormshield.eu/2021-004/", + "url": "https://advisories.stormshield.eu/2021-004/" } ] } diff --git a/2023/24xxx/CVE-2023-24620.json b/2023/24xxx/CVE-2023-24620.json index 847f46013dd..e9f6645cc5e 100644 --- a/2023/24xxx/CVE-2023-24620.json +++ b/2023/24xxx/CVE-2023-24620.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24620", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24620", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/EsotericSoftware", + "refsource": "MISC", + "name": "https://github.com/EsotericSoftware" + }, + { + "url": "https://contrastsecurity.com", + "refsource": "MISC", + "name": "https://contrastsecurity.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md", + "url": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md" } ] } diff --git a/2023/24xxx/CVE-2023-24621.json b/2023/24xxx/CVE-2023-24621.json index a631a26930a..d9403c88b03 100644 --- a/2023/24xxx/CVE-2023-24621.json +++ b/2023/24xxx/CVE-2023-24621.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24621", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24621", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/EsotericSoftware", + "refsource": "MISC", + "name": "https://github.com/EsotericSoftware" + }, + { + "url": "https://contrastsecurity.com", + "refsource": "MISC", + "name": "https://contrastsecurity.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md", + "url": "https://github.com/Contrast-Security-OSS/yamlbeans/blob/main/SECURITY.md" } ] } diff --git a/2023/36xxx/CVE-2023-36198.json b/2023/36xxx/CVE-2023-36198.json index 5d8c6ffdeeb..e7638077c62 100644 --- a/2023/36xxx/CVE-2023-36198.json +++ b/2023/36xxx/CVE-2023-36198.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36198", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36198", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/skalenetwork/sgxwallet/issues/419", + "refsource": "MISC", + "name": "https://github.com/skalenetwork/sgxwallet/issues/419" } ] } diff --git a/2023/36xxx/CVE-2023-36199.json b/2023/36xxx/CVE-2023-36199.json index 3dcd3b69276..019c7e6dacc 100644 --- a/2023/36xxx/CVE-2023-36199.json +++ b/2023/36xxx/CVE-2023-36199.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36199", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/skalenetwork/sgxwallet/issues/419", + "refsource": "MISC", + "name": "https://github.com/skalenetwork/sgxwallet/issues/419" } ] } diff --git a/2023/37xxx/CVE-2023-37249.json b/2023/37xxx/CVE-2023-37249.json index 256591dcd24..fccd9249ac8 100644 --- a/2023/37xxx/CVE-2023-37249.json +++ b/2023/37xxx/CVE-2023-37249.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-37249", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-37249", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://infoblox.com", + "refsource": "MISC", + "name": "https://infoblox.com" + }, + { + "refsource": "CONFIRM", + "name": "https://community.infoblox.com/t5/trending-kb-articles/nios-is-vulnerable-to-cve-2023-37249/ba-p/32190", + "url": "https://community.infoblox.com/t5/trending-kb-articles/nios-is-vulnerable-to-cve-2023-37249/ba-p/32190" } ] } diff --git a/2023/39xxx/CVE-2023-39600.json b/2023/39xxx/CVE-2023-39600.json index 2aecf4b7bc6..61fe9a4ef70 100644 --- a/2023/39xxx/CVE-2023-39600.json +++ b/2023/39xxx/CVE-2023-39600.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39600", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39600", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://icewrap.com", + "refsource": "MISC", + "name": "http://icewrap.com" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@katikitala.sushmitha078/cross-site-scripting-reflected-xss-in-icewarp-server-cve-2023-39600-310a7e1c8817", + "url": "https://medium.com/@katikitala.sushmitha078/cross-site-scripting-reflected-xss-in-icewarp-server-cve-2023-39600-310a7e1c8817" } ] } diff --git a/2023/39xxx/CVE-2023-39707.json b/2023/39xxx/CVE-2023-39707.json index a2080e7d174..efbb3595a0a 100644 --- a/2023/39xxx/CVE-2023-39707.json +++ b/2023/39xxx/CVE-2023-39707.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39707", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39707", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + }, + { + "url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/Arajawat007/b94d7ce74fcf16014e282a9b525f4555#file-cve-2023-39707", + "url": "https://gist.github.com/Arajawat007/b94d7ce74fcf16014e282a9b525f4555#file-cve-2023-39707" } ] } diff --git a/2023/40xxx/CVE-2023-40031.json b/2023/40xxx/CVE-2023-40031.json index 13731e4f440..ba051571fc2 100644 --- a/2023/40xxx/CVE-2023-40031.json +++ b/2023/40xxx/CVE-2023-40031.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "notepad-plus-plus", + "product": { + "product_data": [ + { + "product_name": "notepad-plus-plus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 8.5.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/" + } + ] + }, + "source": { + "advisory": "GHSA-fp93-2q9p-7fxp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40036.json b/2023/40xxx/CVE-2023-40036.json index 1b1b1fff448..fccd2f53e2b 100644 --- a/2023/40xxx/CVE-2023-40036.json +++ b/2023/40xxx/CVE-2023-40036.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40036", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "notepad-plus-plus", + "product": { + "product_data": [ + { + "product_name": "notepad-plus-plus", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 8.5.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/", + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/" + } + ] + }, + "source": { + "advisory": "GHSA-h3xj-4m6m-rrm7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40568.json b/2023/40xxx/CVE-2023-40568.json index 8a4b46b894f..c274ffc3a1b 100644 --- a/2023/40xxx/CVE-2023-40568.json +++ b/2023/40xxx/CVE-2023-40568.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** GitHub has been informed that the requestor is working with another CNA for these vulnerabilities." } ] } diff --git a/2023/40xxx/CVE-2023-40579.json b/2023/40xxx/CVE-2023-40579.json index afade70d34d..3bdf802aacb 100644 --- a/2023/40xxx/CVE-2023-40579.json +++ b/2023/40xxx/CVE-2023-40579.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "openfga", + "product": { + "product_data": [ + { + "product_name": "openfga", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openfga/openfga/security/advisories/GHSA-jcf2-mxr2-gmqp", + "refsource": "MISC", + "name": "https://github.com/openfga/openfga/security/advisories/GHSA-jcf2-mxr2-gmqp" + }, + { + "url": "https://github.com/openfga/openfga/releases/tag/v1.3.1", + "refsource": "MISC", + "name": "https://github.com/openfga/openfga/releases/tag/v1.3.1" + } + ] + }, + "source": { + "advisory": "GHSA-jcf2-mxr2-gmqp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40580.json b/2023/40xxx/CVE-2023-40580.json index f1a7031c6b9..160decfa729 100644 --- a/2023/40xxx/CVE-2023-40580.json +++ b/2023/40xxx/CVE-2023-40580.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "stellar", + "product": { + "product_data": [ + { + "product_name": "freighter", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 5.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w", + "refsource": "MISC", + "name": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w" + }, + { + "url": "https://github.com/stellar/freighter/pull/948", + "refsource": "MISC", + "name": "https://github.com/stellar/freighter/pull/948" + }, + { + "url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee", + "refsource": "MISC", + "name": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee" + } + ] + }, + "source": { + "advisory": "GHSA-vqr6-hwg2-775w", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41259.json b/2023/41xxx/CVE-2023-41259.json new file mode 100644 index 00000000000..9c4c8b8fb7c --- /dev/null +++ b/2023/41xxx/CVE-2023-41259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41260.json b/2023/41xxx/CVE-2023-41260.json new file mode 100644 index 00000000000..2a98e30e6f7 --- /dev/null +++ b/2023/41xxx/CVE-2023-41260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file