admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-19 16:00:31 +00:00
parent 63e30bd7e5
commit 17cfea04ec
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
16 changed files with 466 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
2020/11xxx/CVE-2020-11001.json
View File

@ -1,96 +1,99 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11001",
"STATE": "PUBLIC",
"TITLE": "Possible XSS attack in Wagtail"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wagtail",
"version": {
"version_data": [
{
"version_value": ">=1.9.0, < 2.7.2"
},
{
"version_value": ">= 2.8.0, < 2.8.1"
}
]
}
}
]
},
"vendor_name": "wagtail"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-11001",
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch)." "value": "In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision\ncomparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail\nadmin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform\nactions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to\nthe Wagtail admin.\n\nPatched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch)."
} }
] ]
}, },
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": { "problemtype": {
"problemtype_data": [ "problemtype_data": [
{ {
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
} }
] ]
} }
] ]
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wagtail",
"product": {
"product_data": [
{
"product_name": "wagtail",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.7.2"
},
{
"version_affected": "=",
"version_value": ">= 2.8.0, < 2.8.1"
}
]
}
}
]
}
}
]
}
},
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6", "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6",
"refsource": "CONFIRM",
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6"
},
{
"name": "https://github.com/wagtail/wagtail/releases/tag/v2.8.1",
"refsource": "MISC", "refsource": "MISC",
"url": "https://github.com/wagtail/wagtail/releases/tag/v2.8.1" "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6"
},
{
"name": "https://github.com/wagtail/wagtail/commit/61045ceefea114c40ac4b680af58990dbe732389",
"refsource": "MISC",
"url": "https://github.com/wagtail/wagtail/commit/61045ceefea114c40ac4b680af58990dbe732389"
} }
] ]
}, },
"source": { "source": {
"advisory": "GHSA-v2wc-pfq2-5cm6", "advisory": "GHSA-v2wc-pfq2-5cm6",
"discovery": "UNKNOWN" "discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
} }
} }

138
2020/11xxx/CVE-2020-11037.json
View File

@ -1,86 +1,114 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11037",
"STATE": "PUBLIC",
"TITLE": "Potential Observable Timing Discrepancy in Wagtail"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wagtail",
"version": {
"version_data": [
{
"version_value": "< 2.7.2"
},
{
"version_value": ">= 2.8, < 2.8.2"
}
]
}
}
]
},
"vendor_name": "wagtail"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-11037",
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's \"Privacy\" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9." "value": "In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's \"Privacy\" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is [understood to be feasible on a local network, but not on the public internet](https://groups.google.com/d/msg/django-developers/iAaq0pvHXuA/fpUuwjK3i2wJ).\n\nPrivacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability.\n\nThis has been patched in 2.7.3, 2.8.2, 2.9."
} }
] ]
}, },
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": { "problemtype": {
"problemtype_data": [ "problemtype_data": [
{ {
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-208: Observable Timing Discrepancy" "value": "CWE-208: Observable Timing Discrepancy",
"cweId": "CWE-208"
} }
] ]
} }
] ]
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wagtail",
"product": {
"product_data": [
{
"product_name": "Wagtail",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.7.3"
},
{
"version_affected": "=",
"version_value": ">= 2.8rc1, < 2.8.2"
},
{
"version_affected": "=",
"version_value": "= 2.9rc1"
}
]
}
}
]
}
}
]
}
},
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6", "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6",
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6" "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6"
},
{
"url": "https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf",
"refsource": "MISC",
"name": "https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf"
},
{
"url": "https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090",
"refsource": "MISC",
"name": "https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090"
},
{
"url": "https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11",
"refsource": "MISC",
"name": "https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11"
},
{
"url": "https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340",
"refsource": "MISC",
"name": "https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340"
} }
] ]
}, },
"source": { "source": {
"advisory": "GHSA-jjjr-3jcw-f8v6", "advisory": "GHSA-jjjr-3jcw-f8v6",
"discovery": "UNKNOWN" "discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
]
} }
} }

18
2024/11xxx/CVE-2024-11422.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11422",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11423.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11423",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11424.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11424",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11425.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11425",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11426.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11426",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11427.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11428.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11428",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11429.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11430.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11430",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11431.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11431",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11432.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11432",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11433.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11433",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11434.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2024/52xxx/CVE-2024-52582.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-52582", "ID": "CVE-2024-52582",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"cweId": "CWE-497"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "containerbuildsystem",
"product": {
"product_data": [
{
"product_name": "cachi2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.14.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/containerbuildsystem/cachi2/security/advisories/GHSA-w9qc-9m5h-qqmh",
"refsource": "MISC",
"name": "https://github.com/containerbuildsystem/cachi2/security/advisories/GHSA-w9qc-9m5h-qqmh"
},
{
"url": "https://github.com/containerbuildsystem/cachi2/commit/d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9",
"refsource": "MISC",
"name": "https://github.com/containerbuildsystem/cachi2/commit/d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9"
},
{
"url": "https://typer.tiangolo.com/tutorial/exceptions/?h=#disable-local-variables-for-security",
"refsource": "MISC",
"name": "https://typer.tiangolo.com/tutorial/exceptions/?h=#disable-local-variables-for-security"
}
]
},
"source": {
"advisory": "GHSA-w9qc-9m5h-qqmh",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }