Auto-merge PR#177

2025-06-10 02:04:31 +00:00 · 2020-11-23 14:25:20 -05:00 · 2020-11-23 14:25:20 -05:00 · 1843cbb23e
commit 1843cbb23e
parent 0923c96532 4bb8a4a38e
1 changed files with 76 additions and 6 deletions
--- a/2020/15xxx/CVE-2020-15246.json
+++ b/2020/15xxx/CVE-2020-15246.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-15246",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Local File Inclusion by unauthenticated users"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "october",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 1.0.421, < 1.0.469"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "octobercms"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request.\n\nIssue has been patched in Build 469 (v1.0.469) and v1.1.0.\n"
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 7.5,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-863 Incorrect Authorization"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6h",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6h"
+            },
+            {
+                "name": "https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4",
+                "refsource": "MISC",
+                "url": "https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-xwjr-6fj7-fc6h",
+        "discovery": "UNKNOWN"
    }
 }