From 4bb8a4a38e29a3abf08a510f2ba76d191c93136b Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Mon, 23 Nov 2020 12:24:05 -0700 Subject: [PATCH] Add CVE-2020-15246 for GHSA-xwjr-6fj7-fc6h --- 2020/15xxx/CVE-2020-15246.json | 82 +++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/2020/15xxx/CVE-2020-15246.json b/2020/15xxx/CVE-2020-15246.json index 84715c92d7e..9ad05bb9256 100644 --- a/2020/15xxx/CVE-2020-15246.json +++ b/2020/15xxx/CVE-2020-15246.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15246", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local File Inclusion by unauthenticated users" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "october", + "version": { + "version_data": [ + { + "version_value": ">= 1.0.421, < 1.0.469" + } + ] + } + } + ] + }, + "vendor_name": "octobercms" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request.\n\nIssue has been patched in Build 469 (v1.0.469) and v1.1.0.\n" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6h", + "refsource": "CONFIRM", + "url": "https://github.com/octobercms/october/security/advisories/GHSA-xwjr-6fj7-fc6h" + }, + { + "name": "https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4", + "refsource": "MISC", + "url": "https://github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4" + } + ] + }, + "source": { + "advisory": "GHSA-xwjr-6fj7-fc6h", + "discovery": "UNKNOWN" } } \ No newline at end of file