From 1ae75789f4fa76d5d519fbf9c57a693db1457b08 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Mar 2023 11:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/1xxx/CVE-2023-1447.json | 4 +- 2023/1xxx/CVE-2023-1556.json | 96 +++++++++++++++++++++++-- 2023/1xxx/CVE-2023-1557.json | 91 ++++++++++++++++++++++-- 2023/1xxx/CVE-2023-1558.json | 106 ++++++++++++++++++++++++++++ 2023/1xxx/CVE-2023-1559.json | 18 +++++ 2023/1xxx/CVE-2023-1560.json | 18 +++++ 2023/1xxx/CVE-2023-1561.json | 18 +++++ 2023/1xxx/CVE-2023-1562.json | 123 +++++++++++++++++++++++++++++++++ 2023/1xxx/CVE-2023-1563.json | 18 +++++ 2023/1xxx/CVE-2023-1564.json | 18 +++++ 2023/1xxx/CVE-2023-1565.json | 18 +++++ 2023/1xxx/CVE-2023-1566.json | 18 +++++ 2023/1xxx/CVE-2023-1567.json | 18 +++++ 2023/1xxx/CVE-2023-1568.json | 18 +++++ 2023/1xxx/CVE-2023-1569.json | 18 +++++ 2023/28xxx/CVE-2023-28708.json | 79 +++++++++++++++++++-- 16 files changed, 665 insertions(+), 14 deletions(-) create mode 100644 2023/1xxx/CVE-2023-1558.json create mode 100644 2023/1xxx/CVE-2023-1559.json create mode 100644 2023/1xxx/CVE-2023-1560.json create mode 100644 2023/1xxx/CVE-2023-1561.json create mode 100644 2023/1xxx/CVE-2023-1562.json create mode 100644 2023/1xxx/CVE-2023-1563.json create mode 100644 2023/1xxx/CVE-2023-1564.json create mode 100644 2023/1xxx/CVE-2023-1565.json create mode 100644 2023/1xxx/CVE-2023-1566.json create mode 100644 2023/1xxx/CVE-2023-1567.json create mode 100644 2023/1xxx/CVE-2023-1568.json create mode 100644 2023/1xxx/CVE-2023-1569.json diff --git a/2023/1xxx/CVE-2023-1447.json b/2023/1xxx/CVE-2023-1447.json index 42525af17ef..e4075dd7e92 100644 --- a/2023/1xxx/CVE-2023-1447.json +++ b/2023/1xxx/CVE-2023-1447.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/manage_medicine.They. The manipulation of the argument name/description with the input leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-223292." + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/manage_medicine. The manipulation of the argument name/description with the input leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-223292." }, { "lang": "deu", - "value": "Eine problematische Schwachstelle wurde in SourceCodester Medicine Tracker System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei app/?page=medicines/manage_medicine.They. Durch die Manipulation des Arguments name/description mit der Eingabe mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren." + "value": "Eine problematische Schwachstelle wurde in SourceCodester Medicine Tracker System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei app/?page=medicines/manage_medicine. Durch die Manipulation des Arguments name/description mit der Eingabe mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren." } ] }, diff --git a/2023/1xxx/CVE-2023-1556.json b/2023/1xxx/CVE-2023-1556.json index 9b79ba8c3c5..f67fd9d87cf 100644 --- a/2023/1xxx/CVE-2023-1556.json +++ b/2023/1xxx/CVE-2023-1556.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file summary_results.php. The manipulation of the argument main_event_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223549 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Judging Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei summary_results.php. Durch das Manipulieren des Arguments main_event_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Judging Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.223549", + "refsource": "MISC", + "name": "https://vuldb.com/?id.223549" + }, + { + "url": "https://vuldb.com/?ctiid.223549", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.223549" + }, + { + "url": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-1.md", + "refsource": "MISC", + "name": "https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/judging-management-system/SQLi-1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "tks_ (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1557.json b/2023/1xxx/CVE-2023-1557.json index b8fbebdf7f6..9bee522a2a1 100644 --- a/2023/1xxx/CVE-2023-1557.json +++ b/2023/1xxx/CVE-2023-1557.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to improper access controls. The attack may be launched remotely. VDB-223550 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester E-Commerce System 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /ecommerce/admin/user/controller.php?action=edit der Komponente Username Handler. Durch Manipulieren des Arguments USERID mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "E-Commerce System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.223550", + "refsource": "MISC", + "name": "https://vuldb.com/?id.223550" + }, + { + "url": "https://vuldb.com/?ctiid.223550", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.223550" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "WWesleywww (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1558.json b/2023/1xxx/CVE-2023-1558.json new file mode 100644 index 00000000000..9af83e3e518 --- /dev/null +++ b/2023/1xxx/CVE-2023-1558.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1558", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. This affects an unknown part of the file uploadera.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223551." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Simple and Beautiful Shopping Cart System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei uploadera.php. Durch das Beeinflussen mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Simple and Beautiful Shopping Cart System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.223551", + "refsource": "MISC", + "name": "https://vuldb.com/?id.223551" + }, + { + "url": "https://vuldb.com/?ctiid.223551", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.223551" + }, + { + "url": "https://github.com/nightcloudos/bug_report/blob/main/simple%20and%20beautiful%20shopping%20cart%20system/simple%20and%20beautiful%20shopping%20cart%20system%20uploadera.php%20has%20a%20file%20upload%20vulnerability.pdf", + "refsource": "MISC", + "name": "https://github.com/nightcloudos/bug_report/blob/main/simple%20and%20beautiful%20shopping%20cart%20system/simple%20and%20beautiful%20shopping%20cart%20system%20uploadera.php%20has%20a%20file%20upload%20vulnerability.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "niclo (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1559.json b/2023/1xxx/CVE-2023-1559.json new file mode 100644 index 00000000000..0906f951968 --- /dev/null +++ b/2023/1xxx/CVE-2023-1559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1560.json b/2023/1xxx/CVE-2023-1560.json new file mode 100644 index 00000000000..ef9f3755417 --- /dev/null +++ b/2023/1xxx/CVE-2023-1560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1561.json b/2023/1xxx/CVE-2023-1561.json new file mode 100644 index 00000000000..8224369d966 --- /dev/null +++ b/2023/1xxx/CVE-2023-1561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1562.json b/2023/1xxx/CVE-2023-1562.json new file mode 100644 index 00000000000..92a4d34e65c --- /dev/null +++ b/2023/1xxx/CVE-2023-1562.json @@ -0,0 +1,123 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1562", + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mattermost fails to check the \"Show Full Name\" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "version": "7.4.0" + }, + { + "status": "unaffected", + "version": "7.5.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates/", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "MMSA-2023-00136", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-48009" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update Mattermost to version v7.5.0 or higher.
" + } + ], + "value": "Update Mattermost to version v7.5.0 or higher.\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "foobar7" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1563.json b/2023/1xxx/CVE-2023-1563.json new file mode 100644 index 00000000000..81dd739f0ae --- /dev/null +++ b/2023/1xxx/CVE-2023-1563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1564.json b/2023/1xxx/CVE-2023-1564.json new file mode 100644 index 00000000000..d5e95ea7a56 --- /dev/null +++ b/2023/1xxx/CVE-2023-1564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1565.json b/2023/1xxx/CVE-2023-1565.json new file mode 100644 index 00000000000..3eb39551bb1 --- /dev/null +++ b/2023/1xxx/CVE-2023-1565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1566.json b/2023/1xxx/CVE-2023-1566.json new file mode 100644 index 00000000000..3d34e60f95c --- /dev/null +++ b/2023/1xxx/CVE-2023-1566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1567.json b/2023/1xxx/CVE-2023-1567.json new file mode 100644 index 00000000000..2e97187d024 --- /dev/null +++ b/2023/1xxx/CVE-2023-1567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1568.json b/2023/1xxx/CVE-2023-1568.json new file mode 100644 index 00000000000..39426457d1f --- /dev/null +++ b/2023/1xxx/CVE-2023-1568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1569.json b/2023/1xxx/CVE-2023-1569.json new file mode 100644 index 00000000000..508ce18c090 --- /dev/null +++ b/2023/1xxx/CVE-2023-1569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28708.json b/2023/28xxx/CVE-2023-28708.json index a03cfa5b10c..09d4fb4e9a8 100644 --- a/2023/28xxx/CVE-2023-28708.json +++ b/2023/28xxx/CVE-2023-28708.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-523 Unprotected Transport of Credentials", + "cweId": "CWE-523" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "11.0.0-M1", + "version_value": "11.0.0-M2" + }, + { + "version_affected": "<=", + "version_name": "10.1.0-M1", + "version_value": "10.1.5" + }, + { + "version_affected": "<=", + "version_name": "9.0.0-M1", + "version_value": "9.0.71" + }, + { + "version_affected": "<=", + "version_name": "8.5.0", + "version_value": "8.5.85" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "66474" + ], + "discovery": "UNKNOWN" } } \ No newline at end of file