admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-20 20:00:37 +00:00
parent a851d27263
commit 1c56800175
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 622 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2024/31xxx/CVE-2024-31842.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31842",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-31842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.gruppotim.it/it/footer/red-team.html",
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
]
}

81
2024/41xxx/CVE-2024-41659.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41659",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"cweId": "CWE-942"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "usememos",
"product": {
"product_data": [
{
"product_name": "memos",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 0.20.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-034_memos/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2024-034_memos/"
},
{
"url": "https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163",
"refsource": "MISC",
"name": "https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163"
}
]
},
"source": {
"advisory": "GHSA-p4fx-qf2h-jpmj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

83
2024/41xxx/CVE-2024-41773.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708 Incorrect Ownership Assignment",
"cweId": "CWE-708"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Global Configuration Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.2, 7.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7165963",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7165963"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/350347",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/350347"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

2
2024/5xxx/CVE-2024-5154.json
View File

@ -107,7 +107,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.28.7-2.rhaos4.15.git111aec5.el9",
"version": "0:1.28.7-2.rhaos4.15.git111aec5.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"

135
2024/6xxx/CVE-2024-6337.json
View File

@ -1,18 +1,143 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6337",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-cna@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access token was not impacted. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14 and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitHub",
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.10.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "VAIBHAV SINGH (@vaib25vicky)"
}
]
}

135
2024/6xxx/CVE-2024-6800.json
View File

@ -1,18 +1,143 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6800",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-cna@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when utilizing SAML authentication with specific identity providers. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a\u00a0SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication.\u00a0This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature",
"cweId": "CWE-347"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitHub",
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.13.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.15",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.16"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "ahacker1"
}
]
}

6
2024/7xxx/CVE-2024-7700.json
View File

@ -68,6 +68,12 @@
}
]
},
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Markus Reisner (ATIX AG) for reporting this issue."
}
],
"impact": {
"cvss": [
{

118
2024/7xxx/CVE-2024-7711.json
View File

@ -1,18 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-cna@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server versions before 3.14 and was fixed in versions 3.13.3, 3.12.8, and 3.11.14. Versions 3.10 of GitHub Enterprise Server are not affected. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitHub",
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "3.11.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.12.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.13.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.3"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14",
"refsource": "MISC",
"name": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.14"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "ahacker1"
}
]
}

18
2024/8xxx/CVE-2024-8028.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8029.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}