admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-01 13:00:49 +00:00
parent 7f0bfe7957
commit 1d64e30aec
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 408 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
2022/1xxx/CVE-2022-1561.json
View File

@ -1,18 +1,132 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-07-29T08:00:00.000Z",
"ID": "CVE-2022-1561",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Crafted backend URLs in Lura Project"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lura Project",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v2.0.2",
"version_value": "v2.0.2"
}
]
}
},
{
"product_name": "KrakenD-CE",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v2.0.2",
"version_value": "v2.0.2"
}
]
}
},
{
"product_name": "KrakenD-EE",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "v2.0.0",
"version_value": "v2.0.0"
}
]
}
}
]
},
"vendor_name": "KrakenD"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Github user Fepame"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-471: Modification of Assumed-Immutable Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/crafted-backend-urls-lura-project",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/crafted-backend-urls-lura-project"
},
{
"name": "https://www.krakend.io/blog/cve-2022-1561-crafted-backend-urls/",
"refsource": "CONFIRM",
"url": "https://www.krakend.io/blog/cve-2022-1561-crafted-backend-urls/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Lura Project and KrakenD-CE users must upgrade to v2.0.2 or higher. KrakenD-EE users must upgrade to v2.0.0 or higher."
}
],
"source": {
"defect": [
"INC-2022-0049"
],
"discovery": "EXTERNAL"
}
}

97
2022/26xxx/CVE-2022-26308.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pandorafms.com",
"DATE_PUBLIC": "2022-05-13T08:00:00.000Z",
"ID": "CVE-2022-26308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in Configuration (Credential store) "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "v760",
"version_value": "v760"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in v761"
}
],
"source": {
"defect": [
"4844"
],
"discovery": "EXTERNAL"
}
}

94
2022/26xxx/CVE-2022-26309.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pandorafms.com",
"DATE_PUBLIC": "2022-05-13T08:00:00.000Z",
"ID": "CVE-2022-26309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request en Bulk operation (User operation)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "v760",
"version_value": "v760"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in v761"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

97
2022/26xxx/CVE-2022-26310.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pandorafms.com",
"DATE_PUBLIC": "2022-05-13T08:00:00.000Z",
"ID": "CVE-2022-26310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in User Management to Vertical Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pandora FMS",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "<=",
"version_name": "v760",
"version_value": "v760"
}
]
}
}
]
},
"vendor_name": "Artica PFMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"refsource": "CONFIRM",
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves",
"refsource": "CONFIRM",
"url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Fixed in v761"
}
],
"source": {
"defect": [
"Ticket#4847"
],
"discovery": "EXTERNAL"
}
}

18
2022/2xxx/CVE-2022-2599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}