Added CVE-2019-3717,3800

2025-06-08 05:58:08 +00:00 · 2019-08-05 10:38:20 -04:00 · 2019-08-05 10:38:20 -04:00 · 24542aa78b
commit 24542aa78b
parent 73f87a016f
2 changed files with 169 additions and 19 deletions
--- a/2019/3xxx/CVE-2019-3717.json
+++ b/2019/3xxx/CVE-2019-3717.json
@ -1,8 +1,32 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "secure@dell.com",
+        "DATE_PUBLIC": "2019-07-08T04:00:00.000Z",
        "ID": "CVE-2019-3717",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Dell Client Commercial and Consumer platforms",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Dell"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +35,50 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.7"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "PHYSICAL",
+            "availabilityImpact": "HIGH",
+            "baseScore": 7.1,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "NONE",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Access Control "
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "FULLDISC",
+                "url": "https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "UNKNOWN"
    }
 }
--- a/2019/3xxx/CVE-2019-3800.json
+++ b/2019/3xxx/CVE-2019-3800.json
@ -1,18 +1,102 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3800",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "CVE_data_meta": {
+    "ASSIGNER": "secure@dell.com",
+    "DATE_PUBLIC": "2019-07-18T00:00:00.000Z",
+    "ID": "CVE-2019-3800",
+    "STATE": "PUBLIC",
+    "TITLE": "CF CLI  writes the client id and secret to config file"
+  },
+  "source": {
+    "discovery": "UNKNOWN"
+  },
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "product": {
+            "product_data": [
+              {
+                "product_name": "CF CLI Release",
+                "version": {
+                  "version_data": [
+                    {
+                      "affected": "<",
+                      "version_name": "v1.x",
+                      "version_value": "v1.16.0"
+                    }
+                  ]
+                }
+              },
+              {
+                "product_name": "CF CLI",
+                "version": {
+                  "version_data": [
+                    {
+                      "affected": "<",
+                      "version_name": "All",
+                      "version_value": "v6.45.0"
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          "vendor_name": "Cloud Foundry"
+        }
+      ]
    }
-}
+  },
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
+      }
+    ]
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "CWE-522: Insufficiently Protected Credentials"
+          }
+        ]
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "refsource": "CONFIRM",
+        "url": "https://www.cloudfoundry.org/blog/cve-2019-3800",
+        "name": "https://www.cloudfoundry.org/blog/cve-2019-3800"
+      },
+      {
+        "refsource": "CONFIRM",
+        "url": "https://pivotal.io/security/cve-2019-3800",
+        "name": "https://pivotal.io/security/cve-2019-3800"
+      }
+    ]
+  },
+  "impact": {
+    "cvss": {
+      "attackComplexity": "LOW",
+      "attackVector": "LOCAL",
+      "availabilityImpact": "LOW",
+      "baseScore": 6.3,
+      "baseSeverity": "MEDIUM",
+      "confidentialityImpact": "LOW",
+      "integrityImpact": "LOW",
+      "privilegesRequired": "LOW",
+      "scope": "CHANGED",
+      "userInteraction": "NONE",
+      "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
+      "version": "3.0"
+    }
+  }
+}