From 125e17f2f36e7ba9dcb77b247ec48f6118fc1c9b Mon Sep 17 00:00:00 2001
From: Sam Huckins <samuel_huckins@rapid7.com>
Date: Mon, 1 Jul 2019 13:57:26 -0500
Subject: [PATCH 1/2] JSON content for CVE-2019-5630

---
 2019/5xxx/CVE-2019-5630.json | 95 ++++++++++++++++++++++++++++++++++--
 1 file changed, 91 insertions(+), 4 deletions(-)

diff --git a/2019/5xxx/CVE-2019-5630.json b/2019/5xxx/CVE-2019-5630.json
index 958ab8c1b35..2223c0f7db5 100644
--- a/2019/5xxx/CVE-2019-5630.json
+++ b/2019/5xxx/CVE-2019-5630.json
@@ -1,9 +1,40 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "cve@rapid7.com",
         "ID": "CVE-2019-5630",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Rapid7 Nexpose/InsightVM Security Console CSRF"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Nexpose/InsightVM Security Console",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "6.5.69"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Rapid7"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Thanks to Rodney Beede of Rackspace (https://www.rodneybeede.com/) for finding this issue and reporting it to Rapid7. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).\n"
+        }
+    ],
     "data_format": "MITRE",
     "data_type": "CVE",
     "data_version": "4.0",
@@ -11,8 +42,64 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "This allows attackers to exploit Cross-Site Request Forgery (CSRF) vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request. "
             }
         ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "In order to exploit this vulnerability, an attacker would have had to create and host a vulnerable .swf file on their own web server and have the user visit the page that hosts this file. Once the user visits this page, the .swf would run in-browser and cause a 307 redirect, which in turn would direct the victim to the API endpoint and make the CSRF request."
+        }
+    ],
+    "generator": {
+        "engine": "Vulnogram 0.0.7"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 5.9,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69",
+                "name": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"
+            }
+        ]
+    },
+    "solution": [
+        {
+            "lang": "eng",
+            "value": "This issue minimally affects Security Console versions 6.5.0 through 6.5.68. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to 6.5.69 (or later if available)."
+        }
+    ],
+    "source": {
+        "advisory": "R7-2019-17",
+        "discovery": "USER"
     }
-}
\ No newline at end of file
+}

From 0107ad15850f21d17b2421f483a37e5d8dc35c89 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Tue, 2 Jul 2019 07:14:24 -0500
Subject: [PATCH 2/2] Fix version_value

---
 2019/5xxx/CVE-2019-5630.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/2019/5xxx/CVE-2019-5630.json b/2019/5xxx/CVE-2019-5630.json
index 2223c0f7db5..1b2b54ea057 100644
--- a/2019/5xxx/CVE-2019-5630.json
+++ b/2019/5xxx/CVE-2019-5630.json
@@ -16,8 +16,9 @@
                                 "version": {
                                     "version_data": [
                                         {
+                                            "version_name": "",
                                             "version_affected": "<",
-                                            "version_name": "6.5.69"
+                                            "version_value": "6.5.69"
                                         }
                                     ]
                                 }