diff --git a/2019/10xxx/CVE-2019-10364.json b/2019/10xxx/CVE-2019-10364.json index 8be7270919d..da3fd52a0d1 100644 --- a/2019/10xxx/CVE-2019-10364.json +++ b/2019/10xxx/CVE-2019-10364.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10364", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Amazon EC2 Plugin", - "version": { - "version_data": [ - { - "version_value": "1.43 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-532" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Amazon EC2 Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.43 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190731 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/07/31/1" + "url": "http://www.openwall.com/lists/oss-security/2019/07/31/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/07/31/1" }, { "url": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-673", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-673" } ] diff --git a/2019/10xxx/CVE-2019-10365.json b/2019/10xxx/CVE-2019-10365.json index aae7474277b..3d0ec4ece8f 100644 --- a/2019/10xxx/CVE-2019-10365.json +++ b/2019/10xxx/CVE-2019-10365.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10365", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Google Kubernetes Engine Plugin", - "version": { - "version_data": [ - { - "version_value": "0.6.2 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-377" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Google Kubernetes Engine Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.6.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190731 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/07/31/1" + "url": "http://www.openwall.com/lists/oss-security/2019/07/31/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/07/31/1" }, { "url": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1345", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1345" } ] diff --git a/2019/10xxx/CVE-2019-10366.json b/2019/10xxx/CVE-2019-10366.json index 08fe5f6a196..4767e9c7852 100644 --- a/2019/10xxx/CVE-2019-10366.json +++ b/2019/10xxx/CVE-2019-10366.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10366", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Skytap Cloud CI Plugin", - "version": { - "version_data": [ - { - "version_value": "2.06 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Skytap Cloud CI Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.06 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190731 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/07/31/1" + "url": "http://www.openwall.com/lists/oss-security/2019/07/31/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/07/31/1" }, { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-833/", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-833/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-833/" + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-833/" }, { "url": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1429", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1429" } ] diff --git a/2019/10xxx/CVE-2019-10367.json b/2019/10xxx/CVE-2019-10367.json index fdc65f97437..0d4eef5c72a 100644 --- a/2019/10xxx/CVE-2019-10367.json +++ b/2019/10xxx/CVE-2019-10367.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10367", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Configuration as Code Plugin", - "version": { - "version_data": [ - { - "version_value": "1.26 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-532" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Configuration as Code Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.26 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1497", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1497" } ] diff --git a/2019/10xxx/CVE-2019-10368.json b/2019/10xxx/CVE-2019-10368.json index 926a94f48b6..f182a5d1881 100644 --- a/2019/10xxx/CVE-2019-10368.json +++ b/2019/10xxx/CVE-2019-10368.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10368", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins JClouds Plugin", - "version": { - "version_data": [ - { - "version_value": "2.14 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,38 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-352" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins JClouds Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.14 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1482", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1482" }, { - "refsource": "MLIST", - "name": "[jclouds-notifications] 20200106 [jira] [Created] (JCLOUDS-1536) SECURITY-1482 / CVE-2019-10368 (CSRF), CVE-2019-10369 (permission check)", - "url": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac@%3Cnotifications.jclouds.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac%40%3Cnotifications.jclouds.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac%40%3Cnotifications.jclouds.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[jclouds-notifications] 20200107 [jira] [Resolved] (JCLOUDS-1536) SECURITY-1482 / CVE-2019-10368 (CSRF), CVE-2019-10369 (permission check)", - "url": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45@%3Cnotifications.jclouds.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45%40%3Cnotifications.jclouds.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45%40%3Cnotifications.jclouds.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[jclouds-notifications] 20200107 [jira] [Commented] (JCLOUDS-1536) SECURITY-1482 / CVE-2019-10368 (CSRF), CVE-2019-10369 (permission check)", - "url": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881@%3Cnotifications.jclouds.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881%40%3Cnotifications.jclouds.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881%40%3Cnotifications.jclouds.apache.org%3E" } ] } diff --git a/2019/10xxx/CVE-2019-10369.json b/2019/10xxx/CVE-2019-10369.json index c25555a6c09..ad5901d3868 100644 --- a/2019/10xxx/CVE-2019-10369.json +++ b/2019/10xxx/CVE-2019-10369.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10369", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins JClouds Plugin", - "version": { - "version_data": [ - { - "version_value": "2.14 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,38 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-285" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins JClouds Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.14 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1482", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1482" }, { - "refsource": "MLIST", - "name": "[jclouds-notifications] 20200106 [jira] [Created] (JCLOUDS-1536) SECURITY-1482 / CVE-2019-10368 (CSRF), CVE-2019-10369 (permission check)", - "url": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac@%3Cnotifications.jclouds.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac%40%3Cnotifications.jclouds.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac%40%3Cnotifications.jclouds.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[jclouds-notifications] 20200107 [jira] [Resolved] (JCLOUDS-1536) SECURITY-1482 / CVE-2019-10368 (CSRF), CVE-2019-10369 (permission check)", - "url": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45@%3Cnotifications.jclouds.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45%40%3Cnotifications.jclouds.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45%40%3Cnotifications.jclouds.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[jclouds-notifications] 20200107 [jira] [Commented] (JCLOUDS-1536) SECURITY-1482 / CVE-2019-10368 (CSRF), CVE-2019-10369 (permission check)", - "url": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881@%3Cnotifications.jclouds.apache.org%3E" + "url": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881%40%3Cnotifications.jclouds.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881%40%3Cnotifications.jclouds.apache.org%3E" } ] } diff --git a/2019/10xxx/CVE-2019-10370.json b/2019/10xxx/CVE-2019-10370.json index 8583e64f6a3..d656df9b174 100644 --- a/2019/10xxx/CVE-2019-10370.json +++ b/2019/10xxx/CVE-2019-10370.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10370", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Mask Passwords Plugin", - "version": { - "version_data": [ - { - "version_value": "2.12.0 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-319" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Mask Passwords Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.12.0 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-157", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-157" } ] diff --git a/2019/10xxx/CVE-2019-10371.json b/2019/10xxx/CVE-2019-10371.json index 0fc5340d567..6fc99efe927 100644 --- a/2019/10xxx/CVE-2019-10371.json +++ b/2019/10xxx/CVE-2019-10371.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10371", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Gitlab Authentication Plugin", - "version": { - "version_data": [ - { - "version_value": "1.4 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-384" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Gitlab Authentication Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.4 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-795", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-795" } ] diff --git a/2019/10xxx/CVE-2019-10372.json b/2019/10xxx/CVE-2019-10372.json index ba107283baf..1458bdfadd6 100644 --- a/2019/10xxx/CVE-2019-10372.json +++ b/2019/10xxx/CVE-2019-10372.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10372", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Gitlab Authentication Plugin", - "version": { - "version_data": [ - { - "version_value": "1.4 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-601" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Gitlab Authentication Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.4 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-796", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-796" } ] diff --git a/2019/10xxx/CVE-2019-10373.json b/2019/10xxx/CVE-2019-10373.json index 61c5ed50cb9..a6d7b3a1fbf 100644 --- a/2019/10xxx/CVE-2019-10373.json +++ b/2019/10xxx/CVE-2019-10373.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10373", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Build Pipeline Plugin", - "version": { - "version_data": [ - { - "version_value": "1.5.8 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-79" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Build Pipeline Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.5.8 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-879", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-879" } ] diff --git a/2019/10xxx/CVE-2019-10374.json b/2019/10xxx/CVE-2019-10374.json index 8d92fcaae1a..7ee88270e0d 100644 --- a/2019/10xxx/CVE-2019-10374.json +++ b/2019/10xxx/CVE-2019-10374.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10374", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins PegDown Formatter Plugin", - "version": { - "version_data": [ - { - "version_value": "1.3 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-79" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins PegDown Formatter Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.3 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142" } ] diff --git a/2019/10xxx/CVE-2019-10375.json b/2019/10xxx/CVE-2019-10375.json index 503a7081b13..b641074837f 100644 --- a/2019/10xxx/CVE-2019-10375.json +++ b/2019/10xxx/CVE-2019-10375.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10375", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins File System SCM Plugin", - "version": { - "version_data": [ - { - "version_value": "2.1 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-22" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins File System SCM Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569" } ] diff --git a/2019/10xxx/CVE-2019-10376.json b/2019/10xxx/CVE-2019-10376.json index 70061e9937e..4ec266c957f 100644 --- a/2019/10xxx/CVE-2019-10376.json +++ b/2019/10xxx/CVE-2019-10376.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10376", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Wall Display Plugin", - "version": { - "version_data": [ - { - "version_value": "0.6.34 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-79" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Wall Display Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.6.34 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-751", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-751" } ] diff --git a/2019/10xxx/CVE-2019-10377.json b/2019/10xxx/CVE-2019-10377.json index 0b3928c7f37..1d1d2f6c772 100644 --- a/2019/10xxx/CVE-2019-10377.json +++ b/2019/10xxx/CVE-2019-10377.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10377", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Avatar Plugin", - "version": { - "version_data": [ - { - "version_value": "1.2 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,22 +21,46 @@ "description": [ { "lang": "eng", - "value": "CWE-285" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Avatar Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1099", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1099" } ] diff --git a/2019/10xxx/CVE-2019-10378.json b/2019/10xxx/CVE-2019-10378.json index 3e7689c8afc..96fbe4187cb 100644 --- a/2019/10xxx/CVE-2019-10378.json +++ b/2019/10xxx/CVE-2019-10378.json @@ -1,35 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2019-10378", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins TestLink Plugin", - "version": { - "version_data": [ - { - "version_value": "3.16 and earlier" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -44,27 +21,51 @@ "description": [ { "lang": "eng", - "value": "CWE-256" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins TestLink Plugin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.16 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MLIST", - "name": "[oss-security] 20190807 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1" + "url": "http://www.openwall.com/lists/oss-security/2019/08/07/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/08/07/1" }, { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-839/", "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-839/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-839/" + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-839/" }, { "url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1428", - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1428" } ] diff --git a/2020/2xxx/CVE-2020-2307.json b/2020/2xxx/CVE-2020-2307.json index faf2771a3c9..eb895df54ac 100644 --- a/2020/2xxx/CVE-2020-2307.json +++ b/2020/2xxx/CVE-2020-2307.json @@ -1,48 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2307", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Kubernetes Plugin", - "version": { - "version_data": [ - { - "version_value": "1.27.3", - "version_affected": "<=" - }, - { - "version_value": "1.26.5", - "version_affected": "!" - }, - { - "version_value": "1.25.4.1", - "version_affected": "!" - }, - { - "version_value": "1.21.6", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -57,18 +21,63 @@ "description": [ { "lang": "eng", - "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Kubernetes Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.27.3", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "1.26.5" + }, + { + "status": "unaffected", + "version": "1.25.4.1" + }, + { + "status": "unaffected", + "version": "1.21.6" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646" } ] } diff --git a/2020/2xxx/CVE-2020-2308.json b/2020/2xxx/CVE-2020-2308.json index 83ac9cc25cb..2b85ae0a5dc 100644 --- a/2020/2xxx/CVE-2020-2308.json +++ b/2020/2xxx/CVE-2020-2308.json @@ -1,52 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2308", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Kubernetes Plugin", - "version": { - "version_data": [ - { - "version_value": "1.27.1", - "version_affected": ">=" - }, - { - "version_value": "1.27.3", - "version_affected": "<=" - }, - { - "version_value": "1.26.5", - "version_affected": "!" - }, - { - "version_value": "1.25.4.1", - "version_affected": "!" - }, - { - "version_value": "1.21.6", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -61,18 +21,69 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Kubernetes Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "unspecified", + "status": "affected", + "version": "1.27.1", + "versionType": "custom" + }, + { + "lessThanOrEqual": "1.27.3", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "1.26.5" + }, + { + "status": "unaffected", + "version": "1.25.4.1" + }, + { + "status": "unaffected", + "version": "1.21.6" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102" } ] } diff --git a/2020/2xxx/CVE-2020-2309.json b/2020/2xxx/CVE-2020-2309.json index 77de74b16b8..0ec67468593 100644 --- a/2020/2xxx/CVE-2020-2309.json +++ b/2020/2xxx/CVE-2020-2309.json @@ -1,48 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2309", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Kubernetes Plugin", - "version": { - "version_data": [ - { - "version_value": "1.27.3", - "version_affected": "<=" - }, - { - "version_value": "1.26.5", - "version_affected": "!" - }, - { - "version_value": "1.25.4.1", - "version_affected": "!" - }, - { - "version_value": "1.21.6", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -57,18 +21,63 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Kubernetes Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.27.3", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "1.26.5" + }, + { + "status": "unaffected", + "version": "1.25.4.1" + }, + { + "status": "unaffected", + "version": "1.21.6" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103" } ] } diff --git a/2020/2xxx/CVE-2020-2310.json b/2020/2xxx/CVE-2020-2310.json index 7ab61b7305e..1c436788ddb 100644 --- a/2020/2xxx/CVE-2020-2310.json +++ b/2020/2xxx/CVE-2020-2310.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2310", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Ansible Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Ansible Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1943", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1943", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1943" } ] } diff --git a/2020/2xxx/CVE-2020-2311.json b/2020/2xxx/CVE-2020-2311.json index e1a5477e668..d062c506fb3 100644 --- a/2020/2xxx/CVE-2020-2311.json +++ b/2020/2xxx/CVE-2020-2311.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2311", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins AWS Global Configuration Plugin", - "version": { - "version_data": [ - { - "version_value": "1.5", - "version_affected": "<=" - }, - { - "version_value": "1.3.1", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,55 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins AWS Global Configuration Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.5", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "1.3.1" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2101", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2101", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2101" } ] } diff --git a/2020/2xxx/CVE-2020-2312.json b/2020/2xxx/CVE-2020-2312.json index 61e0bdb6ceb..ed95b725bfa 100644 --- a/2020/2xxx/CVE-2020-2312.json +++ b/2020/2xxx/CVE-2020-2312.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2312", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins SQLPlus Script Runner Plugin", - "version": { - "version_data": [ - { - "version_value": "2.0.12", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-522: Insufficiently Protected Credentials" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins SQLPlus Script Runner Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.0.12" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2129", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2129", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2129" } ] } diff --git a/2020/2xxx/CVE-2020-2313.json b/2020/2xxx/CVE-2020-2313.json index e7840bd2fe3..9d54d96f27f 100644 --- a/2020/2xxx/CVE-2020-2313.json +++ b/2020/2xxx/CVE-2020-2313.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2313", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Azure Key Vault Plugin", - "version": { - "version_data": [ - { - "version_value": "2.0", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Azure Key Vault Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2110", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2110", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2110" } ] } diff --git a/2020/2xxx/CVE-2020-2314.json b/2020/2xxx/CVE-2020-2314.json index a03b305d30c..efc97c11523 100644 --- a/2020/2xxx/CVE-2020-2314.json +++ b/2020/2xxx/CVE-2020-2314.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2314", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins AppSpider Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.12", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-256: Unprotected Storage of Credentials" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins AppSpider Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.0.12" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2058", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2058", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2058" } ] } diff --git a/2020/2xxx/CVE-2020-2315.json b/2020/2xxx/CVE-2020-2315.json index 3280d1cd6fc..5dc102c6700 100644 --- a/2020/2xxx/CVE-2020-2315.json +++ b/2020/2xxx/CVE-2020-2315.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2315", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Visualworks Store Plugin", - "version": { - "version_data": [ - { - "version_value": "1.1.3", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-611: Improper Restriction of XML External Entity Reference" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Visualworks Store Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.1.3" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1900", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1900", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1900" } ] } diff --git a/2020/2xxx/CVE-2020-2316.json b/2020/2xxx/CVE-2020-2316.json index 3b58562df33..0ad2ed290b1 100644 --- a/2020/2xxx/CVE-2020-2316.json +++ b/2020/2xxx/CVE-2020-2316.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2316", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Static Analysis Utilities Plugin", - "version": { - "version_data": [ - { - "version_value": "1.96", - "version_affected": "<=" - }, - { - "version_value": "1.96", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Static Analysis Utilities Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.96", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.96", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1907", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1907", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1907" } ] } diff --git a/2020/2xxx/CVE-2020-2317.json b/2020/2xxx/CVE-2020-2317.json index 03fc96038df..e21279868e5 100644 --- a/2020/2xxx/CVE-2020-2317.json +++ b/2020/2xxx/CVE-2020-2317.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2317", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins FindBugs Plugin", - "version": { - "version_data": [ - { - "version_value": "5.0.0", - "version_affected": "<=" - }, - { - "version_value": "5.0.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins FindBugs Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "5.0.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 5.0.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1918", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1918", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1918" } ] } diff --git a/2020/2xxx/CVE-2020-2318.json b/2020/2xxx/CVE-2020-2318.json index 9b6e42abb3e..40ade191545 100644 --- a/2020/2xxx/CVE-2020-2318.json +++ b/2020/2xxx/CVE-2020-2318.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2318", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Mail Commander Plugin for Jenkins-ci Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.0", - "version_affected": "<=" - }, - { - "version_value": "1.0.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-256: Unprotected Storage of Credentials" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Mail Commander Plugin for Jenkins-ci Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.0.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2085", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2085", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2085" } ] } diff --git a/2020/2xxx/CVE-2020-2319.json b/2020/2xxx/CVE-2020-2319.json index 0d87f1c3704..018ad956297 100644 --- a/2020/2xxx/CVE-2020-2319.json +++ b/2020/2xxx/CVE-2020-2319.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2319", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins VMware Lab Manager Slaves Plugin", - "version": { - "version_data": [ - { - "version_value": "0.2.8", - "version_affected": "<=" - }, - { - "version_value": "0.2.8", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,57 @@ "description": [ { "lang": "eng", - "value": "CWE-256: Unprotected Storage of Credentials" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins VMware Lab Manager Slaves Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "0.2.8", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 0.2.8", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2084", "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2084", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2084" } ] } diff --git a/2020/2xxx/CVE-2020-2320.json b/2020/2xxx/CVE-2020-2320.json index 3dff4d42309..3a03ef447b4 100644 --- a/2020/2xxx/CVE-2020-2320.json +++ b/2020/2xxx/CVE-2020-2320.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2320", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Plugin Installation Manager Tool", - "version": { - "version_data": [ - { - "version_value": "2.1.3", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-494: Download of Code Without Integrity Check" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Plugin Installation Manager Tool", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.1.3" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856", "url": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856" }, { - "refsource": "MLIST", - "name": "[oss-security] 20201203 Multiple vulnerabilities in Jenkins", - "url": "http://www.openwall.com/lists/oss-security/2020/12/03/2" + "url": "http://www.openwall.com/lists/oss-security/2020/12/03/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/12/03/2" } ] } diff --git a/2020/2xxx/CVE-2020-2321.json b/2020/2xxx/CVE-2020-2321.json index 4948b5ddef2..884c3957db3 100644 --- a/2020/2xxx/CVE-2020-2321.json +++ b/2020/2xxx/CVE-2020-2321.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-2321", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Shelve Project Plugin", - "version": { - "version_data": [ - { - "version_value": "3.0", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Shelve Project Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2108", "url": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2108", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2108" }, { - "refsource": "MLIST", - "name": "[oss-security] 20201203 Multiple vulnerabilities in Jenkins", - "url": "http://www.openwall.com/lists/oss-security/2020/12/03/2" + "url": "http://www.openwall.com/lists/oss-security/2020/12/03/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/12/03/2" } ] } diff --git a/2021/21xxx/CVE-2021-21690.json b/2021/21xxx/CVE-2021-21690.json index 2c96c10cce9..4c0f2f8540e 100644 --- a/2021/21xxx/CVE-2021-21690.json +++ b/2021/21xxx/CVE-2021-21690.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21690", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.318", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.303.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-693: Protection Mechanism Failure" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.318" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ] } diff --git a/2021/21xxx/CVE-2021-21691.json b/2021/21xxx/CVE-2021-21691.json index 2bbcf6edfc3..e60c9f4c469 100644 --- a/2021/21xxx/CVE-2021-21691.json +++ b/2021/21xxx/CVE-2021-21691.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21691", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.318", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.303.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-863: Incorrect Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.318" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ] } diff --git a/2021/21xxx/CVE-2021-21692.json b/2021/21xxx/CVE-2021-21692.json index f2dd34c3193..e5e390938f4 100644 --- a/2021/21xxx/CVE-2021-21692.json +++ b/2021/21xxx/CVE-2021-21692.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21692", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.318", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.303.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-863: Incorrect Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.318" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ] } diff --git a/2021/21xxx/CVE-2021-21693.json b/2021/21xxx/CVE-2021-21693.json index b3dc0acf26e..736da40c135 100644 --- a/2021/21xxx/CVE-2021-21693.json +++ b/2021/21xxx/CVE-2021-21693.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21693", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.318", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.303.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,19 +21,44 @@ "description": [ { "lang": "eng", - "value": "CWE-863: Incorrect Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.318" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ] } -} +} \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21694.json b/2021/21xxx/CVE-2021-21694.json index 04f151cbcc0..5d67950c2e0 100644 --- a/2021/21xxx/CVE-2021-21694.json +++ b/2021/21xxx/CVE-2021-21694.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21694", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.318", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.303.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,18 +21,43 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.318" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" } ] } diff --git a/2021/21xxx/CVE-2021-21695.json b/2021/21xxx/CVE-2021-21695.json index bf11486176f..024fc9534c2 100644 --- a/2021/21xxx/CVE-2021-21695.json +++ b/2021/21xxx/CVE-2021-21695.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21695", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.318", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.303.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.318" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455" }, { - "refsource": "MLIST", - "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21696.json b/2021/21xxx/CVE-2021-21696.json index dc5c679bac0..ef6c4901b43 100644 --- a/2021/21xxx/CVE-2021-21696.json +++ b/2021/21xxx/CVE-2021-21696.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21696", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.318", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.303.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-693: Protection Mechanism Failure" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.318" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423" }, { - "refsource": "MLIST", - "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21697.json b/2021/21xxx/CVE-2021-21697.json index 9837d60fa87..3514fa851bf 100644 --- a/2021/21xxx/CVE-2021-21697.json +++ b/2021/21xxx/CVE-2021-21697.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21697", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins", - "version": { - "version_data": [ - { - "version_value": "2.318", - "version_affected": "<=" - }, - { - "version_value": "LTS 2.303.2", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-184: Incomplete List of Disallowed Inputs" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.318" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428" }, { - "refsource": "MLIST", - "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21698.json b/2021/21xxx/CVE-2021-21698.json index 7afb4f513a2..9a6d42afb5b 100644 --- a/2021/21xxx/CVE-2021-21698.json +++ b/2021/21xxx/CVE-2021-21698.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21698", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Subversion Plugin", - "version": { - "version_data": [ - { - "version_value": "2.15.0", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Subversion Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.15.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506" }, { - "refsource": "MLIST", - "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21699.json b/2021/21xxx/CVE-2021-21699.json index a7d317e43e0..ea053e74424 100644 --- a/2021/21xxx/CVE-2021-21699.json +++ b/2021/21xxx/CVE-2021-21699.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21699", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Active Choices Plugin", - "version": { - "version_data": [ - { - "version_value": "2.5.6", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Active Choices Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.5.6" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2219", "url": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2219", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2219" }, { - "refsource": "MLIST", - "name": "[oss-security] 20211112 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1" + "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/12/1" } ] } diff --git a/2021/21xxx/CVE-2021-21700.json b/2021/21xxx/CVE-2021-21700.json index e0c2f7f7666..6f2e8b20f95 100644 --- a/2021/21xxx/CVE-2021-21700.json +++ b/2021/21xxx/CVE-2021-21700.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21700", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Scriptler Plugin", - "version": { - "version_data": [ - { - "version_value": "3.3", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Scriptler Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "3.3" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2406", "url": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2406", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2406" }, { - "refsource": "MLIST", - "name": "[oss-security] 20211112 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1" + "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/12/1" } ] } diff --git a/2021/21xxx/CVE-2021-21701.json b/2021/21xxx/CVE-2021-21701.json index 1e07f6060c7..042d941e32e 100644 --- a/2021/21xxx/CVE-2021-21701.json +++ b/2021/21xxx/CVE-2021-21701.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-21701", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Performance Plugin", - "version": { - "version_data": [ - { - "version_value": "3.20", - "version_affected": "<=" - }, - { - "version_value": "3.20", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,28 +21,67 @@ "description": [ { "lang": "eng", - "value": "CWE-611: Improper Restriction of XML External Entity Reference" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Performance Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "3.20", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 3.20", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2394", "url": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2394", - "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20211112 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1" - }, - { "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1313/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1313/" + "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2394" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/12/1" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1313/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1313/" } ] } diff --git a/2021/43xxx/CVE-2021-43576.json b/2021/43xxx/CVE-2021-43576.json index 3f61ac06889..75db5eb89a8 100644 --- a/2021/43xxx/CVE-2021-43576.json +++ b/2021/43xxx/CVE-2021-43576.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-43576", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins pom2config Plugin", - "version": { - "version_data": [ - { - "version_value": "1.2", - "version_affected": "<=" - }, - { - "version_value": "1.2", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,28 +21,67 @@ "description": [ { "lang": "eng", - "value": "CWE-611: Improper Restriction of XML External Entity Reference" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins pom2config Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.2", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.2", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2415", "url": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2415", - "refsource": "CONFIRM" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20211112 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1" - }, - { "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1314/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1314/" + "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2415" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/12/1" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1314/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1314/" } ] } diff --git a/2021/43xxx/CVE-2021-43577.json b/2021/43xxx/CVE-2021-43577.json index 99aed289bae..0e38bd7cb57 100644 --- a/2021/43xxx/CVE-2021-43577.json +++ b/2021/43xxx/CVE-2021-43577.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2021-43577", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins OWASP Dependency-Check Plugin", - "version": { - "version_data": [ - { - "version_value": "5.1.1", - "version_affected": "<=" - }, - { - "version_value": "5.1.1", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-611: Improper Restriction of XML External Entity Reference" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins OWASP Dependency-Check Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "5.1.1", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 5.1.1", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2488", "url": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2488", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2488" }, { - "refsource": "MLIST", - "name": "[oss-security] 20211112 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1" + "url": "http://www.openwall.com/lists/oss-security/2021/11/12/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/12/1" } ] } diff --git a/2022/20xxx/CVE-2022-20618.json b/2022/20xxx/CVE-2022-20618.json index c67a8eef76e..bb86781303e 100644 --- a/2022/20xxx/CVE-2022-20618.json +++ b/2022/20xxx/CVE-2022-20618.json @@ -1,48 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-20618", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Bitbucket Branch Source Plugin", - "version": { - "version_data": [ - { - "version_value": "737.vdf9dc06105be", - "version_affected": "<=" - }, - { - "version_value": "725.vd9f8be0fa250", - "version_affected": "!" - }, - { - "version_value": "2.9.11.2", - "version_affected": "!" - }, - { - "version_value": "2.9.7.2", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -57,23 +21,68 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Bitbucket Branch Source Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "737.vdf9dc06105be", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "725.vd9f8be0fa250" + }, + { + "status": "unaffected", + "version": "2.9.11.2" + }, + { + "status": "unaffected", + "version": "2.9.7.2" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2033", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2033", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2033" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/20xxx/CVE-2022-20619.json b/2022/20xxx/CVE-2022-20619.json index 380f7abfe30..426b34b91cf 100644 --- a/2022/20xxx/CVE-2022-20619.json +++ b/2022/20xxx/CVE-2022-20619.json @@ -1,48 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-20619", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Bitbucket Branch Source Plugin", - "version": { - "version_data": [ - { - "version_value": "737.vdf9dc06105be", - "version_affected": "<=" - }, - { - "version_value": "725.vd9f8be0fa250", - "version_affected": "!" - }, - { - "version_value": "2.9.11.2", - "version_affected": "!" - }, - { - "version_value": "2.9.7.2", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -57,23 +21,68 @@ "description": [ { "lang": "eng", - "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Bitbucket Branch Source Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "737.vdf9dc06105be", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "725.vd9f8be0fa250" + }, + { + "status": "unaffected", + "version": "2.9.11.2" + }, + { + "status": "unaffected", + "version": "2.9.7.2" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2467" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/20xxx/CVE-2022-20620.json b/2022/20xxx/CVE-2022-20620.json index b83b6213590..5953c8eb702 100644 --- a/2022/20xxx/CVE-2022-20620.json +++ b/2022/20xxx/CVE-2022-20620.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-20620", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins SSH Agent Plugin", - "version": { - "version_data": [ - { - "version_value": "1.23", - "version_affected": "<=" - }, - { - "version_value": "1.22.1", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,60 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins SSH Agent Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.23", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "1.22.1" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/20xxx/CVE-2022-20621.json b/2022/20xxx/CVE-2022-20621.json index aa994bcf6ca..aa68d57cc2a 100644 --- a/2022/20xxx/CVE-2022-20621.json +++ b/2022/20xxx/CVE-2022-20621.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-20621", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Metrics Plugin", - "version": { - "version_data": [ - { - "version_value": "4.0.2.8", - "version_affected": "<=" - }, - { - "version_value": "4.0.2.7.1", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,60 @@ "description": [ { "lang": "eng", - "value": "CWE-256: Plaintext Storage of a Password" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Metrics Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "4.0.2.8", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "4.0.2.7.1" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23105.json b/2022/23xxx/CVE-2022-23105.json index 4ca20756c55..63f6a3ef488 100644 --- a/2022/23xxx/CVE-2022-23105.json +++ b/2022/23xxx/CVE-2022-23105.json @@ -1,44 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23105", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Active Directory Plugin", - "version": { - "version_data": [ - { - "version_value": "2.25", - "version_affected": "<=" - }, - { - "version_value": "2.23.1", - "version_affected": "!" - }, - { - "version_value": "2.24.1", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -53,23 +21,64 @@ "description": [ { "lang": "eng", - "value": "CWE-319: Cleartext Transmission of Sensitive Information" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Active Directory Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.25", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "2.23.1" + }, + { + "status": "unaffected", + "version": "2.24.1" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23106.json b/2022/23xxx/CVE-2022-23106.json index cfba8a0c231..2970b2efa1d 100644 --- a/2022/23xxx/CVE-2022-23106.json +++ b/2022/23xxx/CVE-2022-23106.json @@ -1,48 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23106", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Configuration as Code Plugin", - "version": { - "version_data": [ - { - "version_value": "1.47.1", - "version_affected": "!" - }, - { - "version_value": "1.53.1", - "version_affected": "!" - }, - { - "version_value": "1.54.1", - "version_affected": "!" - }, - { - "version_value": "1.55", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -57,23 +21,68 @@ "description": [ { "lang": "eng", - "value": "CWE-208: Observable Timing Discrepancy" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Configuration as Code Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "1.47.1" + }, + { + "status": "unaffected", + "version": "1.53.1" + }, + { + "status": "unaffected", + "version": "1.54.1" + }, + { + "lessThanOrEqual": "1.55", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2141", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2141", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2141" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23107.json b/2022/23xxx/CVE-2022-23107.json index c8e947419a3..eb0aa2aa091 100644 --- a/2022/23xxx/CVE-2022-23107.json +++ b/2022/23xxx/CVE-2022-23107.json @@ -1,48 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23107", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Warnings Next Generation Plugin", - "version": { - "version_data": [ - { - "version_value": "9.10.2", - "version_affected": "<=" - }, - { - "version_value": "9.0.2", - "version_affected": "!" - }, - { - "version_value": "9.5.2", - "version_affected": "!" - }, - { - "version_value": "9.7.1", - "version_affected": "!" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -57,23 +21,68 @@ "description": [ { "lang": "eng", - "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Warnings Next Generation Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "9.10.2", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "9.0.2" + }, + { + "status": "unaffected", + "version": "9.5.2" + }, + { + "status": "unaffected", + "version": "9.7.1" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2090", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2090", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2090" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23108.json b/2022/23xxx/CVE-2022-23108.json index 4201ccd0c6d..523b893d836 100644 --- a/2022/23xxx/CVE-2022-23108.json +++ b/2022/23xxx/CVE-2022-23108.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23108", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Badge Plugin", - "version": { - "version_data": [ - { - "version_value": "1.9", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Badge Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.9" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2547", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2547", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2547" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23109.json b/2022/23xxx/CVE-2022-23109.json index b7ada9ab97e..127d1b80eb8 100644 --- a/2022/23xxx/CVE-2022-23109.json +++ b/2022/23xxx/CVE-2022-23109.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23109", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins HashiCorp Vault Plugin", - "version": { - "version_data": [ - { - "version_value": "3.7.0", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-668: Exposure of Resource to Wrong Sphere" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins HashiCorp Vault Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "3.7.0" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2213", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2213", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2213" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23110.json b/2022/23xxx/CVE-2022-23110.json index 72cb29b3699..8cc427cd275 100644 --- a/2022/23xxx/CVE-2022-23110.json +++ b/2022/23xxx/CVE-2022-23110.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23110", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Publish Over SSH Plugin", - "version": { - "version_data": [ - { - "version_value": "1.22", - "version_affected": "<=" - }, - { - "version_value": "1.22", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Publish Over SSH Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.22", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.22", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23111.json b/2022/23xxx/CVE-2022-23111.json index c7af3f37b9a..675e5970ff8 100644 --- a/2022/23xxx/CVE-2022-23111.json +++ b/2022/23xxx/CVE-2022-23111.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23111", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Publish Over SSH Plugin", - "version": { - "version_data": [ - { - "version_value": "1.22", - "version_affected": "<=" - }, - { - "version_value": "1.22", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Publish Over SSH Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.22", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.22", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23112.json b/2022/23xxx/CVE-2022-23112.json index 734f9d68f34..d63b128f0de 100644 --- a/2022/23xxx/CVE-2022-23112.json +++ b/2022/23xxx/CVE-2022-23112.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23112", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Publish Over SSH Plugin", - "version": { - "version_data": [ - { - "version_value": "1.22", - "version_affected": "<=" - }, - { - "version_value": "1.22", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Publish Over SSH Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.22", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.22", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23113.json b/2022/23xxx/CVE-2022-23113.json index 27fc0206e99..cdbf47715d0 100644 --- a/2022/23xxx/CVE-2022-23113.json +++ b/2022/23xxx/CVE-2022-23113.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23113", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Publish Over SSH Plugin", - "version": { - "version_data": [ - { - "version_value": "1.22", - "version_affected": "<=" - }, - { - "version_value": "1.22", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Publish Over SSH Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.22", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.22", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/23xxx/CVE-2022-23114.json b/2022/23xxx/CVE-2022-23114.json index d4c9ec5210a..c57fc46ee91 100644 --- a/2022/23xxx/CVE-2022-23114.json +++ b/2022/23xxx/CVE-2022-23114.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-23114", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Publish Over SSH Plugin", - "version": { - "version_data": [ - { - "version_value": "1.22", - "version_affected": "<=" - }, - { - "version_value": "1.22", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-256: Plaintext Storage of a Password" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Publish Over SSH Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.22", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.22", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291", "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6" + "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/12/6" } ] } diff --git a/2022/36xxx/CVE-2022-36894.json b/2022/36xxx/CVE-2022-36894.json index efc4f1e1c4f..0028aa186aa 100644 --- a/2022/36xxx/CVE-2022-36894.json +++ b/2022/36xxx/CVE-2022-36894.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36894", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins CLIF Performance Testing Plugin", - "version": { - "version_data": [ - { - "version_value": "64.vc0d66de1dfb_f", - "version_affected": "<=" - }, - { - "version_value": "64.vc0d66de1dfb_f", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins CLIF Performance Testing Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "64.vc0d66de1dfb_f", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 64.vc0d66de1dfb_f", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2413", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2413", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2413" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36895.json b/2022/36xxx/CVE-2022-36895.json index d1fe0fc4d9b..2aabdc7f5b3 100644 --- a/2022/36xxx/CVE-2022-36895.json +++ b/2022/36xxx/CVE-2022-36895.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36895", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Compuware Topaz Utilities Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.8", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Compuware Topaz Utilities Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.0.8" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2619", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2619", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2619" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36896.json b/2022/36xxx/CVE-2022-36896.json index f327b73731c..efe0756211d 100644 --- a/2022/36xxx/CVE-2022-36896.json +++ b/2022/36xxx/CVE-2022-36896.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36896", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin", - "version": { - "version_data": [ - { - "version_value": "2.0.12", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "2.0.12" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36897.json b/2022/36xxx/CVE-2022-36897.json index 46797f3dfb5..afc094cb853 100644 --- a/2022/36xxx/CVE-2022-36897.json +++ b/2022/36xxx/CVE-2022-36897.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36897", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Compuware Xpediter Code Coverage Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.7", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Compuware Xpediter Code Coverage Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.0.7" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2626", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2626", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2626" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36898.json b/2022/36xxx/CVE-2022-36898.json index dc4ea3cb9be..b0fd9d44b51 100644 --- a/2022/36xxx/CVE-2022-36898.json +++ b/2022/36xxx/CVE-2022-36898.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36898", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Compuware ISPW Operations Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.8", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Compuware ISPW Operations Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.0.8" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2628", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2628", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2628" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36899.json b/2022/36xxx/CVE-2022-36899.json index 27310c659d6..e0e2ac8232b 100644 --- a/2022/36xxx/CVE-2022-36899.json +++ b/2022/36xxx/CVE-2022-36899.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36899", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Compuware ISPW Operations Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.8", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-693: Protection Mechanism Failure" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Compuware ISPW Operations Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.0.8" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2629", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2629", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2629" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36900.json b/2022/36xxx/CVE-2022-36900.json index 6888c818b68..0b472b7ae4f 100644 --- a/2022/36xxx/CVE-2022-36900.json +++ b/2022/36xxx/CVE-2022-36900.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36900", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Compuware zAdviser API Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.3", - "version_affected": "<=" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -45,23 +21,48 @@ "description": [ { "lang": "eng", - "value": "CWE-693: Protection Mechanism Failure" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Compuware zAdviser API Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2630", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2630", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2630" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36901.json b/2022/36xxx/CVE-2022-36901.json index c58b5b53fb6..0cc830ba574 100644 --- a/2022/36xxx/CVE-2022-36901.json +++ b/2022/36xxx/CVE-2022-36901.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36901", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins HTTP Request Plugin", - "version": { - "version_data": [ - { - "version_value": "1.15", - "version_affected": "<=" - }, - { - "version_value": "1.15", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-256: Plaintext Storage of a Password" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins HTTP Request Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.15", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.15", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2053", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2053", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2053" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36902.json b/2022/36xxx/CVE-2022-36902.json index 309a8e73a59..8df19a7edf2 100644 --- a/2022/36xxx/CVE-2022-36902.json +++ b/2022/36xxx/CVE-2022-36902.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36902", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Dynamic Extended Choice Parameter Plugin", - "version": { - "version_data": [ - { - "version_value": "1.0.1", - "version_affected": "<=" - }, - { - "version_value": "1.0.1", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Dynamic Extended Choice Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0.1", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.0.1", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2682", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2682", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2682" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36903.json b/2022/36xxx/CVE-2022-36903.json index 8994d8833f8..31e115fd1e7 100644 --- a/2022/36xxx/CVE-2022-36903.json +++ b/2022/36xxx/CVE-2022-36903.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36903", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Repository Connector Plugin", - "version": { - "version_data": [ - { - "version_value": "2.2.0", - "version_affected": "<=" - }, - { - "version_value": "2.2.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Repository Connector Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.2.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 2.2.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20(1)", - "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20(1)", - "refsource": "CONFIRM" + "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%281%29", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%281%29" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36904.json b/2022/36xxx/CVE-2022-36904.json index 23d6f739554..b786d0ac079 100644 --- a/2022/36xxx/CVE-2022-36904.json +++ b/2022/36xxx/CVE-2022-36904.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36904", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Repository Connector Plugin", - "version": { - "version_data": [ - { - "version_value": "2.2.0", - "version_affected": "<=" - }, - { - "version_value": "2.2.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Repository Connector Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.2.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 2.2.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20(2)", - "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20(2)", - "refsource": "CONFIRM" + "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36905.json b/2022/36xxx/CVE-2022-36905.json index 7b8540190ac..88b6de44cee 100644 --- a/2022/36xxx/CVE-2022-36905.json +++ b/2022/36xxx/CVE-2022-36905.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36905", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins Maven Metadata Plugin for Jenkins CI server Plugin", - "version": { - "version_data": [ - { - "version_value": "2.2", - "version_affected": "<=" - }, - { - "version_value": "2.2", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Maven Metadata Plugin for Jenkins CI server Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.2", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 2.2", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686", - "refsource": "CONFIRM" + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36906.json b/2022/36xxx/CVE-2022-36906.json index 0f4c732eec1..9ae56f7c946 100644 --- a/2022/36xxx/CVE-2022-36906.json +++ b/2022/36xxx/CVE-2022-36906.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36906", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins OpenShift Deployer Plugin", - "version": { - "version_data": [ - { - "version_value": "1.2.0", - "version_affected": "<=" - }, - { - "version_value": "1.2.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins OpenShift Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.2.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.2.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20(1)", - "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20(1)", - "refsource": "CONFIRM" + "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%281%29", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%281%29" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2022/36xxx/CVE-2022-36907.json b/2022/36xxx/CVE-2022-36907.json index b3bc95b2487..57adfce1289 100644 --- a/2022/36xxx/CVE-2022-36907.json +++ b/2022/36xxx/CVE-2022-36907.json @@ -1,40 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-36907", "ASSIGNER": "jenkinsci-cert@googlegroups.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Jenkins project", - "product": { - "product_data": [ - { - "product_name": "Jenkins OpenShift Deployer Plugin", - "version": { - "version_data": [ - { - "version_value": "1.2.0", - "version_affected": "<=" - }, - { - "version_value": "1.2.0", - "version_affected": "?>" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -49,23 +21,62 @@ "description": [ { "lang": "eng", - "value": "CWE-862: Missing Authorization" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins OpenShift Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.2.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThan": "unspecified", + "status": "unknown", + "version": "next of 1.2.0", + "versionType": "custom" + } + ] + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20(1)", - "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20(1)", - "refsource": "CONFIRM" + "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%281%29", + "refsource": "MISC", + "name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%281%29" }, { - "refsource": "MLIST", - "name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", - "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1" + "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/07/27/1" } ] } diff --git a/2023/39xxx/CVE-2023-39732.json b/2023/39xxx/CVE-2023-39732.json index bc10db121ea..3dc9d27b591 100644 --- a/2023/39xxx/CVE-2023-39732.json +++ b/2023/39xxx/CVE-2023-39732.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39732", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39732", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md", + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39732.md" + }, + { + "refsource": "MISC", + "name": "https://liff.line.me/1657574837-elb6bNQj", + "url": "https://liff.line.me/1657574837-elb6bNQj" } ] } diff --git a/2023/39xxx/CVE-2023-39739.json b/2023/39xxx/CVE-2023-39739.json index e27cd57d644..5cc9a1e6013 100644 --- a/2023/39xxx/CVE-2023-39739.json +++ b/2023/39xxx/CVE-2023-39739.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39739", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39739", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39739.md", + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39739.md" + }, + { + "refsource": "MISC", + "name": "https://liff.line.me/1656985266-EmlxqQQx", + "url": "https://liff.line.me/1656985266-EmlxqQQx" } ] } diff --git a/2023/3xxx/CVE-2023-3997.json b/2023/3xxx/CVE-2023-3997.json index 3f7c8f8f7e1..73ee58ea0bf 100644 --- a/2023/3xxx/CVE-2023-3997.json +++ b/2023/3xxx/CVE-2023-3997.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user\u2019s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user\u2019s action." + "value": "Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user\u2019s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user\u2019s action." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "-", + "version_name": "6.1", "version_value": "6.1.0" } ] diff --git a/2023/4xxx/CVE-2023-4172.json b/2023/4xxx/CVE-2023-4172.json index be9f8bef0cb..ea2fc34a76e 100644 --- a/2023/4xxx/CVE-2023-4172.json +++ b/2023/4xxx/CVE-2023-4172.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] } diff --git a/2023/4xxx/CVE-2023-4173.json b/2023/4xxx/CVE-2023-4173.json index 972c6a7e8cf..00fe5ddafa4 100644 --- a/2023/4xxx/CVE-2023-4173.json +++ b/2023/4xxx/CVE-2023-4173.json @@ -92,8 +92,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/4xxx/CVE-2023-4174.json b/2023/4xxx/CVE-2023-4174.json index e40e3695c02..e50d64fc2f7 100644 --- a/2023/4xxx/CVE-2023-4174.json +++ b/2023/4xxx/CVE-2023-4174.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/4xxx/CVE-2023-4175.json b/2023/4xxx/CVE-2023-4175.json index b838c20ead6..436b1820e8a 100644 --- a/2023/4xxx/CVE-2023-4175.json +++ b/2023/4xxx/CVE-2023-4175.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/4xxx/CVE-2023-4176.json b/2023/4xxx/CVE-2023-4176.json index afdb85096d1..d10cb38de95 100644 --- a/2023/4xxx/CVE-2023-4176.json +++ b/2023/4xxx/CVE-2023-4176.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/4xxx/CVE-2023-4177.json b/2023/4xxx/CVE-2023-4177.json index 6ab82c67c77..ebc96596ef7 100644 --- a/2023/4xxx/CVE-2023-4177.json +++ b/2023/4xxx/CVE-2023-4177.json @@ -92,8 +92,7 @@ { "version": "2.0", "baseScore": 1.4, - "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N", - "baseSeverity": "LOW" + "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N" } ] } diff --git a/2023/4xxx/CVE-2023-4179.json b/2023/4xxx/CVE-2023-4179.json index 628fb13705d..e89e3dc7a22 100644 --- a/2023/4xxx/CVE-2023-4179.json +++ b/2023/4xxx/CVE-2023-4179.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/4xxx/CVE-2023-4180.json b/2023/4xxx/CVE-2023-4180.json index 537e36ac632..1ac56708987 100644 --- a/2023/4xxx/CVE-2023-4180.json +++ b/2023/4xxx/CVE-2023-4180.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/4xxx/CVE-2023-4181.json b/2023/4xxx/CVE-2023-4181.json index 9a0a020ac23..fbaa988e333 100644 --- a/2023/4xxx/CVE-2023-4181.json +++ b/2023/4xxx/CVE-2023-4181.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 5.5, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P" } ] } diff --git a/2023/4xxx/CVE-2023-4182.json b/2023/4xxx/CVE-2023-4182.json index d2244450814..360ab0fdba0 100644 --- a/2023/4xxx/CVE-2023-4182.json +++ b/2023/4xxx/CVE-2023-4182.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/4xxx/CVE-2023-4183.json b/2023/4xxx/CVE-2023-4183.json index 78ebcb43da4..ae3c4711af2 100644 --- a/2023/4xxx/CVE-2023-4183.json +++ b/2023/4xxx/CVE-2023-4183.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/4xxx/CVE-2023-4184.json b/2023/4xxx/CVE-2023-4184.json index 3eebf60f042..08cd80ba449 100644 --- a/2023/4xxx/CVE-2023-4184.json +++ b/2023/4xxx/CVE-2023-4184.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/4xxx/CVE-2023-4185.json b/2023/4xxx/CVE-2023-4185.json index f7309799559..4da592223d5 100644 --- a/2023/4xxx/CVE-2023-4185.json +++ b/2023/4xxx/CVE-2023-4185.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/4xxx/CVE-2023-4571.json b/2023/4xxx/CVE-2023-4571.json index d6a16481099..67a8e62c008 100644 --- a/2023/4xxx/CVE-2023-4571.json +++ b/2023/4xxx/CVE-2023-4571.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. \n\nThe vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine." + "value": "In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. \n\nThe vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine." } ] }, diff --git a/2023/5xxx/CVE-2023-5271.json b/2023/5xxx/CVE-2023-5271.json index 70ae1c9f93e..89843b98eb9 100644 --- a/2023/5xxx/CVE-2023-5271.json +++ b/2023/5xxx/CVE-2023-5271.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 5.2, - "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/5xxx/CVE-2023-5272.json b/2023/5xxx/CVE-2023-5272.json index 6f012171198..554182d2ae7 100644 --- a/2023/5xxx/CVE-2023-5272.json +++ b/2023/5xxx/CVE-2023-5272.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 5.2, - "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/5xxx/CVE-2023-5273.json b/2023/5xxx/CVE-2023-5273.json index 53ad3735935..8e38a88b1bd 100644 --- a/2023/5xxx/CVE-2023-5273.json +++ b/2023/5xxx/CVE-2023-5273.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/5xxx/CVE-2023-5749.json b/2023/5xxx/CVE-2023-5749.json new file mode 100644 index 00000000000..fbccc0dabf2 --- /dev/null +++ b/2023/5xxx/CVE-2023-5749.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5749", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file