From 311e4853d9e231fc9a3cc4f459298dbe2b7b0d55 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 22 Mar 2021 15:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36144.json | 2 +- 2021/25xxx/CVE-2021-25346.json | 5 ++ 2021/27xxx/CVE-2021-27308.json | 56 +++++++++++++++++++--- 2021/27xxx/CVE-2021-27962.json | 20 ++++++++ 2021/28xxx/CVE-2021-28146.json | 25 ++++++++++ 2021/28xxx/CVE-2021-28147.json | 86 +++++++++++++++++++++++++++++++--- 2021/28xxx/CVE-2021-28148.json | 86 +++++++++++++++++++++++++++++++--- 7 files changed, 261 insertions(+), 19 deletions(-) diff --git a/2020/36xxx/CVE-2020-36144.json b/2020/36xxx/CVE-2020-36144.json index 10d292a40b5..a979f1a77a3 100644 --- a/2020/36xxx/CVE-2020-36144.json +++ b/2020/36xxx/CVE-2020-36144.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form[\"email\"], request.form[\"password\"]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {\"username\": username} code lacks sanitization." + "value": "Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization." } ] }, diff --git a/2021/25xxx/CVE-2021-25346.json b/2021/25xxx/CVE-2021-25346.json index 06e295fd054..abc719bf1ff 100644 --- a/2021/25xxx/CVE-2021-25346.json +++ b/2021/25xxx/CVE-2021-25346.json @@ -82,6 +82,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/", "name": "https://security.samsungmobile.com/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-342/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-342/" } ] }, diff --git a/2021/27xxx/CVE-2021-27308.json b/2021/27xxx/CVE-2021-27308.json index 7fca2cbda8b..4dd6f38a9d3 100644 --- a/2021/27xxx/CVE-2021-27308.json +++ b/2021/27xxx/CVE-2021-27308.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27308", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27308", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the \"redirect\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/4images/4images/issues/3", + "refsource": "MISC", + "name": "https://github.com/4images/4images/issues/3" } ] } diff --git a/2021/27xxx/CVE-2021-27962.json b/2021/27xxx/CVE-2021-27962.json index 129216414a6..9416f1b0ce0 100644 --- a/2021/27xxx/CVE-2021-27962.json +++ b/2021/27xxx/CVE-2021-27962.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.grafana.com/t/release-notes-v6-7-x/27119", + "url": "https://community.grafana.com/t/release-notes-v6-7-x/27119" + }, { "url": "https://community.grafana.com", "refsource": "MISC", @@ -61,6 +66,21 @@ "refsource": "CONFIRM", "name": "http://www.openwall.com/lists/oss-security/2021/03/19/5", "url": "http://www.openwall.com/lists/oss-security/2021/03/19/5" + }, + { + "refsource": "CONFIRM", + "name": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", + "url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/" + }, + { + "refsource": "MISC", + "name": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", + "url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724" + }, + { + "refsource": "MISC", + "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", + "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/" } ] }, diff --git a/2021/28xxx/CVE-2021-28146.json b/2021/28xxx/CVE-2021-28146.json index a96b7c9c0a7..4c3b8deca1e 100644 --- a/2021/28xxx/CVE-2021-28146.json +++ b/2021/28xxx/CVE-2021-28146.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.grafana.com/t/release-notes-v6-7-x/27119", + "url": "https://community.grafana.com/t/release-notes-v6-7-x/27119" + }, { "url": "https://grafana.com/products/enterprise/", "refsource": "MISC", @@ -61,6 +66,26 @@ "refsource": "CONFIRM", "name": "https://www.openwall.com/lists/oss-security/2021/03/19/5", "url": "https://www.openwall.com/lists/oss-security/2021/03/19/5" + }, + { + "refsource": "CONFIRM", + "name": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", + "url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/" + }, + { + "refsource": "MISC", + "name": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", + "url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724" + }, + { + "refsource": "MISC", + "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/", + "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/" + }, + { + "refsource": "MISC", + "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", + "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/" } ] } diff --git a/2021/28xxx/CVE-2021-28147.json b/2021/28xxx/CVE-2021-28147.json index 586cceafc20..dbfc8b0d9d7 100644 --- a/2021/28xxx/CVE-2021-28147.json +++ b/2021/28xxx/CVE-2021-28147.json @@ -1,17 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28147", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.grafana.com/t/release-notes-v6-7-x/27119", + "url": "https://community.grafana.com/t/release-notes-v6-7-x/27119" + }, + { + "url": "https://grafana.com/products/enterprise/", + "refsource": "MISC", + "name": "https://grafana.com/products/enterprise/" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2021/03/19/5", + "url": "https://www.openwall.com/lists/oss-security/2021/03/19/5" + }, + { + "refsource": "CONFIRM", + "name": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", + "url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/" + }, + { + "refsource": "MISC", + "name": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", + "url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724" + }, + { + "refsource": "MISC", + "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/", + "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/" + }, + { + "refsource": "MISC", + "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", + "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/" } ] } diff --git a/2021/28xxx/CVE-2021-28148.json b/2021/28xxx/CVE-2021-28148.json index 26d420f57a4..246af3ce24f 100644 --- a/2021/28xxx/CVE-2021-28148.json +++ b/2021/28xxx/CVE-2021-28148.json @@ -1,17 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28148", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28148", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.grafana.com/t/release-notes-v6-7-x/27119", + "url": "https://community.grafana.com/t/release-notes-v6-7-x/27119" + }, + { + "url": "https://grafana.com/products/enterprise/", + "refsource": "MISC", + "name": "https://grafana.com/products/enterprise/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.openwall.com/lists/oss-security/2021/03/19/5", + "url": "https://www.openwall.com/lists/oss-security/2021/03/19/5" + }, + { + "refsource": "CONFIRM", + "name": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/", + "url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/" + }, + { + "refsource": "MISC", + "name": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724", + "url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724" + }, + { + "refsource": "MISC", + "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/", + "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/" + }, + { + "refsource": "MISC", + "name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/", + "url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/" } ] }