diff --git a/2023/40xxx/CVE-2023-40254.json b/2023/40xxx/CVE-2023-40254.json
index 589cf1b89e2..447a5ff195f 100644
--- a/2023/40xxx/CVE-2023-40254.json
+++ b/2023/40xxx/CVE-2023-40254.json
@@ -1,17 +1,184 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40254",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vuln@krcert.or.kr",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-494 Download of Code Without Integrity Check",
+ "cweId": "CWE-494"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Genians",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Genian NAC V4.0",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "V4.0.156",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "V4.0.155",
+ "status": "affected",
+ "version": "V4.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Genian NAC V5.0",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "V5.0.42 (Revision 117461)",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "V5.0.42 (Revision 117460)",
+ "status": "affected",
+ "version": "V5.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Genian NAC Suite V5.0",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "V5.0.55",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "V5.0.54",
+ "status": "affected",
+ "version": "V5.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Genian ZTNA",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "V6.0.16",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "V6.0.15",
+ "status": "affected",
+ "version": "V6.0.0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.genians.co.kr/notice/2023",
+ "refsource": "MISC",
+ "name": "https://www.genians.co.kr/notice/2023"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2023/40xxx/CVE-2023-40267.json b/2023/40xxx/CVE-2023-40267.json
index cd594d90644..760b9c99241 100644
--- a/2023/40xxx/CVE-2023-40267.json
+++ b/2023/40xxx/CVE-2023-40267.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2023-40267",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2023-40267",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/gitpython-developers/GitPython/pull/1609",
+ "refsource": "MISC",
+ "name": "https://github.com/gitpython-developers/GitPython/pull/1609"
+ },
+ {
+ "url": "https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd",
+ "refsource": "MISC",
+ "name": "https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd"
}
]
}
diff --git a/2023/40xxx/CVE-2023-40268.json b/2023/40xxx/CVE-2023-40268.json
new file mode 100644
index 00000000000..65199666056
--- /dev/null
+++ b/2023/40xxx/CVE-2023-40268.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-40268",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/40xxx/CVE-2023-40269.json b/2023/40xxx/CVE-2023-40269.json
new file mode 100644
index 00000000000..5e335474d49
--- /dev/null
+++ b/2023/40xxx/CVE-2023-40269.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-40269",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/40xxx/CVE-2023-40270.json b/2023/40xxx/CVE-2023-40270.json
new file mode 100644
index 00000000000..5c846bae3a9
--- /dev/null
+++ b/2023/40xxx/CVE-2023-40270.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2023-40270",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2023/4xxx/CVE-2023-4105.json b/2023/4xxx/CVE-2023-4105.json
index 9c4cd83586d..fcecffec9cc 100644
--- a/2023/4xxx/CVE-2023-4105.json
+++ b/2023/4xxx/CVE-2023-4105.json
@@ -1,17 +1,144 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4105",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "responsibledisclosure@mattermost.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-862 Missing Authorization",
+ "cweId": "CWE-862"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mattermost",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Mattermost",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "7.8.7",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "7.9.5",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "7.10.3",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.8.8"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.9.6"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.10.4 "
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://mattermost.com/security-updates",
+ "refsource": "MISC",
+ "name": "https://mattermost.com/security-updates"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "MMSA-2023-00179",
+ "defect": [
+ "https://mattermost.atlassian.net/browse/MM-52414"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Mattermost Server to versions 7.10.4, 7.9.6, 7.8.8 or higher"
+ }
+ ],
+ "value": "Update Mattermost Server to versions\u00a07.10.4,\u00a07.9.6,\u00a07.8.8 or higher"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "BhaRat (hackit_bharat)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4106.json b/2023/4xxx/CVE-2023-4106.json
index 65ef2280957..9e9bd26f02f 100644
--- a/2023/4xxx/CVE-2023-4106.json
+++ b/2023/4xxx/CVE-2023-4106.json
@@ -1,17 +1,144 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4106",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "responsibledisclosure@mattermost.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to\u00a0view, join, edit, export and archive public playbooks.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-862 Missing Authorization",
+ "cweId": "CWE-862"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mattermost",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Mattermost",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "7.8.7",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "7.9.5",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "7.10.3",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.8.8"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.9.6"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.10.4"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://mattermost.com/security-updates",
+ "refsource": "MISC",
+ "name": "https://mattermost.com/security-updates"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "MMSA-2023-00181",
+ "defect": [
+ "https://mattermost.atlassian.net/browse/MM-52475"
+ ],
+ "discovery": "INTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Mattermost Server to versions 7.8.8, 7.9.5, 7.10.4 or higher. Otherwise, update the Playbooks plugin to version v1.37.0 or higher.
"
+ }
+ ],
+ "value": "Update Mattermost Server to versions 7.8.8, 7.9.5, 7.10.4 or higher. Otherwise, update the Playbooks plugin to version\u00a0v1.37.0 or higher.\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Eva Sarafianou"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4107.json b/2023/4xxx/CVE-2023-4107.json
index 0a7a7a6951b..e1d52de33d6 100644
--- a/2023/4xxx/CVE-2023-4107.json
+++ b/2023/4xxx/CVE-2023-4107.json
@@ -1,17 +1,144 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4107",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "responsibledisclosure@mattermost.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-863 Incorrect Authorization",
+ "cweId": "CWE-863"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mattermost",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Mattermost",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "7.8.7",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "7.9.5",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "7.10.3",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.8.8"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.9.6"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.10.4"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://mattermost.com/security-updates",
+ "refsource": "MISC",
+ "name": "https://mattermost.com/security-updates"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "MMSA-2023-00207",
+ "defect": [
+ "https://mattermost.atlassian.net/browse/MM-53091"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Mattermost Server to versions 7.8.8, 7.9.6, 7.10.4 or higher.
"
+ }
+ ],
+ "value": "Update Mattermost Server to versions 7.8.8, 7.9.6,\u00a07.10.4 or higher.\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Pyae Phyo (pyae_phyo)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2023/4xxx/CVE-2023-4108.json b/2023/4xxx/CVE-2023-4108.json
index 5ddc66d8a3f..9dc9384a8d4 100644
--- a/2023/4xxx/CVE-2023-4108.json
+++ b/2023/4xxx/CVE-2023-4108.json
@@ -1,17 +1,144 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4108",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "responsibledisclosure@mattermost.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged\n\n"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-532 Insertion of Sensitive Information into Log File",
+ "cweId": "CWE-532"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Mattermost",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Mattermost",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "7.8.7",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "7.9.5",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "7.10.3",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.8.8"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.9.6"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.10.4"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://mattermost.com/security-updates",
+ "refsource": "MISC",
+ "name": "https://mattermost.com/security-updates"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "advisory": "MMSA-2023-00214",
+ "defect": [
+ "https://mattermost.atlassian.net/browse/MM-53157"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update Mattermost Server to versions 7.8.8, 7.9.6, 7.10.4 or higher.
"
+ }
+ ],
+ "value": "Update Mattermost Server to versions 7.8.8, 7.9.6, 7.10.4 or higher.\n\n"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jo Astoreca"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}