admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-27 13:00:42 +00:00
parent 8813a78e86
commit 369839c8ba
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 881 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/8xxx/CVE-2018-8822.json
View File

@ -116,6 +116,11 @@
"name": "USN-3657-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3657-1/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221227 Re: Details on this supposed Linux Kernel ksmbd RCE",
"url": "http://www.openwall.com/lists/oss-security/2022/12/27/3"
}
]
}

111
2019/25xxx/CVE-2019-25090.json Normal file
View File

@ -0,0 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2019-25090",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading to version 13.0.5.4 is able to address this issue. The name of the patch is 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab. It is recommended to upgrade the affected component. VDB-216878 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in FreePBX arimanager bis 13.0.5.3 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Views Handler. Mit der Manipulation des Arguments dataurl mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 13.0.5.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 199dea7cc7020d3c469a86a39fbd80f5edd3c5ab bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreePBX",
"product": {
"product_data": [
{
"product_name": "arimanager",
"version": {
"version_data": [
{
"version_value": "13.0.5.0",
"version_affected": "="
},
{
"version_value": "13.0.5.1",
"version_affected": "="
},
{
"version_value": "13.0.5.2",
"version_affected": "="
},
{
"version_value": "13.0.5.3",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216878",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216878"
},
{
"url": "https://vuldb.com/?ctiid.216878",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216878"
},
{
"url": "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab",
"refsource": "MISC",
"name": "https://github.com/FreePBX/arimanager/commit/199dea7cc7020d3c469a86a39fbd80f5edd3c5ab"
},
{
"url": "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4",
"refsource": "MISC",
"name": "https://github.com/FreePBX/arimanager/releases/tag/release%2F13.0.5.4"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

104
2020/36xxx/CVE-2020-36633.json Normal file
View File

@ -0,0 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-36633",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in moodle-block_sitenews 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion get_content der Datei block_sitenews.php. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als cd18d8b1afe464ae6626832496f4e070bac4c58f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "moodle-block_sitenews",
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216879",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216879"
},
{
"url": "https://vuldb.com/?ctiid.216879",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216879"
},
{
"url": "https://github.com/eberhardt/moodle-block_sitenews/pull/5",
"refsource": "MISC",
"name": "https://github.com/eberhardt/moodle-block_sitenews/pull/5"
},
{
"url": "https://github.com/eberhardt/moodle-block_sitenews/commit/cd18d8b1afe464ae6626832496f4e070bac4c58f",
"refsource": "MISC",
"name": "https://github.com/eberhardt/moodle-block_sitenews/commit/cd18d8b1afe464ae6626832496f4e070bac4c58f"
},
{
"url": "https://github.com/eberhardt/moodle-block_sitenews/releases/tag/v1.1",
"refsource": "MISC",
"name": "https://github.com/eberhardt/moodle-block_sitenews/releases/tag/v1.1"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

231
2020/36xxx/CVE-2020-36634.json Normal file
View File

@ -0,0 +1,231 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-36634",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.34 is able to address this issue. The name of the patch is c0952a9db51a880e9544d9fac2a2218a6bfc9c63. It is recommended to upgrade the affected component. VDB-216882 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in Indeed Engineering util bis 1.0.33 entdeckt. Es geht dabei um die Funktion visit/appendTo der Datei varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.0.34 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c0952a9db51a880e9544d9fac2a2218a6bfc9c63 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Indeed Engineering",
"product": {
"product_data": [
{
"product_name": "util",
"version": {
"version_data": [
{
"version_value": "1.0.0",
"version_affected": "="
},
{
"version_value": "1.0.1",
"version_affected": "="
},
{
"version_value": "1.0.2",
"version_affected": "="
},
{
"version_value": "1.0.3",
"version_affected": "="
},
{
"version_value": "1.0.4",
"version_affected": "="
},
{
"version_value": "1.0.5",
"version_affected": "="
},
{
"version_value": "1.0.6",
"version_affected": "="
},
{
"version_value": "1.0.7",
"version_affected": "="
},
{
"version_value": "1.0.8",
"version_affected": "="
},
{
"version_value": "1.0.9",
"version_affected": "="
},
{
"version_value": "1.0.10",
"version_affected": "="
},
{
"version_value": "1.0.11",
"version_affected": "="
},
{
"version_value": "1.0.12",
"version_affected": "="
},
{
"version_value": "1.0.13",
"version_affected": "="
},
{
"version_value": "1.0.14",
"version_affected": "="
},
{
"version_value": "1.0.15",
"version_affected": "="
},
{
"version_value": "1.0.16",
"version_affected": "="
},
{
"version_value": "1.0.17",
"version_affected": "="
},
{
"version_value": "1.0.18",
"version_affected": "="
},
{
"version_value": "1.0.19",
"version_affected": "="
},
{
"version_value": "1.0.20",
"version_affected": "="
},
{
"version_value": "1.0.21",
"version_affected": "="
},
{
"version_value": "1.0.22",
"version_affected": "="
},
{
"version_value": "1.0.23",
"version_affected": "="
},
{
"version_value": "1.0.24",
"version_affected": "="
},
{
"version_value": "1.0.25",
"version_affected": "="
},
{
"version_value": "1.0.26",
"version_affected": "="
},
{
"version_value": "1.0.27",
"version_affected": "="
},
{
"version_value": "1.0.28",
"version_affected": "="
},
{
"version_value": "1.0.29",
"version_affected": "="
},
{
"version_value": "1.0.30",
"version_affected": "="
},
{
"version_value": "1.0.31",
"version_affected": "="
},
{
"version_value": "1.0.32",
"version_affected": "="
},
{
"version_value": "1.0.33",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216882",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216882"
},
{
"url": "https://vuldb.com/?ctiid.216882",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216882"
},
{
"url": "https://github.com/indeedeng/util/commit/c0952a9db51a880e9544d9fac2a2218a6bfc9c63",
"refsource": "MISC",
"name": "https://github.com/indeedeng/util/commit/c0952a9db51a880e9544d9fac2a2218a6bfc9c63"
},
{
"url": "https://github.com/indeedeng/util/releases/tag/published%2F1.0.34",
"refsource": "MISC",
"name": "https://github.com/indeedeng/util/releases/tag/published%2F1.0.34"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.6,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

148
2021/4xxx/CVE-2021-4288.json Normal file
View File

@ -0,0 +1,148 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-4288",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/userApp.gsp. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 35f81901a4cb925747a9615b8706f5079d2196a1. It is recommended to upgrade the affected component. The identifier VDB-216881 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in OpenMRS openmrs-module-referenceapplication bis 2.11.x ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei omod/src/main/webapp/pages/userApp.gsp. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.12.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 35f81901a4cb925747a9615b8706f5079d2196a1 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenMRS",
"product": {
"product_data": [
{
"product_name": "openmrs-module-referenceapplication",
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
},
{
"version_value": "2.1",
"version_affected": "="
},
{
"version_value": "2.2",
"version_affected": "="
},
{
"version_value": "2.3",
"version_affected": "="
},
{
"version_value": "2.4",
"version_affected": "="
},
{
"version_value": "2.5",
"version_affected": "="
},
{
"version_value": "2.6",
"version_affected": "="
},
{
"version_value": "2.7",
"version_affected": "="
},
{
"version_value": "2.8",
"version_affected": "="
},
{
"version_value": "2.9",
"version_affected": "="
},
{
"version_value": "2.10",
"version_affected": "="
},
{
"version_value": "2.11",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216881",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216881"
},
{
"url": "https://vuldb.com/?ctiid.216881",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216881"
},
{
"url": "https://github.com/openmrs/openmrs-module-referenceapplication/pull/92",
"refsource": "MISC",
"name": "https://github.com/openmrs/openmrs-module-referenceapplication/pull/92"
},
{
"url": "https://github.com/openmrs/openmrs-module-referenceapplication/commit/35f81901a4cb925747a9615b8706f5079d2196a1",
"refsource": "MISC",
"name": "https://github.com/openmrs/openmrs-module-referenceapplication/commit/35f81901a4cb925747a9615b8706f5079d2196a1"
},
{
"url": "https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0",
"refsource": "MISC",
"name": "https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

153
2021/4xxx/CVE-2021-4289.json Normal file
View File

@ -0,0 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-4289",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in OpenMRS openmrs-module-referenceapplication up to 2.11.x. Affected by this vulnerability is the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of the component User App Page. The manipulation of the argument AppId leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.12.0 is able to address this issue. The name of the patch is 0410c091d46eed3c132fe0fcafe5964182659f74. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216883."
},
{
"lang": "deu",
"value": "In OpenMRS openmrs-module-referenceapplication bis 2.11.x wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion post der Datei omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java der Komponente User App Page. Durch das Manipulieren des Arguments AppId mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.12.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0410c091d46eed3c132fe0fcafe5964182659f74 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenMRS",
"product": {
"product_data": [
{
"product_name": "openmrs-module-referenceapplication",
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
},
{
"version_value": "2.1",
"version_affected": "="
},
{
"version_value": "2.2",
"version_affected": "="
},
{
"version_value": "2.3",
"version_affected": "="
},
{
"version_value": "2.4",
"version_affected": "="
},
{
"version_value": "2.5",
"version_affected": "="
},
{
"version_value": "2.6",
"version_affected": "="
},
{
"version_value": "2.7",
"version_affected": "="
},
{
"version_value": "2.8",
"version_affected": "="
},
{
"version_value": "2.9",
"version_affected": "="
},
{
"version_value": "2.10",
"version_affected": "="
},
{
"version_value": "2.11",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0",
"refsource": "MISC",
"name": "https://github.com/openmrs/openmrs-module-referenceapplication/releases/tag/referenceapplication-2.12.0"
},
{
"url": "https://vuldb.com/?id.216883",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216883"
},
{
"url": "https://vuldb.com/?ctiid.216883",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216883"
},
{
"url": "https://github.com/openmrs/openmrs-module-referenceapplication/pull/89",
"refsource": "MISC",
"name": "https://github.com/openmrs/openmrs-module-referenceapplication/pull/89"
},
{
"url": "https://issues.openmrs.org/browse/RA-1875",
"refsource": "MISC",
"name": "https://issues.openmrs.org/browse/RA-1875"
},
{
"url": "https://github.com/openmrs/openmrs-module-referenceapplication/commit/0410c091d46eed3c132fe0fcafe5964182659f74",
"refsource": "MISC",
"name": "https://github.com/openmrs/openmrs-module-referenceapplication/commit/0410c091d46eed3c132fe0fcafe5964182659f74"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

5
2022/47xxx/CVE-2022-47946.json
View File

@ -61,6 +61,11 @@
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221227 Re: Linux kernel: use-after-free in io_sqpoll_wait_sq",
"url": "http://www.openwall.com/lists/oss-security/2022/12/27/1"
}
]
}

124
2022/4xxx/CVE-2022-4766.json Normal file
View File

@ -0,0 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-4766",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a is able to address this issue. The name of the patch is 082282e9dab43963e6c8f03cfaddd7921de377f4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216880."
},
{
"lang": "deu",
"value": "In dolibarr_project_timesheet bis 4.5.5 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Form Handler. Durch Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 4.5.6.a vermag dieses Problem zu l\u00f6sen. Der Patch wird als 082282e9dab43963e6c8f03cfaddd7921de377f4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "dolibarr_project_timesheet",
"version": {
"version_data": [
{
"version_value": "4.5.0",
"version_affected": "="
},
{
"version_value": "4.5.1",
"version_affected": "="
},
{
"version_value": "4.5.2",
"version_affected": "="
},
{
"version_value": "4.5.3",
"version_affected": "="
},
{
"version_value": "4.5.4",
"version_affected": "="
},
{
"version_value": "4.5.5",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216880",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216880"
},
{
"url": "https://vuldb.com/?ctiid.216880",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216880"
},
{
"url": "https://github.com/delcroip/dolibarr_project_timesheet/pull/200",
"refsource": "MISC",
"name": "https://github.com/delcroip/dolibarr_project_timesheet/pull/200"
},
{
"url": "https://github.com/delcroip/dolibarr_project_timesheet/commit/082282e9dab43963e6c8f03cfaddd7921de377f4",
"refsource": "MISC",
"name": "https://github.com/delcroip/dolibarr_project_timesheet/commit/082282e9dab43963e6c8f03cfaddd7921de377f4"
},
{
"url": "https://github.com/delcroip/dolibarr_project_timesheet/releases/tag/4.5.6.a",
"refsource": "MISC",
"name": "https://github.com/delcroip/dolibarr_project_timesheet/releases/tag/4.5.6.a"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}