admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-12-27 19:00:33 +00:00
parent 264836c491
commit 37523a4a24
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
2 changed files with 105 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
2023/52xxx/CVE-2023-52077.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52077",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nexryai",
"product": {
"product_data": [
{
"product_name": "nexkey",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 12.23Q4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-pjj7-7hcj-9cpc",
"refsource": "MISC",
"name": "https://github.com/nexryai/nexkey/security/advisories/GHSA-pjj7-7hcj-9cpc"
},
{
"url": "https://github.com/mei23/misskey-v12/commit/78173e376f14fcc1987b02196f5538bf5b18225c",
"refsource": "MISC",
"name": "https://github.com/mei23/misskey-v12/commit/78173e376f14fcc1987b02196f5538bf5b18225c"
},
{
"url": "https://github.com/misskey-dev/misskey/commit/5150053275594278e9eb23e72d98b16593c4c230",
"refsource": "MISC",
"name": "https://github.com/misskey-dev/misskey/commit/5150053275594278e9eb23e72d98b16593c4c230"
},
{
"url": "https://github.com/nexryai/nexkey/commit/a4e4c9c47c5f84ec7ccd309bde59d4ae5d7e5a98",
"refsource": "MISC",
"name": "https://github.com/nexryai/nexkey/commit/a4e4c9c47c5f84ec7ccd309bde59d4ae5d7e5a98"
}
]
},
"source": {
"advisory": "GHSA-pjj7-7hcj-9cpc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
]
}

18
2023/7xxx/CVE-2023-7124.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-7124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}