"-Synchronized-Data."

This commit is contained in:
CVE Team 2023-07-07 22:00:36 +00:00
parent f0d6f7490d
commit 3d33d1700a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 197 additions and 8 deletions

View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37269",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wintercms",
"product": {
"product_data": [
{
"product_name": "winter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3",
"refsource": "MISC",
"name": "https://github.com/wintercms/winter/security/advisories/GHSA-wjw2-4j7j-6gc3"
},
{
"url": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be",
"refsource": "MISC",
"name": "https://github.com/wintercms/storm/commit/186d85d8fea2cae43afc807d39f68553c24e56be"
},
{
"url": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c",
"refsource": "MISC",
"name": "https://github.com/wintercms/winter/commit/fa50b4c7489b67ea80072f8ac9fe5294fce1df1c"
},
{
"url": "https://github.com/wintercms/winter/releases/tag/v1.2.3",
"refsource": "MISC",
"name": "https://github.com/wintercms/winter/releases/tag/v1.2.3"
}
]
},
"source": {
"advisory": "GHSA-wjw2-4j7j-6gc3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Piwigo",
"product": {
"product_data": [
{
"product_name": "Piwigo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 13.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Piwigo/Piwigo/security/advisories/GHSA-934w-qj9p-3qcx",
"refsource": "MISC",
"name": "https://github.com/Piwigo/Piwigo/security/advisories/GHSA-934w-qj9p-3qcx"
},
{
"url": "https://github.com/Piwigo/Piwigo/commit/978425527d6c113887f845d75cf982bbb62d761a",
"refsource": "MISC",
"name": "https://github.com/Piwigo/Piwigo/commit/978425527d6c113887f845d75cf982bbb62d761a"
},
{
"url": "https://github.com/Piwigo/Piwigo/blob/c01ec38bc43f09424a8d404719c35f963d63cf00/include/dblayer/functions_mysqli.inc.php#L491",
"refsource": "MISC",
"name": "https://github.com/Piwigo/Piwigo/blob/c01ec38bc43f09424a8d404719c35f963d63cf00/include/dblayer/functions_mysqli.inc.php#L491"
},
{
"url": "https://github.com/Piwigo/Piwigo/blob/c01ec38bc43f09424a8d404719c35f963d63cf00/include/functions.inc.php#L621",
"refsource": "MISC",
"name": "https://github.com/Piwigo/Piwigo/blob/c01ec38bc43f09424a8d404719c35f963d63cf00/include/functions.inc.php#L621"
},
{
"url": "https://piwigo.org/release-13.8.0",
"refsource": "MISC",
"name": "https://piwigo.org/release-13.8.0"
}
]
},
"source": {
"advisory": "GHSA-934w-qj9p-3qcx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37579",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}