admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3708

Browse Source 
Auto-merge PR#3708
This commit is contained in:
CVE Team 2020-04-30 18:25:23 -04:00 committed by GitHub
commit 3f1fc6aab8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 86 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2020/11xxx/CVE-2020-11016.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Remote code execution in Message sending functionality in IntelMQ Manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelMQ Manager",
"version": {
"version_data": [
{
"version_value": ">= 1.1.0, < 2.1.1"
}
]
}
}
]
},
"vendor_name": "certtools"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the\n\"send\" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly\nuse this issue to execute arbitrary code with the privileges of the webserver.\n\nVersion 2.1.1 fixes the vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/certtools/intelmq-manager/security/advisories/GHSA-rrhh-rcgp-q2m2",
"refsource": "CONFIRM",
"url": "https://github.com/certtools/intelmq-manager/security/advisories/GHSA-rrhh-rcgp-q2m2"
},
{
"name": "https://github.com/certtools/intelmq-manager/commit/b9a2ac43a4f99d764b827108f6a99dc4a9faa013",
"refsource": "MISC",
"url": "https://github.com/certtools/intelmq-manager/commit/b9a2ac43a4f99d764b827108f6a99dc4a9faa013"
},
{
"name": "https://github.com/certtools/intelmq-manager/releases/tag/2.1.1",
"refsource": "MISC",
"url": "https://github.com/certtools/intelmq-manager/releases/tag/2.1.1"
},
{
"name": "https://lists.cert.at/pipermail/intelmq-users/2020-April/000161.html",
"refsource": "MISC",
"url": "https://lists.cert.at/pipermail/intelmq-users/2020-April/000161.html"
}
]
},
"source": {
"advisory": "GHSA-rrhh-rcgp-q2m2",
"discovery": "UNKNOWN"
}
}