mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-21 05:40:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
e574bd3894
commit
3fb83566bc
@ -1,18 +1,66 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-4894",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "hp-security-alert@hp.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "HP Inc.",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "HP and Samsung Printer software ",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "See HP Security Bulletin reference for affected versions."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://support.hp.com/us-en/document/ish_8947379-8947403-16/hpsbpi03857",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.hp.com/us-en/document/ish_8947379-8947403-16/hpsbpi03857"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "cveClient/1.0.14"
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,357 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-20209",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.5.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.5.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.6.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.1.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.1.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.2.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.2.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.7.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.7.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.7.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.8.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.8.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.8.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.9.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.9.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.9"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.10.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.10.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.10.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.10.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.10.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.9"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.5.6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.6.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.6.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.6.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.6.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.6.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.7.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X12.7.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.11.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.11.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.11.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.11.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X8.11.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.9"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.10"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.0.11"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.2.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.2.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.2.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.2.6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.2.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.2.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "X14.3.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ",
|
||||
"refsource": "MISC",
|
||||
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-expressway-injection-X475EbTQ",
|
||||
"discovery": "EXTERNAL",
|
||||
"defects": [
|
||||
"CSCwf57215"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,589 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-20228",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco Unified Computing System (Standalone)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(1d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(2b)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(2c)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(2d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(2e)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(2g)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(2i)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3a)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3b)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3c)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3g)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3h)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3i)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3j)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1(3k)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(1.240)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(1a)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(1b)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(1c)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(1d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(1e)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(1g)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(1h)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2c)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2f)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2g)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2h)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2i)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2l)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2n)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4b)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4c)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4e)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4f)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4h)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4i)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4k)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4l)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4m)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2o)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2p)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(4n)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2q)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.0(2r)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(1c)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(1d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(1f)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(1g)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2a)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(1h)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2b)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2f)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2e)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(3b)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(3c)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(3d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2g)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(3f)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2h)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2j)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2k)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(2l)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(3h)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(3i)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.1(3l)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(1a)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(1b)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(1c)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(1e)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(1f)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(1g)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(1i)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(1j)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(2a)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(2f)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(2g)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(3b)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(3d)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.2(3e)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.3(1.230097)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.3(1.230124)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.3(1.230138)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cisco Unified Computing System E-Series Software (UCSE)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.1.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.4.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.4.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.4.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.10"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.11.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.11.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.11.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.12.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.13.6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.2.14"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.1.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.0.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.0.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.3.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.3.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.3.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.3.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.2.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.2.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.0.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.10"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.06"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "3.02"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.11.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr",
|
||||
"refsource": "MISC",
|
||||
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-cimc-xss-UMYtYEtr",
|
||||
"discovery": "EXTERNAL",
|
||||
"defects": [
|
||||
"CSCwe96259",
|
||||
"CSCwf98681"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,364 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-20242",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Cisco",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco Unified Communications Manager",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.0(1)SU1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.0(1)SU2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.0(1)SU3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.0(1)SU4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.0(1)SU5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU7a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.5(1)SU8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "14"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "14SU1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "14SU2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "14SU3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cisco Unified Communications Manager IM and Presence Service",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "N/A"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cisco Unified Communications Manager / Cisco Unity Connection",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU10"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(1)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(1)SU1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(1)SU1a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU9"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU2a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU3a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU4a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.5(2)SU6a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0(1)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0(1a)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0(1a)SU1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0(1a)SU2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0(1a)SU3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0(1a)SU3a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0(1a)SU4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.0.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU3a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU3b"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU9"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU10"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.5(1)SU11"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.0(1)SU2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.0(1)"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "10.0(1)SU1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK",
|
||||
"refsource": "MISC",
|
||||
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-cucm-imp-xss-QtT4VdsK",
|
||||
"discovery": "INTERNAL",
|
||||
"defects": [
|
||||
"CSCwh00875",
|
||||
"CSCwh02167"
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 4.8,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,109 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-40021",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator (`==`), which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by character. Once they have recovered the token, they can then submit a forged request on behalf of a logged-in user and execute privileged actions on that user's behalf. In particular the function to validate received CSRF tokens is at `oppia.core.controllers.base.CsrfTokenManager.is_csrf_token_valid`. An attacker who can lure a logged-in Oppia user to a malicious website can perform any change on Oppia that the user is authorized to do, including changing profile information; creating, deleting, and changing explorations; etc. Note that the attacker cannot change a user's login credentials. An attack would need to complete within 1 second because every second, the time used in computing the token changes. This issue has been addressed in commit `b89bf80837` which has been included in release `3.3.2-hotfix-2`. Users are advised to upgrade. There are no known workarounds for this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-203: Observable Discrepancy",
|
||||
"cweId": "CWE-203"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-208: Observable Timing Discrepancy",
|
||||
"cweId": "CWE-208"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "oppia",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "oppia",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 1.1.0, < 3.3.2-hotfix-2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/oppia/oppia/security/advisories/GHSA-49jp-pjc3-2532",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/oppia/oppia/security/advisories/GHSA-49jp-pjc3-2532"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/oppia/oppia/pull/18769",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/oppia/oppia/pull/18769"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/oppia/oppia/commit/b89bf808378c1236874b5797a7bda32c77b4af23",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/oppia/oppia/commit/b89bf808378c1236874b5797a7bda32c77b4af23"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/oppia/oppia/blob/3a05c3558a292f3db9e658e60e708c266c003fd0/core/controllers/base.py#L964-L990",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/oppia/oppia/blob/3a05c3558a292f3db9e658e60e708c266c003fd0/core/controllers/base.py#L964-L990"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-49jp-pjc3-2532",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,90 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-40033",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
|
||||
"cweId": "CWE-918"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "flarum",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "framework",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 1.8.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-67c6-q4j4-hccg",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.1,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,100 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-40034",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-20: Improper Input Validation",
|
||||
"cweId": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "woodpecker-ci",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "woodpecker",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": ">= 1.0.0, < 1.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-4gcf-5m39-98mc",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-4gcf-5m39-98mc"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/woodpecker-ci/woodpecker/pull/2221",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/woodpecker-ci/woodpecker/pull/2221"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/woodpecker-ci/woodpecker/pull/2222",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/woodpecker-ci/woodpecker/pull/2222"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/woodpecker-ci/woodpecker/commit/6e4c2f84cc84661d58cf1c0e5c421a46070bb105",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/woodpecker-ci/woodpecker/commit/6e4c2f84cc84661d58cf1c0e5c421a46070bb105"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-4gcf-5m39-98mc",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.1,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2023/4xxx/CVE-2023-4391.json
Normal file
18
2023/4xxx/CVE-2023-4391.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-4391",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user