From 409523e68d30fd7864ec5155a825362c8e4bcb30 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 23 Jan 2024 23:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/33xxx/CVE-2023-33295.json | 2 +- 2023/35xxx/CVE-2023-35835.json | 71 ++++++++++++++++++++++--- 2023/35xxx/CVE-2023-35836.json | 71 ++++++++++++++++++++++--- 2023/35xxx/CVE-2023-35837.json | 71 ++++++++++++++++++++++--- 2023/47xxx/CVE-2023-47115.json | 96 ++++++++++++++++++++++++++++++++-- 2023/5xxx/CVE-2023-5646.json | 2 +- 2023/5xxx/CVE-2023-5647.json | 2 +- 2023/5xxx/CVE-2023-5655.json | 2 +- 2023/5xxx/CVE-2023-5656.json | 2 +- 9 files changed, 292 insertions(+), 27 deletions(-) diff --git a/2023/33xxx/CVE-2023-33295.json b/2023/33xxx/CVE-2023-33295.json index 96d840b0b07..e6a8662821c 100644 --- a/2023/33xxx/CVE-2023-33295.json +++ b/2023/33xxx/CVE-2023-33295.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation." + "value": "Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation." } ] }, diff --git a/2023/35xxx/CVE-2023-35835.json b/2023/35xxx/CVE-2023-35835.json index 966df3ce152..31cda84129d 100644 --- a/2023/35xxx/CVE-2023-35835.json +++ b/2023/35xxx/CVE-2023-35835.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-35835", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-35835", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://yougottahackthat.com/blog/", + "refsource": "MISC", + "name": "https://yougottahackthat.com/blog/" + }, + { + "url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/", + "refsource": "MISC", + "name": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/" + }, + { + "url": "https://www.solaxpower.com/downloads/", + "refsource": "MISC", + "name": "https://www.solaxpower.com/downloads/" + }, + { + "refsource": "MISC", + "name": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication", + "url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication" } ] } diff --git a/2023/35xxx/CVE-2023-35836.json b/2023/35xxx/CVE-2023-35836.json index 2a8859dc64e..548189d74cb 100644 --- a/2023/35xxx/CVE-2023-35836.json +++ b/2023/35xxx/CVE-2023-35836.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-35836", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-35836", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://yougottahackthat.com/blog/", + "refsource": "MISC", + "name": "https://yougottahackthat.com/blog/" + }, + { + "url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/", + "refsource": "MISC", + "name": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/" + }, + { + "url": "https://www.solaxpower.com/downloads/", + "refsource": "MISC", + "name": "https://www.solaxpower.com/downloads/" + }, + { + "refsource": "MISC", + "name": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication", + "url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication" } ] } diff --git a/2023/35xxx/CVE-2023-35837.json b/2023/35xxx/CVE-2023-35837.json index 33442b1e574..c13af4c1ad1 100644 --- a/2023/35xxx/CVE-2023-35837.json +++ b/2023/35xxx/CVE-2023-35837.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-35837", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-35837", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://yougottahackthat.com/blog/", + "refsource": "MISC", + "name": "https://yougottahackthat.com/blog/" + }, + { + "url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/", + "refsource": "MISC", + "name": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/" + }, + { + "url": "https://www.solaxpower.com/downloads/", + "refsource": "MISC", + "name": "https://www.solaxpower.com/downloads/" + }, + { + "refsource": "MISC", + "name": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication", + "url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication" } ] } diff --git a/2023/47xxx/CVE-2023-47115.json b/2023/47xxx/CVE-2023-47115.json index a47b0578226..9e4197ec717 100644 --- a/2023/47xxx/CVE-2023-47115.json +++ b/2023/47xxx/CVE-2023-47115.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image.\n\nThe file `users/functions.py` lines 18-49 show that the only verification check is that the file is an image by extracting the dimensions from the file. Label Studio serves avatar images using Django's built-in `serve` view, which is not secure for production use according to Django's documentation. The issue with the Django `serve` view is that it determines the `Content-Type` of the response by the file extension in the URL path. Therefore, an attacker can upload an image that contains malicious HTML code and name the file with a `.html` extension to be rendered as a HTML page. The only file extension validation is performed on the client-side, which can be easily bypassed.\n\nVersion 1.9.2 fixes this issue. Other remediation strategies include validating the file extension on the server side, not in client-side code; removing the use of Django's `serve` view and implement a secure controller for viewing uploaded avatar images; saving file content in the database rather than on the filesystem to mitigate against other file related vulnerabilities; and avoiding trusting user controlled inputs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanSignal", + "product": { + "product_data": [ + { + "product_name": "label-studio", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-q68h-xwq5-mm7x", + "refsource": "MISC", + "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-q68h-xwq5-mm7x" + }, + { + "url": "https://github.com/HumanSignal/label-studio/commit/a7a71e594f32ec4af8f3f800d5ccb8662e275da3", + "refsource": "MISC", + "name": "https://github.com/HumanSignal/label-studio/commit/a7a71e594f32ec4af8f3f800d5ccb8662e275da3" + }, + { + "url": "https://docs.djangoproject.com/en/4.2/ref/views/#serving-files-in-development", + "refsource": "MISC", + "name": "https://docs.djangoproject.com/en/4.2/ref/views/#serving-files-in-development" + }, + { + "url": "https://github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/functions.py#L18-L49", + "refsource": "MISC", + "name": "https://github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/functions.py#L18-L49" + }, + { + "url": "https://github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/urls.py#L25-L26", + "refsource": "MISC", + "name": "https://github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/urls.py#L25-L26" + } + ] + }, + "source": { + "advisory": "GHSA-q68h-xwq5-mm7x", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5646.json b/2023/5xxx/CVE-2023-5646.json index 5f1e916a6ed..6fbe80dd1f2 100644 --- a/2023/5xxx/CVE-2023-5646.json +++ b/2023/5xxx/CVE-2023-5646.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "** REJECT ** it is a duplicate" + "value": "** REJECT ** \n** REJECT **DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5241. Reason: This record is a reservation duplicate of CVE-2023-5241. Notes: All CVE users should reference CVE-2023-5241 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.\n" } ] } diff --git a/2023/5xxx/CVE-2023-5647.json b/2023/5xxx/CVE-2023-5647.json index 8ec74b0ea3d..f973ae18ec2 100644 --- a/2023/5xxx/CVE-2023-5647.json +++ b/2023/5xxx/CVE-2023-5647.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "** REJECT ** it is a duplicate" + "value": "** REJECT **\nDO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5212. Reason: This record is a reservation duplicate of CVE-2023-5212. Notes: All CVE users should reference CVE-2023-5212\u00a0instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.\n" } ] } diff --git a/2023/5xxx/CVE-2023-5655.json b/2023/5xxx/CVE-2023-5655.json index 8558443a65a..c164bd5f4c8 100644 --- a/2023/5xxx/CVE-2023-5655.json +++ b/2023/5xxx/CVE-2023-5655.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "** REJECT ** it is a duplicate" + "value": "** REJECT **\nDO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5534. Reason: This record is a reservation duplicate of CVE-2023-5534. Notes: All CVE users should reference CVE-2023-5534 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.\n" } ] } diff --git a/2023/5xxx/CVE-2023-5656.json b/2023/5xxx/CVE-2023-5656.json index c4a5e65d835..194fb3cf95f 100644 --- a/2023/5xxx/CVE-2023-5656.json +++ b/2023/5xxx/CVE-2023-5656.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "** REJECT ** it is a duplicate" + "value": "** REJECT **\nDO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5533. Reason: This record is a reservation duplicate of CVE-2023-5533. Notes: All CVE users should reference CVE-2023-5533 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.\n" } ] }