From 41748af215cf4bb559768f500ba6079e72be596a Mon Sep 17 00:00:00 2001 From: Arnout Engelen Date: Tue, 15 Nov 2022 14:03:42 +0100 Subject: [PATCH] Apache Archiva --- 2022/40xxx/CVE-2022-40308.json | 75 ++++++++++++++++++++++++++++++---- 2022/40xxx/CVE-2022-40309.json | 74 +++++++++++++++++++++++++++++---- 2 files changed, 135 insertions(+), 14 deletions(-) diff --git a/2022/40xxx/CVE-2022-40308.json b/2022/40xxx/CVE-2022-40308.json index b536debbbfc..66c19cfea6d 100644 --- a/2022/40xxx/CVE-2022-40308.json +++ b/2022/40xxx/CVE-2022-40308.json @@ -1,18 +1,79 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-40308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Archiva", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Apache Archiva", + "version_value": "2.2.8" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to L3yx of Syclover Security Team" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If anonymous read enabled, it's possible to read the database file directly without logging in.\n" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary file read vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://lists.apache.org/thread/x01pnn0jjsw512cscxsbxzrjmz64n4cc" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2022/40xxx/CVE-2022-40309.json b/2022/40xxx/CVE-2022-40309.json index 6f0f5cfbca8..7f50c9f40ab 100644 --- a/2022/40xxx/CVE-2022-40309.json +++ b/2022/40xxx/CVE-2022-40309.json @@ -1,18 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2022-40309", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Archiva", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.2.8" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to L3yx of Syclover Security Team" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Users with write permissions to a repository can delete arbitrary directories." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary directory deletion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://lists.apache.org/thread/1odl4p85r96n27k577jk6ftrp19xfc27" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +}