diff --git a/2024/57xxx/CVE-2024-57375.json b/2024/57xxx/CVE-2024-57375.json index b91e4586016..c54a2af4638 100644 --- a/2024/57xxx/CVE-2024-57375.json +++ b/2024/57xxx/CVE-2024-57375.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57375", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57375", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) via certain deselect actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://xx.piugame.com/bbs/board.php?bo_table=global_notice&wr_id=368", + "refsource": "MISC", + "name": "https://xx.piugame.com/bbs/board.php?bo_table=global_notice&wr_id=368" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=DXrnQpTlQs0", + "url": "https://www.youtube.com/watch?v=DXrnQpTlQs0" } ] } diff --git a/2025/27xxx/CVE-2025-27370.json b/2025/27xxx/CVE-2025-27370.json index d328319fe10..1e1c312ed2f 100644 --- a/2025/27xxx/CVE-2025-27370.json +++ b/2025/27xxx/CVE-2025-27370.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://github.com/OWASP/ASVS/issues/2678", "url": "https://github.com/OWASP/ASVS/issues/2678" + }, + { + "refsource": "MISC", + "name": "https://eprint.iacr.org/2025/629", + "url": "https://eprint.iacr.org/2025/629" } ] } diff --git a/2025/27xxx/CVE-2025-27371.json b/2025/27xxx/CVE-2025-27371.json index 121448dbf30..d82d7517b4c 100644 --- a/2025/27xxx/CVE-2025-27371.json +++ b/2025/27xxx/CVE-2025-27371.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://github.com/OWASP/ASVS/issues/2678", "url": "https://github.com/OWASP/ASVS/issues/2678" + }, + { + "refsource": "MISC", + "name": "https://eprint.iacr.org/2025/629", + "url": "https://eprint.iacr.org/2025/629" } ] } diff --git a/2025/28xxx/CVE-2025-28076.json b/2025/28xxx/CVE-2025-28076.json index 260c8f1ac10..5e709fdc32c 100644 --- a/2025/28xxx/CVE-2025-28076.json +++ b/2025/28xxx/CVE-2025-28076.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-28076", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-28076", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p10, (15) p11, (16) p12, (17) p13, (18) p14, (19) p15, (20) p16, (21) p17, (22) p18, (23) p19, or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID, (26) NAME, (27) CPUTHREADNB, (28) RAMCAP, or (29) DISKCAP parameter to /api/capaplan/savetemplates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2025-28076.md", + "url": "https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2025-28076.md" + }, + { + "refsource": "MISC", + "name": "https://www.easyvirt.com/", + "url": "https://www.easyvirt.com/" } ] } diff --git a/2025/32xxx/CVE-2025-32044.json b/2025/32xxx/CVE-2025-32044.json index 270dfb1e2c4..437dcbc1142 100644 --- a/2025/32xxx/CVE-2025-32044.json +++ b/2025/32xxx/CVE-2025-32044.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data\u2014including names, contact information, and hashed passwords\u2014via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-32044", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-32044" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356829", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2356829" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Lucas Alonso for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/32xxx/CVE-2025-32045.json b/2025/32xxx/CVE-2025-32045.json index 8192895e085..d11cdbc8e27 100644 --- a/2025/32xxx/CVE-2025-32045.json +++ b/2025/32xxx/CVE-2025-32045.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32045", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-32045", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-32045" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356835", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2356835" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Ilya Tregubov for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3625.json b/2025/3xxx/CVE-2025-3625.json index a119636683c..a63f3fdee91 100644 --- a/2025/3xxx/CVE-2025-3625.json +++ b/2025/3xxx/CVE-2025-3625.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3625", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3625" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359690", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359690" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank vi22 for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3627.json b/2025/3xxx/CVE-2025-3627.json index 431854cb7ca..2f8cbe94192 100644 --- a/2025/3xxx/CVE-2025-3627.json +++ b/2025/3xxx/CVE-2025-3627.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3627", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3627" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359692", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359692" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3628.json b/2025/3xxx/CVE-2025-3628.json index e1e6f1318cf..45d7efb54f1 100644 --- a/2025/3xxx/CVE-2025-3628.json +++ b/2025/3xxx/CVE-2025-3628.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3628", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3628" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359706", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359706" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Eliot for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3634.json b/2025/3xxx/CVE-2025-3634.json index bf5075a5ba7..8897958fd06 100644 --- a/2025/3xxx/CVE-2025-3634.json +++ b/2025/3xxx/CVE-2025-3634.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3634", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3634" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359707", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359707" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Guillaume Barat for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3635.json b/2025/3xxx/CVE-2025-3635.json index 5e85ac27b56..04eff13b380 100644 --- a/2025/3xxx/CVE-2025-3635.json +++ b/2025/3xxx/CVE-2025-3635.json @@ -1,17 +1,91 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3635", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3635" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359709", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359709" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Vincent Schneider for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3636.json b/2025/3xxx/CVE-2025-3636.json index cbe02ebde3b..d9986c326a9 100644 --- a/2025/3xxx/CVE-2025-3636.json +++ b/2025/3xxx/CVE-2025-3636.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84499", + "refsource": "MISC", + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84499" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3636", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3636" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359726", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359726" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Vincent Schneider for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3637.json b/2025/3xxx/CVE-2025-3637.json index 030d4997d19..1e96a33b609 100644 --- a/2025/3xxx/CVE-2025-3637.json +++ b/2025/3xxx/CVE-2025-3637.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of GET Request Method With Sensitive Query Strings", + "cweId": "CWE-598" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-65356", + "refsource": "MISC", + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-65356" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3637", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3637" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359727", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359727" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Simon Reinhart for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3638.json b/2025/3xxx/CVE-2025-3638.json index 8cb88a381b3..1c3e93d01ff 100644 --- a/2025/3xxx/CVE-2025-3638.json +++ b/2025/3xxx/CVE-2025-3638.json @@ -1,18 +1,79 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3638", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3638" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=467600", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=467600" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Vincent Schneider for reporting this issue." + } + ] } \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3640.json b/2025/3xxx/CVE-2025-3640.json index 9faec792210..7b67d8da324 100644 --- a/2025/3xxx/CVE-2025-3640.json +++ b/2025/3xxx/CVE-2025-3640.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3640", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3640" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359734", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359734" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=467601", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=467601" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Khikhi for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3641.json b/2025/3xxx/CVE-2025-3641.json index 09cbcc885d5..3d1c38ab40c 100644 --- a/2025/3xxx/CVE-2025-3641.json +++ b/2025/3xxx/CVE-2025-3641.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3641", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3641" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359735", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359735" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=467602", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=467602" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Vincent Schneider for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3642.json b/2025/3xxx/CVE-2025-3642.json index 5fb9b9259be..5b44f6e1f03 100644 --- a/2025/3xxx/CVE-2025-3642.json +++ b/2025/3xxx/CVE-2025-3642.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3642", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3642" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359738", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359738" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=467603", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=467603" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Vincent Schneider for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3643.json b/2025/3xxx/CVE-2025-3643.json index 48424a55b7c..d962131622e 100644 --- a/2025/3xxx/CVE-2025-3643.json +++ b/2025/3xxx/CVE-2025-3643.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3643", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3643" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359742", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359742" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=467604", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=467604" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3644.json b/2025/3xxx/CVE-2025-3644.json index 43cfb356fc3..77d816d78d0 100644 --- a/2025/3xxx/CVE-2025-3644.json +++ b/2025/3xxx/CVE-2025-3644.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3644", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3644" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=467605", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=467605" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank James E. Calder for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3645.json b/2025/3xxx/CVE-2025-3645.json index 9f3b3e8576b..c84eb59c450 100644 --- a/2025/3xxx/CVE-2025-3645.json +++ b/2025/3xxx/CVE-2025-3645.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3645", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3645" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359761", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359761" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=467606", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=467606" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank ostapbender for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3647.json b/2025/3xxx/CVE-2025-3647.json index f0aa0703f84..d8da9dd6cac 100644 --- a/2025/3xxx/CVE-2025-3647.json +++ b/2025/3xxx/CVE-2025-3647.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "patrick@puiterwijk.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2025-3647", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2025-3647" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359762", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2359762" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=467607", + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=467607" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Paul Holden for reporting this issue." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3934.json b/2025/3xxx/CVE-2025-3934.json new file mode 100644 index 00000000000..61c91da56e3 --- /dev/null +++ b/2025/3xxx/CVE-2025-3934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/3xxx/CVE-2025-3935.json b/2025/3xxx/CVE-2025-3935.json new file mode 100644 index 00000000000..51330b3e619 --- /dev/null +++ b/2025/3xxx/CVE-2025-3935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43016.json b/2025/43xxx/CVE-2025-43016.json index d2622629805..5095d0014a6 100644 --- a/2025/43xxx/CVE-2025-43016.json +++ b/2025/43xxx/CVE-2025-43016.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-43016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23", + "cweId": "CWE-23" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "Rider", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2025.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ] } diff --git a/2025/46xxx/CVE-2025-46432.json b/2025/46xxx/CVE-2025-46432.json index a1566ced6bc..d43c2f9ab86 100644 --- a/2025/46xxx/CVE-2025-46432.json +++ b/2025/46xxx/CVE-2025-46432.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2025.03.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2025/46xxx/CVE-2025-46433.json b/2025/46xxx/CVE-2025-46433.json index f429fb2b5d1..c4304595a91 100644 --- a/2025/46xxx/CVE-2025-46433.json +++ b/2025/46xxx/CVE-2025-46433.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23", + "cweId": "CWE-23" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2025.03.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" } ] } diff --git a/2025/46xxx/CVE-2025-46618.json b/2025/46xxx/CVE-2025-46618.json new file mode 100644 index 00000000000..a427de8a309 --- /dev/null +++ b/2025/46xxx/CVE-2025-46618.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2025-46618", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2025.03.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N" + } + ] + } +} \ No newline at end of file