diff --git a/2021/27xxx/CVE-2021-27852.json b/2021/27xxx/CVE-2021-27852.json index 1d7d86a6ad3..16c03f8404e 100644 --- a/2021/27xxx/CVE-2021-27852.json +++ b/2021/27xxx/CVE-2021-27852.json @@ -1,36 +1,12 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cert@cert.org", "ID": "CVE-2021-27852", + "ASSIGNER": "cert@cert.org", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Survey", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "7" - } - ] - } - } - ] - }, - "vendor_name": "Checkbox" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -39,47 +15,74 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-502 Deserialization of Untrusted Data" + "value": "n/a" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Checkbox", + "product": { + "product_data": [ + { + "product_name": "Survey", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "7" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/706695", + "refsource": "MISC", "name": "https://www.kb.cert.org/vuls/id/706695" } ] }, + "generator": { + "engine": "cveClient/1.0.15" + }, "source": { "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2023/33xxx/CVE-2023-33303.json b/2023/33xxx/CVE-2023-33303.json index 286a9c756b7..1ccb33d0a3c 100644 --- a/2023/33xxx/CVE-2023-33303.json +++ b/2023/33xxx/CVE-2023-33303.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiEDR", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.0.0", + "version_value": "5.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-007", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-007" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiEDR version 5.2.0.2501 or above\r\nPlease upgrade to FortiEDR version 5.0.3.873 or above" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X" } ] } diff --git a/2023/41xxx/CVE-2023-41680.json b/2023/41xxx/CVE-2023-41680.json index 50c877bfe96..7263753b8e7 100644 --- a/2023/41xxx/CVE-2023-41680.json +++ b/2023/41xxx/CVE-2023-41680.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSandbox", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.4.0", + "version_value": "4.4.1" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.5" + }, + { + "version_affected": "<=", + "version_name": "4.0.0", + "version_value": "4.0.3" + }, + { + "version_affected": "<=", + "version_name": "3.2.0", + "version_value": "3.2.4" + }, + { + "version_affected": "<=", + "version_name": "3.1.0", + "version_value": "3.1.5" + }, + { + "version_affected": "<=", + "version_name": "3.0.0", + "version_value": "3.0.7" + }, + { + "version_affected": "<=", + "version_name": "2.5.0", + "version_value": "2.5.2" + }, + { + "version_affected": "=", + "version_value": "2.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-311", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-311" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSandbox version 4.4.2 or above Please upgrade to FortiSandbox version 4.2.6 or above Please upgrade to FortiSandbox version 4.0.4 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X" } ] } diff --git a/2023/41xxx/CVE-2023-41681.json b/2023/41xxx/CVE-2023-41681.json index 330aae96bf6..9a5e03cb63d 100644 --- a/2023/41xxx/CVE-2023-41681.json +++ b/2023/41xxx/CVE-2023-41681.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSandbox", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.4.0", + "version_value": "4.4.1" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.5" + }, + { + "version_affected": "<=", + "version_name": "4.0.0", + "version_value": "4.0.3" + }, + { + "version_affected": "<=", + "version_name": "3.2.0", + "version_value": "3.2.4" + }, + { + "version_affected": "<=", + "version_name": "3.1.0", + "version_value": "3.1.5" + }, + { + "version_affected": "<=", + "version_name": "3.0.0", + "version_value": "3.0.7" + }, + { + "version_affected": "<=", + "version_name": "2.5.0", + "version_value": "2.5.2" + }, + { + "version_affected": "=", + "version_value": "2.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-311", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-311" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSandbox version 4.4.2 or above Please upgrade to FortiSandbox version 4.2.6 or above Please upgrade to FortiSandbox version 4.0.4 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X" } ] } diff --git a/2023/41xxx/CVE-2023-41682.json b/2023/41xxx/CVE-2023-41682.json index 863067367c3..422edb12a24 100644 --- a/2023/41xxx/CVE-2023-41682.json +++ b/2023/41xxx/CVE-2023-41682.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSandbox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4.0" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.5" + }, + { + "version_affected": "<=", + "version_name": "4.0.0", + "version_value": "4.0.3" + }, + { + "version_affected": "<=", + "version_name": "3.2.0", + "version_value": "3.2.4" + }, + { + "version_affected": "<=", + "version_name": "3.1.0", + "version_value": "3.1.5" + }, + { + "version_affected": "<=", + "version_name": "3.0.0", + "version_value": "3.0.7" + }, + { + "version_affected": "<=", + "version_name": "2.5.0", + "version_value": "2.5.2" + }, + { + "version_affected": "<=", + "version_name": "2.4.0", + "version_value": "2.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-280", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-280" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSandbox version 4.4.2 or above Please upgrade to FortiSandbox version 4.2.6 or above Please upgrade to FortiSandbox version 4.0.4 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:C" } ] } diff --git a/2023/41xxx/CVE-2023-41836.json b/2023/41xxx/CVE-2023-41836.json index 3ac7a78aa6e..93686762cc0 100644 --- a/2023/41xxx/CVE-2023-41836.json +++ b/2023/41xxx/CVE-2023-41836.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41836", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSandbox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.4.0" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.4" + }, + { + "version_affected": "<=", + "version_name": "4.0.0", + "version_value": "4.0.4" + }, + { + "version_affected": "<=", + "version_name": "3.2.0", + "version_value": "3.2.4" + }, + { + "version_affected": "<=", + "version_name": "3.1.0", + "version_value": "3.1.5" + }, + { + "version_affected": "<=", + "version_name": "3.0.4", + "version_value": "3.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-215", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-215" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSandbox version 4.4.2 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C" } ] } diff --git a/2023/41xxx/CVE-2023-41843.json b/2023/41xxx/CVE-2023-41843.json index 33133d1b545..0e0adbef977 100644 --- a/2023/41xxx/CVE-2023-41843.json +++ b/2023/41xxx/CVE-2023-41843.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "FortiSandbox", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.4.0", + "version_value": "4.4.1" + }, + { + "version_affected": "<=", + "version_name": "4.2.0", + "version_value": "4.2.5" + }, + { + "version_affected": "<=", + "version_name": "4.0.0", + "version_value": "4.0.3" + }, + { + "version_affected": "<=", + "version_name": "3.2.0", + "version_value": "3.2.4" + }, + { + "version_affected": "<=", + "version_name": "3.1.0", + "version_value": "3.1.5" + }, + { + "version_affected": "<=", + "version_name": "3.0.0", + "version_value": "3.0.7" + }, + { + "version_affected": "<=", + "version_name": "2.5.0", + "version_value": "2.5.2" + }, + { + "version_affected": "=", + "version_value": "2.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-273", + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-23-273" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Please upgrade to FortiSandbox version 4.4.2 or above Please upgrade to FortiSandbox version 4.2.6 or above Please upgrade to FortiSandbox version 4.0.4 or above " + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C" } ] } diff --git a/2023/45xxx/CVE-2023-45267.json b/2023/45xxx/CVE-2023-45267.json index e33717aff48..8e3e8ca11cb 100644 --- a/2023/45xxx/CVE-2023-45267.json +++ b/2023/45xxx/CVE-2023-45267.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45267", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <=\u00a02.2.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zizou1988", + "product": { + "product_data": [ + { + "product_name": "IRivYou", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wooreviews-importer/wordpress-irivyou-add-reviews-from-aliexpress-and-amazon-to-woocommerce-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wooreviews-importer/wordpress-irivyou-add-reviews-from-aliexpress-and-amazon-to-woocommerce-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45268.json b/2023/45xxx/CVE-2023-45268.json index 578a7cbdb72..cc931b2c08f 100644 --- a/2023/45xxx/CVE-2023-45268.json +++ b/2023/45xxx/CVE-2023-45268.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45268", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <=\u00a05.86 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitsteps", + "product": { + "product_data": [ + { + "product_name": "Hitsteps Web Analytics", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "5.86" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/hitsteps-visitor-manager/wordpress-hitsteps-web-analytics-plugin-5-85-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/hitsteps-visitor-manager/wordpress-hitsteps-web-analytics-plugin-5-85-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] }