admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2021-29625 for GHSA-2v82-5746-vwqc

Browse Source
This commit is contained in:
Shelby J. Cunningham 2021-05-19 17:25:37 -04:00
parent 12a6cde9c0
commit 4a7cbbb8cc
No known key found for this signature in database
GPG Key ID: 0781D7D998EB82AA
1 changed files with 81 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2021/29xxx/CVE-2021-29625.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29625",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "XSS in doc_link"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "adminer",
"version": {
"version_data": [
{
"version_value": ">= 4.7.8, < 4.8.1"
}
]
}
}
]
},
"vendor_name": "vrana"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc",
"refsource": "CONFIRM",
"url": "https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc"
},
{
"name": "https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7",
"refsource": "MISC",
"url": "https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7"
},
{
"name": "https://sourceforge.net/p/adminer/bugs-and-features/797/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/adminer/bugs-and-features/797/"
}
]
},
"source": {
"advisory": "GHSA-2v82-5746-vwqc",
"discovery": "UNKNOWN"
}
}