admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-14 08:00:34 +00:00
parent 2e2e86e3ff
commit 4abc5b4cf0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 153 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2022/32xxx/CVE-2022-32177.json
View File

@ -1,83 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerabilitylab@mend.io",
"ID" : "CVE-2022-32177",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "Oct 11, 2022, 12:00:00 AM",
"TITLE" : "Gin-vue-admin - Unrestricted File Upload"
},
"affects" : {
"vendor" : {
"vendor_data" : [ {
"vendor_name" : "gin-vue-admin",
"product" : {
"product_data" : [ {
"product_name" : "gin-vue-admin",
"version" : {
"version_data" : [ {
"version_value" : "v2.5.1",
"version_affected" : ">="
}, {
"version_value" : "v2.5.3beta",
"version_affected" : "<="
} ]
}
} ]
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2022-32177",
"STATE": "PUBLIC",
"DATE_PUBLIC": "Oct 11, 2022, 12:00:00 AM",
"TITLE": "Gin-vue-admin - Unrestricted File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gin-vue-admin",
"product": {
"product_data": [
{
"product_name": "gin-vue-admin",
"version": {
"version_data": [
{
"version_value": "v2.5.1",
"version_affected": ">="
},
{
"version_value": "v2.5.3beta",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
} ]
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In \"Gin-Vue-Admin\", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin\u2019s cookie leading to account takeover."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": 3.1,
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32177",
"name": "https://www.mend.io/vulnerability-database/CVE-2022-32177"
},
{
"refsource": "MISC",
"url": "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/common.vue#L29-L37",
"name": "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/common.vue#L29-L37"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
},
"credit" : [ {
"lang" : "eng",
"value" : "Mend Vulnerability Research Team (MVR)"
} ],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [ {
"lang" : "eng",
"value" : "In \"Gin-Vue-Admin\", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admins cookie leading to account takeover."
} ]
},
"generator" : {
"engine" : "Vulnogram 0.0.9"
},
"impact" : {
"cvss" : {
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"version" : 3.1,
"baseScore" : 9.0,
"baseSeverity" : "CRITICAL"
}
},
"references" : {
"reference_data" : [ {
"refsource" : "MISC",
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32177"
}, {
"refsource" : "CONFIRM",
"url" : "https://github.com/flipped-aurora/gin-vue-admin/blob/v2.5.3beta/web/src/components/upload/common.vue#L29-L37"
} ]
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "eng",
"value" : "CWE-434 Unrestricted Upload of File with Dangerous Type"
} ]
} ]
},
"source" : {
"advisory" : "https://www.mend.io/vulnerability-database/",
"discovery" : "UNKNOWN"
}
}

18
2022/3xxx/CVE-2022-3502.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3502",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/3xxx/CVE-2022-3503.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/42xxx/CVE-2022-42920.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}