From 4ae4620edcf9971ad6d7997d68db19bf4fd39d7e Mon Sep 17 00:00:00 2001
From: Jamie Slome <jamie@418sec.com>
Date: Mon, 23 Aug 2021 11:01:34 +0100
Subject: [PATCH] Update CVE-2021-3728.json

---
 2021/3xxx/CVE-2021-3728.json | 101 +++++++++++++++++++++++++++++------
 1 file changed, 86 insertions(+), 15 deletions(-)

diff --git a/2021/3xxx/CVE-2021-3728.json b/2021/3xxx/CVE-2021-3728.json
index 5be828d3e82..72546a71565 100644
--- a/2021/3xxx/CVE-2021-3728.json
+++ b/2021/3xxx/CVE-2021-3728.json
@@ -1,18 +1,89 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-3728",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "CVE_data_meta":{
+      "ASSIGNER":"security@huntr.dev",
+      "ID":"CVE-2021-3728",
+      "STATE":"PUBLIC",
+      "TITLE":"Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii"
+   },
+   "affects":{
+      "vendor":{
+         "vendor_data":[
             {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product":{
+                  "product_data":[
+                     {
+                        "product_name":"firefly-iii/firefly-iii",
+                        "version":{
+                           "version_data":[
+                              {
+                                 "version_affected":"<=",
+                                 "version_value":"5.5.13"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name":"firefly-iii"
             }
-        ]
-    }
-}
\ No newline at end of file
+         ]
+      }
+   },
+   "data_format":"MITRE",
+   "data_type":"CVE",
+   "data_version":"4.0",
+   "description":{
+      "description_data":[
+         {
+            "lang":"eng",
+            "value":"firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)"
+         }
+      ]
+   },
+   "impact":{
+      "cvss":{
+         "attackComplexity":"LOW",
+         "attackVector":"NETWORK",
+         "availabilityImpact":"HIGH",
+         "baseScore":6.5,
+         "baseSeverity":"MEDIUM",
+         "confidentialityImpact":"NONE",
+         "integrityImpact":"NONE",
+         "privilegesRequired":"NONE",
+         "scope":"UNCHANGED",
+         "userInteraction":"REQUIRED",
+         "vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+         "version":"3.0"
+      }
+   },
+   "problemtype":{
+      "problemtype_data":[
+         {
+            "description":[
+               {
+                  "lang":"eng",
+                  "value":"CWE-352 Cross-Site Request Forgery (CSRF)"
+               }
+            ]
+         }
+      ]
+   },
+   "references":{
+      "reference_data":[
+         {
+            "name":"https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d",
+            "refsource":"CONFIRM",
+            "url":"https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d"
+         },
+         {
+            "name":"https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e",
+            "refsource":"MISC",
+            "url":"https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e"
+         }
+      ]
+   },
+   "source":{
+      "advisory":"dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d",
+      "discovery":"EXTERNAL"
+   }
+}