mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
6e4c3329e5
commit
521a56811a
@ -69,6 +69,11 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj",
|
||||
"refsource": "CONFIRM",
|
||||
@ -83,11 +88,6 @@
|
||||
"name": "https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios.\n\n1. A local regular user may modify the existing `C:\\ProgramData\\ComposerSetup\\bin\\composer.bat` in order to get elevated command execution when composer is run by an administrator.\n\n2. A local regular user may create a specially crafted dll in the `C:\\ProgramData\\ComposerSetup\\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking.\n\n3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability."
|
||||
"value": "In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:\\ProgramData\\ComposerSetup\\bin\\composer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:\\ProgramData\\ComposerSetup\\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,18 +1,93 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@adobe.com",
|
||||
"DATE_PUBLIC": "2020-08-10T23:00:00.000Z",
|
||||
"ID": "CVE-2020-9708",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Helix",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "1.3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Adobe"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Loba\u010devski)."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-24 Path Traversal: '../filedir'"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93",
|
||||
"name": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user