From 521a56811ad24ad34ad04a0bfec6c736dfeb2238 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 14 Aug 2020 17:01:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15141.json | 10 ++-- 2020/15xxx/CVE-2020-15145.json | 2 +- 2020/9xxx/CVE-2020-9708.json | 87 +++++++++++++++++++++++++++++++--- 3 files changed, 87 insertions(+), 12 deletions(-) diff --git a/2020/15xxx/CVE-2020-15141.json b/2020/15xxx/CVE-2020-15141.json index d27e6f35e50..6e74681d56f 100644 --- a/2020/15xxx/CVE-2020-15141.json +++ b/2020/15xxx/CVE-2020-15141.json @@ -69,6 +69,11 @@ }, "references": { "reference_data": [ + { + "name": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13", + "refsource": "MISC", + "url": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13" + }, { "name": "https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj", "refsource": "CONFIRM", @@ -83,11 +88,6 @@ "name": "https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746", "refsource": "MISC", "url": "https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746" - }, - { - "name": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13", - "refsource": "MISC", - "url": "https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13" } ] }, diff --git a/2020/15xxx/CVE-2020-15145.json b/2020/15xxx/CVE-2020-15145.json index 32eb0411299..e126f7a3907 100644 --- a/2020/15xxx/CVE-2020-15145.json +++ b/2020/15xxx/CVE-2020-15145.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios.\n\n1. A local regular user may modify the existing `C:\\ProgramData\\ComposerSetup\\bin\\composer.bat` in order to get elevated command execution when composer is run by an administrator.\n\n2. A local regular user may create a specially crafted dll in the `C:\\ProgramData\\ComposerSetup\\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking.\n\n3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability." + "value": "In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:\\ProgramData\\ComposerSetup\\bin\\composer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:\\ProgramData\\ComposerSetup\\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability." } ] }, diff --git a/2020/9xxx/CVE-2020-9708.json b/2020/9xxx/CVE-2020-9708.json index 4287497c13c..f456740a05e 100644 --- a/2020/9xxx/CVE-2020-9708.json +++ b/2020/9xxx/CVE-2020-9708.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2020-08-10T23:00:00.000Z", "ID": "CVE-2020-9708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Helix", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered and reported by GHSL team member @JarLob (Jaroslav Loba\u010devski)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-24 Path Traversal: '../filedir'" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93", + "name": "https://github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file