admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-04 17:00:53 +00:00
parent e944960b02
commit 53d0a9beb4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
22 changed files with 1614 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/28xxx/CVE-2020-28119.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/i900008/panexiang.github.io/blob/gh-pages/CVE-2020-28119.md",
"url": "https://github.com/i900008/panexiang.github.io/blob/gh-pages/CVE-2020-28119.md"
}
]
}

79
2021/22xxx/CVE-2021-22259.json
View File

@ -4,15 +4,86 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.6, <14.1.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/335146",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/335146",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22259.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22259.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

56
2021/35xxx/CVE-2021-35296.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/afaq1337/CVE-2021-35296",
"url": "https://github.com/afaq1337/CVE-2021-35296"
}
]
}

99
2021/36xxx/CVE-2021-36850.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2021-04-08T23:09:00.000Z",
"ID": "CVE-2021-36850",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Media File Renamer \u2013 Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Media File Renamer \u2013 Auto & Manual Rename (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 5.1.9",
"version_value": "5.1.9"
}
]
}
}
]
},
"vendor_name": "Meow Apps"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Original researcher - Ngo Van Thien (Patchstack Red Team)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer \u2013 Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters \"post_title\", \"filename\", \"lock\". This allows changing the uploaded media title, media file name, and media locking state."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/media-file-renamer/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/media-file-renamer/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-1-9-multiple-cross-site-request-forgery-csrf-vulnerabilities",
"refsource": "MISC",
"url": "https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-1-9-multiple-cross-site-request-forgery-csrf-vulnerabilities"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 5.2.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

90
2021/39xxx/CVE-2021-39868.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=8.12, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/24649",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/24649",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/420258",
"url": "https://hackerone.com/reports/420258",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39868.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39868.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks @ngalog for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2021/39xxx/CVE-2021-39871.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39871",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.0, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/340782",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/340782",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/630263",
"url": "https://hackerone.com/reports/630263",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39871.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39871.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered internally by a member of the GitLab team."
}
]
}

90
2021/39xxx/CVE-2021-39873.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient verification of data authenticity in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/27241",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/27241",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/504961",
"url": "https://hackerone.com/reports/504961",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39873.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39873.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks @w00t1 for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2021/39xxx/CVE-2021-39874.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39874",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.0, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/222527",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/222527",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/898477",
"url": "https://hackerone.com/reports/898477",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39874.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39874.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks @melar_dev for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2021/39xxx/CVE-2021-39877.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.2, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300095",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300095",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1077021",
"url": "https://hackerone.com/reports/1077021",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39877.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39877.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks phill for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

79
2021/39xxx/CVE-2021-39879.json
View File

@ -4,15 +4,86 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39879",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=7.11.0, <14.1.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing authentication for critical function in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/338825",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/338825",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39879.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39879.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication"
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 2.2,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

79
2021/39xxx/CVE-2021-39883.json
View File

@ -4,15 +4,86 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39883",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.11, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/334279",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/334279",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39883.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39883.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

90
2021/39xxx/CVE-2021-39885.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.7, <14.3.1"
},
{
"version_value": ">=13.6, <14.2.5"
},
{
"version_value": ">=13.5, <14.1.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/341140",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/341140",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1342009",
"url": "https://hackerone.com/reports/1342009",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39885.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39885.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names"
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks joaxcar for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

85
2021/39xxx/CVE-2021-39896.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39896",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=8.0, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/339362",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/339362",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.7,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was reported to GitLab by a customer."
}
]
}

85
2021/39xxx/CVE-2021-39899.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of excessive authentication attempts in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/339154",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/339154",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39899.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39899.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In all versions of GitLab CE/EE, an attacker with physical access to a user\u2019s machine may brute force the user\u2019s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 2.9,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered internally by the GitLab team."
}
]
}

85
2021/39xxx/CVE-2021-39900.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39900",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=10.8, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/325088",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/325088",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39900.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39900.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 1.9,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

61
2021/40xxx/CVE-2021-40683.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40683",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.akamai.com/products/enterprise-application-access",
"refsource": "MISC",
"name": "https://www.akamai.com/products/enterprise-application-access"
},
{
"refsource": "CONFIRM",
"name": "https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability",
"url": "https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability"
}
]
}

50
2021/41xxx/CVE-2021-41530.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@forcepoint.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Forcepoint Next Generation Firewall",
"version": {
"version_data": [
{
"version_value": "NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are all vulnerable, if HTTP User Response has been configured."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Amplification Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://help.forcepoint.com/security/CVE/CVE-2021-41530.html",
"url": "https://help.forcepoint.com/security/CVE/CVE-2021-41530.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured."
}
]
}

71
2021/41xxx/CVE-2021-41591.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html",
"refsource": "MISC",
"name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html"
},
{
"url": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing",
"refsource": "MISC",
"name": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing"
},
{
"refsource": "MISC",
"name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html",
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html"
},
{
"refsource": "MISC",
"name": "https://github.com/ACINQ/eclair/pull/1985",
"url": "https://github.com/ACINQ/eclair/pull/1985"
}
]
}

71
2021/41xxx/CVE-2021-41592.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html",
"refsource": "MISC",
"name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html"
},
{
"url": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing",
"refsource": "MISC",
"name": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing"
},
{
"url": "https://github.com/ElementsProject/lightning",
"refsource": "MISC",
"name": "https://github.com/ElementsProject/lightning"
},
{
"refsource": "MISC",
"name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html",
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html"
}
]
}

76
2021/41xxx/CVE-2021-41593.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41593",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html",
"refsource": "MISC",
"name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html"
},
{
"url": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing",
"refsource": "MISC",
"name": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing"
},
{
"refsource": "MISC",
"name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html",
"url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html"
},
{
"refsource": "MISC",
"name": "https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta",
"url": "https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta"
},
{
"refsource": "MISC",
"name": "https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md",
"url": "https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md"
}
]
}

71
2021/41xxx/CVE-2021-41595.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/salesagility/SuiteCRM",
"refsource": "MISC",
"name": "https://github.com/salesagility/SuiteCRM"
},
{
"refsource": "CONFIRM",
"name": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33",
"url": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33"
},
{
"refsource": "CONFIRM",
"name": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22",
"url": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22"
},
{
"refsource": "MISC",
"name": "https://github.com/ach-ing/cves/blob/main/CVE-2021-41595.md",
"url": "https://github.com/ach-ing/cves/blob/main/CVE-2021-41595.md"
}
]
}

76
2021/41xxx/CVE-2021-41596.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41596",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://suitecrm.com",
"refsource": "MISC",
"name": "https://suitecrm.com"
},
{
"url": "https://github.com/salesagility/SuiteCRM",
"refsource": "MISC",
"name": "https://github.com/salesagility/SuiteCRM"
},
{
"refsource": "CONFIRM",
"name": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33",
"url": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33"
},
{
"refsource": "CONFIRM",
"name": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22",
"url": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22"
},
{
"refsource": "MISC",
"name": "https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md",
"url": "https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md"
}
]
}