From 53d0a9beb4c2f2bdce74121407b73807aa4b68d7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 4 Oct 2021 17:00:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/28xxx/CVE-2020-28119.json | 56 ++++++++++++++++--- 2021/22xxx/CVE-2021-22259.json | 79 +++++++++++++++++++++++++-- 2021/35xxx/CVE-2021-35296.json | 56 ++++++++++++++++--- 2021/36xxx/CVE-2021-36850.json | 99 +++++++++++++++++++++++++++++++--- 2021/39xxx/CVE-2021-39868.json | 90 +++++++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39871.json | 90 +++++++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39873.json | 90 +++++++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39874.json | 90 +++++++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39877.json | 90 +++++++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39879.json | 79 +++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39883.json | 79 +++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39885.json | 90 +++++++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39896.json | 85 +++++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39899.json | 85 +++++++++++++++++++++++++++-- 2021/39xxx/CVE-2021-39900.json | 85 +++++++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40683.json | 61 ++++++++++++++++++--- 2021/41xxx/CVE-2021-41530.json | 50 +++++++++++++++-- 2021/41xxx/CVE-2021-41591.json | 71 +++++++++++++++++++++--- 2021/41xxx/CVE-2021-41592.json | 71 +++++++++++++++++++++--- 2021/41xxx/CVE-2021-41593.json | 76 +++++++++++++++++++++++--- 2021/41xxx/CVE-2021-41595.json | 71 +++++++++++++++++++++--- 2021/41xxx/CVE-2021-41596.json | 76 +++++++++++++++++++++++--- 22 files changed, 1614 insertions(+), 105 deletions(-) diff --git a/2020/28xxx/CVE-2020-28119.json b/2020/28xxx/CVE-2020-28119.json index e4b9f4c60e8..e8626ec2a2c 100644 --- a/2020/28xxx/CVE-2020-28119.json +++ b/2020/28xxx/CVE-2020-28119.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28119", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28119", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/i900008/panexiang.github.io/blob/gh-pages/CVE-2020-28119.md", + "url": "https://github.com/i900008/panexiang.github.io/blob/gh-pages/CVE-2020-28119.md" } ] } diff --git a/2021/22xxx/CVE-2021-22259.json b/2021/22xxx/CVE-2021-22259.json index 9cbd6e5278c..607ee413b2a 100644 --- a/2021/22xxx/CVE-2021-22259.json +++ b/2021/22xxx/CVE-2021-22259.json @@ -4,15 +4,86 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22259", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=12.6, <14.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/335146", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/335146", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22259.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22259.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/35xxx/CVE-2021-35296.json b/2021/35xxx/CVE-2021-35296.json index f2261a192a2..f58e06b141b 100644 --- a/2021/35xxx/CVE-2021-35296.json +++ b/2021/35xxx/CVE-2021-35296.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35296", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35296", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/afaq1337/CVE-2021-35296", + "url": "https://github.com/afaq1337/CVE-2021-35296" } ] } diff --git a/2021/36xxx/CVE-2021-36850.json b/2021/36xxx/CVE-2021-36850.json index a53733ca538..0a51d5e47e2 100644 --- a/2021/36xxx/CVE-2021-36850.json +++ b/2021/36xxx/CVE-2021-36850.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2021-04-08T23:09:00.000Z", "ID": "CVE-2021-36850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Media File Renamer \u2013 Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Media File Renamer \u2013 Auto & Manual Rename (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 5.1.9", + "version_value": "5.1.9" + } + ] + } + } + ] + }, + "vendor_name": "Meow Apps" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Original researcher - Ngo Van Thien (Patchstack Red Team)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer \u2013 Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters \"post_title\", \"filename\", \"lock\". This allows changing the uploaded media title, media file name, and media locking state." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/media-file-renamer/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/media-file-renamer/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-1-9-multiple-cross-site-request-forgery-csrf-vulnerabilities", + "refsource": "MISC", + "url": "https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-1-9-multiple-cross-site-request-forgery-csrf-vulnerabilities" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 5.2.0 or higher version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39868.json b/2021/39xxx/CVE-2021-39868.json index 1fbb1877d18..d829613cc40 100644 --- a/2021/39xxx/CVE-2021-39868.json +++ b/2021/39xxx/CVE-2021-39868.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39868", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=8.12, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input validation in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/24649", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/24649", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/420258", + "url": "https://hackerone.com/reports/420258", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39868.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39868.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @ngalog for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39871.json b/2021/39xxx/CVE-2021-39871.json index 66f6691f9b2..0c5e0aff0dc 100644 --- a/2021/39xxx/CVE-2021-39871.json +++ b/2021/39xxx/CVE-2021-39871.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39871", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.0, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/340782", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/340782", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/630263", + "url": "https://hackerone.com/reports/630263", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39871.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39871.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered internally by a member of the GitLab team." + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39873.json b/2021/39xxx/CVE-2021-39873.json index 0d241b42c21..efde071eebf 100644 --- a/2021/39xxx/CVE-2021-39873.json +++ b/2021/39xxx/CVE-2021-39873.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=1.0, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient verification of data authenticity in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/27241", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/27241", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/504961", + "url": "https://hackerone.com/reports/504961", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39873.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39873.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @w00t1 for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39874.json b/2021/39xxx/CVE-2021-39874.json index 2628c8c0327..f26b8e72b27 100644 --- a/2021/39xxx/CVE-2021-39874.json +++ b/2021/39xxx/CVE-2021-39874.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=11.0, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/222527", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/222527", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/898477", + "url": "https://hackerone.com/reports/898477", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39874.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39874.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @melar_dev for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39877.json b/2021/39xxx/CVE-2021-39877.json index afb974ae490..34c08bef253 100644 --- a/2021/39xxx/CVE-2021-39877.json +++ b/2021/39xxx/CVE-2021-39877.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=12.2, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300095", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300095", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1077021", + "url": "https://hackerone.com/reports/1077021", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39877.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39877.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 7.7, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks phill for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39879.json b/2021/39xxx/CVE-2021-39879.json index be4a116326e..e84628ce90c 100644 --- a/2021/39xxx/CVE-2021-39879.json +++ b/2021/39xxx/CVE-2021-39879.json @@ -4,15 +4,86 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39879", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=7.11.0, <14.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing authentication for critical function in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/338825", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/338825", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39879.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39879.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 2.2, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39883.json b/2021/39xxx/CVE-2021-39883.json index e34c16fd6c8..8467827514a 100644 --- a/2021/39xxx/CVE-2021-39883.json +++ b/2021/39xxx/CVE-2021-39883.json @@ -4,15 +4,86 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.11, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/334279", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/334279", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39883.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39883.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39885.json b/2021/39xxx/CVE-2021-39885.json index bce6357f4fc..ea6780cc1d9 100644 --- a/2021/39xxx/CVE-2021-39885.json +++ b/2021/39xxx/CVE-2021-39885.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39885", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.7, <14.3.1" + }, + { + "version_value": ">=13.6, <14.2.5" + }, + { + "version_value": ">=13.5, <14.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/341140", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/341140", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1342009", + "url": "https://hackerone.com/reports/1342009", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39885.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39885.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks joaxcar for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39896.json b/2021/39xxx/CVE-2021-39896.json index 912564cad7e..83be062c15d 100644 --- a/2021/39xxx/CVE-2021-39896.json +++ b/2021/39xxx/CVE-2021-39896.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=8.0, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/339362", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/339362", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39896.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3.7, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was reported to GitLab by a customer." + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39899.json b/2021/39xxx/CVE-2021-39899.json index 88b1813059c..2d8d369cd17 100644 --- a/2021/39xxx/CVE-2021-39899.json +++ b/2021/39xxx/CVE-2021-39899.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=1.0, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper restriction of excessive authentication attempts in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/339154", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/339154", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39899.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39899.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE, an attacker with physical access to a user\u2019s machine may brute force the user\u2019s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 2.9, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered internally by the GitLab team." + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39900.json b/2021/39xxx/CVE-2021-39900.json index 0c9cd4d5693..d0f001dd7d3 100644 --- a/2021/39xxx/CVE-2021-39900.json +++ b/2021/39xxx/CVE-2021-39900.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39900", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=10.8, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/325088", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/325088", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39900.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39900.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 1.9, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40683.json b/2021/40xxx/CVE-2021-40683.json index d0c8cc64ccb..be42838fa75 100644 --- a/2021/40xxx/CVE-2021-40683.json +++ b/2021/40xxx/CVE-2021-40683.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40683", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40683", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.akamai.com/products/enterprise-application-access", + "refsource": "MISC", + "name": "https://www.akamai.com/products/enterprise-application-access" + }, + { + "refsource": "CONFIRM", + "name": "https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability", + "url": "https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability" } ] } diff --git a/2021/41xxx/CVE-2021-41530.json b/2021/41xxx/CVE-2021-41530.json index a178e397ccb..76128396158 100644 --- a/2021/41xxx/CVE-2021-41530.json +++ b/2021/41xxx/CVE-2021-41530.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@forcepoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Forcepoint Next Generation Firewall", + "version": { + "version_data": [ + { + "version_value": "NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are all vulnerable, if HTTP User Response has been configured." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Amplification Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://help.forcepoint.com/security/CVE/CVE-2021-41530.html", + "url": "https://help.forcepoint.com/security/CVE/CVE-2021-41530.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured." } ] } diff --git a/2021/41xxx/CVE-2021-41591.json b/2021/41xxx/CVE-2021-41591.json index 6f2a4142dab..d713081bbcf 100644 --- a/2021/41xxx/CVE-2021-41591.json +++ b/2021/41xxx/CVE-2021-41591.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41591", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41591", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html", + "refsource": "MISC", + "name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html" + }, + { + "url": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing", + "refsource": "MISC", + "name": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing" + }, + { + "refsource": "MISC", + "name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html", + "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/ACINQ/eclair/pull/1985", + "url": "https://github.com/ACINQ/eclair/pull/1985" } ] } diff --git a/2021/41xxx/CVE-2021-41592.json b/2021/41xxx/CVE-2021-41592.json index e05b36c25b4..8e19016d545 100644 --- a/2021/41xxx/CVE-2021-41592.json +++ b/2021/41xxx/CVE-2021-41592.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41592", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41592", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html", + "refsource": "MISC", + "name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html" + }, + { + "url": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing", + "refsource": "MISC", + "name": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing" + }, + { + "url": "https://github.com/ElementsProject/lightning", + "refsource": "MISC", + "name": "https://github.com/ElementsProject/lightning" + }, + { + "refsource": "MISC", + "name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html", + "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html" } ] } diff --git a/2021/41xxx/CVE-2021-41593.json b/2021/41xxx/CVE-2021-41593.json index cb69f73a1f6..9bfbc33ef85 100644 --- a/2021/41xxx/CVE-2021-41593.json +++ b/2021/41xxx/CVE-2021-41593.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41593", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41593", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html", + "refsource": "MISC", + "name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html" + }, + { + "url": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing", + "refsource": "MISC", + "name": "https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing" + }, + { + "refsource": "MISC", + "name": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html", + "url": "https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-October/003257.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta", + "url": "https://github.com/lightningnetwork/lnd/releases/tag/v0.13.3-beta" + }, + { + "refsource": "MISC", + "name": "https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md", + "url": "https://github.com/lightningnetwork/lnd/blob/master/docs/release-notes/release-notes-0.13.3.md" } ] } diff --git a/2021/41xxx/CVE-2021-41595.json b/2021/41xxx/CVE-2021-41595.json index 84b66ec1609..086ead11e21 100644 --- a/2021/41xxx/CVE-2021-41595.json +++ b/2021/41xxx/CVE-2021-41595.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41595", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41595", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/salesagility/SuiteCRM", + "refsource": "MISC", + "name": "https://github.com/salesagility/SuiteCRM" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33", + "url": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22", + "url": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22" + }, + { + "refsource": "MISC", + "name": "https://github.com/ach-ing/cves/blob/main/CVE-2021-41595.md", + "url": "https://github.com/ach-ing/cves/blob/main/CVE-2021-41595.md" } ] } diff --git a/2021/41xxx/CVE-2021-41596.json b/2021/41xxx/CVE-2021-41596.json index c3ab31ee1c8..f07abb30e80 100644 --- a/2021/41xxx/CVE-2021-41596.json +++ b/2021/41xxx/CVE-2021-41596.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41596", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41596", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://suitecrm.com", + "refsource": "MISC", + "name": "https://suitecrm.com" + }, + { + "url": "https://github.com/salesagility/SuiteCRM", + "refsource": "MISC", + "name": "https://github.com/salesagility/SuiteCRM" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33", + "url": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_33" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22", + "url": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_22" + }, + { + "refsource": "MISC", + "name": "https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md", + "url": "https://github.com/ach-ing/cves/blob/main/CVE-2021-41596.md" } ] }