From 53edfa61a8e658d574cdea542dc98ce506ffc190 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 25 Jul 2023 15:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/23xxx/CVE-2020-23064.json | 5 ++ 2022/4xxx/CVE-2022-4899.json | 5 ++ 2023/0xxx/CVE-2023-0361.json | 5 ++ 2023/20xxx/CVE-2023-20867.json | 5 ++ 2023/21xxx/CVE-2023-21400.json | 5 ++ 2023/21xxx/CVE-2023-21950.json | 5 ++ 2023/22xxx/CVE-2023-22005.json | 5 ++ 2023/22xxx/CVE-2023-22006.json | 5 ++ 2023/22xxx/CVE-2023-22007.json | 5 ++ 2023/22xxx/CVE-2023-22008.json | 5 ++ 2023/22xxx/CVE-2023-22033.json | 5 ++ 2023/22xxx/CVE-2023-22036.json | 5 ++ 2023/22xxx/CVE-2023-22038.json | 5 ++ 2023/22xxx/CVE-2023-22041.json | 5 ++ 2023/22xxx/CVE-2023-22043.json | 5 ++ 2023/22xxx/CVE-2023-22044.json | 5 ++ 2023/22xxx/CVE-2023-22045.json | 5 ++ 2023/22xxx/CVE-2023-22046.json | 5 ++ 2023/22xxx/CVE-2023-22048.json | 5 ++ 2023/22xxx/CVE-2023-22049.json | 5 ++ 2023/22xxx/CVE-2023-22053.json | 5 ++ 2023/22xxx/CVE-2023-22054.json | 5 ++ 2023/22xxx/CVE-2023-22056.json | 5 ++ 2023/22xxx/CVE-2023-22057.json | 5 ++ 2023/22xxx/CVE-2023-22058.json | 5 ++ 2023/25xxx/CVE-2023-25193.json | 5 ++ 2023/2xxx/CVE-2023-2975.json | 5 ++ 2023/34xxx/CVE-2023-34093.json | 86 ++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36617.json | 5 ++ 2023/37xxx/CVE-2023-37895.json | 109 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39167.json | 18 ++++++ 2023/39xxx/CVE-2023-39168.json | 18 ++++++ 2023/39xxx/CVE-2023-39169.json | 18 ++++++ 2023/39xxx/CVE-2023-39170.json | 18 ++++++ 2023/39xxx/CVE-2023-39171.json | 18 ++++++ 2023/39xxx/CVE-2023-39172.json | 18 ++++++ 2023/39xxx/CVE-2023-39173.json | 83 +++++++++++++++++++++++++ 2023/39xxx/CVE-2023-39174.json | 83 +++++++++++++++++++++++++ 2023/39xxx/CVE-2023-39175.json | 83 +++++++++++++++++++++++++ 2023/3xxx/CVE-2023-3942.json | 18 ++++++ 2023/3xxx/CVE-2023-3943.json | 18 ++++++ 2023/3xxx/CVE-2023-3944.json | 18 ++++++ 2023/3xxx/CVE-2023-3945.json | 18 ++++++ 43 files changed, 755 insertions(+), 9 deletions(-) create mode 100644 2023/39xxx/CVE-2023-39167.json create mode 100644 2023/39xxx/CVE-2023-39168.json create mode 100644 2023/39xxx/CVE-2023-39169.json create mode 100644 2023/39xxx/CVE-2023-39170.json create mode 100644 2023/39xxx/CVE-2023-39171.json create mode 100644 2023/39xxx/CVE-2023-39172.json create mode 100644 2023/39xxx/CVE-2023-39173.json create mode 100644 2023/39xxx/CVE-2023-39174.json create mode 100644 2023/39xxx/CVE-2023-39175.json create mode 100644 2023/3xxx/CVE-2023-3942.json create mode 100644 2023/3xxx/CVE-2023-3943.json create mode 100644 2023/3xxx/CVE-2023-3944.json create mode 100644 2023/3xxx/CVE-2023-3945.json diff --git a/2020/23xxx/CVE-2020-23064.json b/2020/23xxx/CVE-2020-23064.json index 29d3e5884ac..afe89090875 100644 --- a/2020/23xxx/CVE-2020-23064.json +++ b/2020/23xxx/CVE-2020-23064.json @@ -61,6 +61,11 @@ "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129", "refsource": "MISC", "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230725-0003/", + "url": "https://security.netapp.com/advisory/ntap-20230725-0003/" } ] } diff --git a/2022/4xxx/CVE-2022-4899.json b/2022/4xxx/CVE-2022-4899.json index f81be4e9bee..d34feedb337 100644 --- a/2022/4xxx/CVE-2022-4899.json +++ b/2022/4xxx/CVE-2022-4899.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://github.com/facebook/zstd/issues/3200", "url": "https://github.com/facebook/zstd/issues/3200" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/0xxx/CVE-2023-0361.json b/2023/0xxx/CVE-2023-0361.json index ea843bd1094..454a36f50f0 100644 --- a/2023/0xxx/CVE-2023-0361.json +++ b/2023/0xxx/CVE-2023-0361.json @@ -83,6 +83,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20230324-0005/", "url": "https://security.netapp.com/advisory/ntap-20230324-0005/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/20xxx/CVE-2023-20867.json b/2023/20xxx/CVE-2023-20867.json index e30dc3022db..0cfd3270ce5 100644 --- a/2023/20xxx/CVE-2023-20867.json +++ b/2023/20xxx/CVE-2023-20867.json @@ -66,6 +66,11 @@ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html", "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0001/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0001/" } ] }, diff --git a/2023/21xxx/CVE-2023-21400.json b/2023/21xxx/CVE-2023-21400.json index 5e02523d267..d4aefa06077 100644 --- a/2023/21xxx/CVE-2023-21400.json +++ b/2023/21xxx/CVE-2023-21400.json @@ -72,6 +72,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/07/19/7", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/07/19/7" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/25/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/07/25/7" } ] } diff --git a/2023/21xxx/CVE-2023-21950.json b/2023/21xxx/CVE-2023-21950.json index b12484676e7..368995eb814 100644 --- a/2023/21xxx/CVE-2023-21950.json +++ b/2023/21xxx/CVE-2023-21950.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22005.json b/2023/22xxx/CVE-2023-22005.json index 0c0004c4085..a66fdcb24e9 100644 --- a/2023/22xxx/CVE-2023-22005.json +++ b/2023/22xxx/CVE-2023-22005.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22006.json b/2023/22xxx/CVE-2023-22006.json index 072f14d3a1a..dd97e113d8e 100644 --- a/2023/22xxx/CVE-2023-22006.json +++ b/2023/22xxx/CVE-2023-22006.json @@ -85,6 +85,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] }, diff --git a/2023/22xxx/CVE-2023-22007.json b/2023/22xxx/CVE-2023-22007.json index 7a0d1bdaa5d..b88e8bcc46a 100644 --- a/2023/22xxx/CVE-2023-22007.json +++ b/2023/22xxx/CVE-2023-22007.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22008.json b/2023/22xxx/CVE-2023-22008.json index 8c83bb7a132..210f533c3fa 100644 --- a/2023/22xxx/CVE-2023-22008.json +++ b/2023/22xxx/CVE-2023-22008.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22033.json b/2023/22xxx/CVE-2023-22033.json index f7df405c9fb..f4b20278f14 100644 --- a/2023/22xxx/CVE-2023-22033.json +++ b/2023/22xxx/CVE-2023-22033.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22036.json b/2023/22xxx/CVE-2023-22036.json index e825be2681d..32572bea918 100644 --- a/2023/22xxx/CVE-2023-22036.json +++ b/2023/22xxx/CVE-2023-22036.json @@ -85,6 +85,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] }, diff --git a/2023/22xxx/CVE-2023-22038.json b/2023/22xxx/CVE-2023-22038.json index 5ebb3492ae6..e24f85f9793 100644 --- a/2023/22xxx/CVE-2023-22038.json +++ b/2023/22xxx/CVE-2023-22038.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22041.json b/2023/22xxx/CVE-2023-22041.json index adb213cf970..1aacf278b01 100644 --- a/2023/22xxx/CVE-2023-22041.json +++ b/2023/22xxx/CVE-2023-22041.json @@ -89,6 +89,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] }, diff --git a/2023/22xxx/CVE-2023-22043.json b/2023/22xxx/CVE-2023-22043.json index f5692a396dc..e367a06dea0 100644 --- a/2023/22xxx/CVE-2023-22043.json +++ b/2023/22xxx/CVE-2023-22043.json @@ -57,6 +57,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] }, diff --git a/2023/22xxx/CVE-2023-22044.json b/2023/22xxx/CVE-2023-22044.json index ef8de745e66..538e90a633d 100644 --- a/2023/22xxx/CVE-2023-22044.json +++ b/2023/22xxx/CVE-2023-22044.json @@ -81,6 +81,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] }, diff --git a/2023/22xxx/CVE-2023-22045.json b/2023/22xxx/CVE-2023-22045.json index c40b80eb4ce..b5d624c76fa 100644 --- a/2023/22xxx/CVE-2023-22045.json +++ b/2023/22xxx/CVE-2023-22045.json @@ -93,6 +93,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] }, diff --git a/2023/22xxx/CVE-2023-22046.json b/2023/22xxx/CVE-2023-22046.json index 9bea79042a9..19bf22f7394 100644 --- a/2023/22xxx/CVE-2023-22046.json +++ b/2023/22xxx/CVE-2023-22046.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22048.json b/2023/22xxx/CVE-2023-22048.json index a576f04ebd2..d891c5e2ad5 100644 --- a/2023/22xxx/CVE-2023-22048.json +++ b/2023/22xxx/CVE-2023-22048.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22049.json b/2023/22xxx/CVE-2023-22049.json index f5780130903..8ff37aae012 100644 --- a/2023/22xxx/CVE-2023-22049.json +++ b/2023/22xxx/CVE-2023-22049.json @@ -93,6 +93,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0006/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] }, diff --git a/2023/22xxx/CVE-2023-22053.json b/2023/22xxx/CVE-2023-22053.json index 8218b2bdb44..b938447d7eb 100644 --- a/2023/22xxx/CVE-2023-22053.json +++ b/2023/22xxx/CVE-2023-22053.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22054.json b/2023/22xxx/CVE-2023-22054.json index 65ddc77c522..f6ff23439db 100644 --- a/2023/22xxx/CVE-2023-22054.json +++ b/2023/22xxx/CVE-2023-22054.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22056.json b/2023/22xxx/CVE-2023-22056.json index e8f3dd0ae4e..fec30199020 100644 --- a/2023/22xxx/CVE-2023-22056.json +++ b/2023/22xxx/CVE-2023-22056.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22057.json b/2023/22xxx/CVE-2023-22057.json index fc9e62fe8f8..454345b1ace 100644 --- a/2023/22xxx/CVE-2023-22057.json +++ b/2023/22xxx/CVE-2023-22057.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/22xxx/CVE-2023-22058.json b/2023/22xxx/CVE-2023-22058.json index f6a9476b86b..b48767b9eac 100644 --- a/2023/22xxx/CVE-2023-22058.json +++ b/2023/22xxx/CVE-2023-22058.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2023.html" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0005/" } ] }, diff --git a/2023/25xxx/CVE-2023-25193.json b/2023/25xxx/CVE-2023-25193.json index 88b6423a584..4620e42475c 100644 --- a/2023/25xxx/CVE-2023-25193.json +++ b/2023/25xxx/CVE-2023-25193.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2023-a48406ecd2", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230725-0006/", + "url": "https://security.netapp.com/advisory/ntap-20230725-0006/" } ] } diff --git a/2023/2xxx/CVE-2023-2975.json b/2023/2xxx/CVE-2023-2975.json index 120f2061e74..5092d4da16e 100644 --- a/2023/2xxx/CVE-2023-2975.json +++ b/2023/2xxx/CVE-2023-2975.json @@ -83,6 +83,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/07/19/5", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/07/19/5" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230725-0004/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230725-0004/" } ] }, diff --git a/2023/34xxx/CVE-2023-34093.json b/2023/34xxx/CVE-2023-34093.json index 93342f87b30..4cf638a6daf 100644 --- a/2023/34xxx/CVE-2023-34093.json +++ b/2023/34xxx/CVE-2023-34093.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "strapi", + "product": { + "product_data": [ + { + "product_name": "strapi", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.10.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/security/advisories/GHSA-chmr-rg2f-9jmf" + }, + { + "url": "https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/commit/2fa8f30371bfd1db44c15e5747860ee5789096de" + }, + { + "url": "https://github.com/strapi/strapi/releases/tag/v4.10.8", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/releases/tag/v4.10.8" + } + ] + }, + "source": { + "advisory": "GHSA-chmr-rg2f-9jmf", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36617.json b/2023/36xxx/CVE-2023-36617.json index 82f93971733..4ac93a81d0b 100644 --- a/2023/36xxx/CVE-2023-36617.json +++ b/2023/36xxx/CVE-2023-36617.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/", "url": "https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230725-0002/", + "url": "https://security.netapp.com/advisory/ntap-20230725-0002/" } ] } diff --git a/2023/37xxx/CVE-2023-37895.json b/2023/37xxx/CVE-2023-37895.json index e0801a73dcc..6b0e35489ff 100644 --- a/2023/37xxx/CVE-2023-37895.json +++ b/2023/37xxx/CVE-2023-37895.json @@ -1,18 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-37895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component \"commons-beanutils\", which contains a class that can be used for remote code execution over RMI.\n\nUsers are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore.\n\nIn general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases.\n\nHow to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone.\n\nThe native RMI protocol by default uses port 1099. To check whether it is enabled, tools like \"netstat\" can be used to check.\n\nRMI-over-HTTP in Jackrabbit by default uses the path \"/rmi\". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control.\n\nTurning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:\n\n\u00a0 \u00a0 \u00a0 \u00a0 \n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 RMI\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 org.apache.jackrabbit.servlet.remote.RemoteBindingServlet\n\u00a0 \u00a0 \u00a0 \u00a0 \n\n\u00a0 \u00a0 \u00a0 \u00a0 \n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 RMI\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 /rmi\n\u00a0 \u00a0 \u00a0 \u00a0 \n\nFind the bootstrap.properties file (in $REPOSITORY_HOME), and set\n\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.enabled=false\n\n\u00a0 \u00a0 and also remove\n\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.host\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.port\n\u00a0 \u00a0 \u00a0 \u00a0 rmi.url-pattern\n\n\u00a0If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.\n\n\u00a0\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Jackrabbit Webapp (jackrabbit-webapp)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.21.0", + "version_value": "2.21.18" + }, + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "2.20.11" + } + ] + } + }, + { + "product_name": "Apache Jackrabbit Standalone (jackrabbit-standalone and jackrabbit-standalone-components)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.21.0", + "version_value": "2.21.18" + }, + { + "version_affected": "<", + "version_name": "1.0.0", + "version_value": "2.20.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/list.html?users@jackrabbit.apache.org", + "refsource": "MISC", + "name": "https://lists.apache.org/list.html?users@jackrabbit.apache.org" + }, + { + "url": "https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/07/25/8", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/07/25/8" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Siebene@" + }, + { + "lang": "en", + "value": "Michael D\u00fcrig" + }, + { + "lang": "en", + "value": "Manfred Baedke" + } + ] } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39167.json b/2023/39xxx/CVE-2023-39167.json new file mode 100644 index 00000000000..d91650abee0 --- /dev/null +++ b/2023/39xxx/CVE-2023-39167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39168.json b/2023/39xxx/CVE-2023-39168.json new file mode 100644 index 00000000000..7668c351ab5 --- /dev/null +++ b/2023/39xxx/CVE-2023-39168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39169.json b/2023/39xxx/CVE-2023-39169.json new file mode 100644 index 00000000000..0c7e3c49dd6 --- /dev/null +++ b/2023/39xxx/CVE-2023-39169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39170.json b/2023/39xxx/CVE-2023-39170.json new file mode 100644 index 00000000000..5d2a10c0a24 --- /dev/null +++ b/2023/39xxx/CVE-2023-39170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39171.json b/2023/39xxx/CVE-2023-39171.json new file mode 100644 index 00000000000..d273259eb79 --- /dev/null +++ b/2023/39xxx/CVE-2023-39171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39172.json b/2023/39xxx/CVE-2023-39172.json new file mode 100644 index 00000000000..51765ae41a5 --- /dev/null +++ b/2023/39xxx/CVE-2023-39172.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-39172", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39173.json b/2023/39xxx/CVE-2023-39173.json new file mode 100644 index 00000000000..bf2f6244084 --- /dev/null +++ b/2023/39xxx/CVE-2023-39173.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-39173", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2023.05.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39174.json b/2023/39xxx/CVE-2023-39174.json new file mode 100644 index 00000000000..e7c82fdafcd --- /dev/null +++ b/2023/39xxx/CVE-2023-39174.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-39174", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2023.05.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" + } + ] + } +} \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39175.json b/2023/39xxx/CVE-2023-39175.json new file mode 100644 index 00000000000..1082c917680 --- /dev/null +++ b/2023/39xxx/CVE-2023-39175.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-39175", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2023.05.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3942.json b/2023/3xxx/CVE-2023-3942.json new file mode 100644 index 00000000000..78aadf5196c --- /dev/null +++ b/2023/3xxx/CVE-2023-3942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3943.json b/2023/3xxx/CVE-2023-3943.json new file mode 100644 index 00000000000..9c5a2fadc71 --- /dev/null +++ b/2023/3xxx/CVE-2023-3943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3944.json b/2023/3xxx/CVE-2023-3944.json new file mode 100644 index 00000000000..d96fa1562f0 --- /dev/null +++ b/2023/3xxx/CVE-2023-3944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3945.json b/2023/3xxx/CVE-2023-3945.json new file mode 100644 index 00000000000..e5e2532e5c1 --- /dev/null +++ b/2023/3xxx/CVE-2023-3945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file