Auto-merge PR#1231

2025-08-04 08:44:25 +00:00 · 2021-04-01 14:15:16 -04:00 · 2021-04-01 14:15:16 -04:00 · 549125ff82
commit 549125ff82
parent 7d78de2ff2 224b08340d
2 changed files with 74 additions and 17 deletions
--- a/2020/36xxx/CVE-2020-36286.json
+++ b/2020/36xxx/CVE-2020-36286.json
@ -79,7 +79,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "The membersOf of JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field."
+                "value": "The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field."
            }
        ]
    },
@ -104,4 +104,4 @@
            }
        ]
    }
-}
+}
--- a/2021/26xxx/CVE-2021-26072.json
+++ b/2021/26xxx/CVE-2021-26072.json
@ -1,18 +1,75 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-26072",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "CVE_data_meta": {
+      "ASSIGNER": "security@atlassian.com",
+      "DATE_PUBLIC": "2021-04-01T00:00:00",
+      "ID": "CVE-2021-26072",
+      "STATE": "PUBLIC"
+   },
+   "affects": {
+      "vendor": {
+         "vendor_data": [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Confluence Server",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "5.8.6",
+                                 "version_affected": "<"
+                              }
+                           ]
+                        }
+                     },
+                     {
+                        "product_name": "Confluence Data Center",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "5.8.6",
+                                 "version_affected": "<"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Atlassian"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
+         {
+            "lang": "eng",
+            "value": "The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability."
+
+
+         }
+      ]
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "Server Side Request Forgery (SSRF)"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "url": "https://jira.atlassian.com/browse/CONFSERVER-61399"
+         }
+      ]
+   }
+}