admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-25 18:04:06 +00:00
parent 36588a724a
commit 572ec49f66
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 32 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
2023/46xxx/CVE-2023-46650.json
View File

@ -1,68 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46650",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.37.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3246",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3246"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2023/46xxx/CVE-2023-46651.json
View File

@ -1,83 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46651",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins Warnings Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "10.5.1",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
},
{
"version": "10.4.1",
"versionType": "maven",
"lessThan": "10.4.*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

59
2023/46xxx/CVE-2023-46652.json
View File

@ -1,68 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46652",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins lambdatest-automation Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.20.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

59
2023/46xxx/CVE-2023-46653.json
View File

@ -1,68 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46653",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins lambdatest-automation Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.20.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

59
2023/46xxx/CVE-2023-46654.json
View File

@ -1,68 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46654",
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins CloudBees CD Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.1.32"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

10
2023/5xxx/CVE-2023-5363.json
View File

@ -63,6 +63,16 @@
"url": "https://www.openssl.org/news/secadv/20231024.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20231024.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d"
}
]
},

2
2023/5xxx/CVE-2023-5746.json
View File

@ -43,7 +43,7 @@
"x_cve_json_5_version_data": {
"versions": [
{
"version": "self",
"version": "1.0",
"status": "affected",
"lessThan": "1.0.5-0185",
"versionType": "semver"

2
2023/5xxx/CVE-2023-5753.json
View File

@ -51,7 +51,7 @@
{
"version_affected": "<",
"version_name": "*",
"version_value": "3.5"
"version_value": "3.4"
}
]
}