"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2023-10-02 15:00:35 +00:00 · 2023-10-02 15:00:35 +00:00 · 5789a9744c
commit 5789a9744c
parent d2c6489353
3 changed files with 102 additions and 8 deletions
--- a/2023/4xxx/CVE-2023-4659.json
+++ b/2023/4xxx/CVE-2023-4659.json
@ -1,17 +1,106 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-4659",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cve-coordination@incibe.es",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to \"admin\". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+                        "cweId": "CWE-352"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Free5Gc",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Open5Gc",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "1.1.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc",
+                "refsource": "MISC",
+                "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc"
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.1.0-dev"
+    },
+    "source": {
+        "discovery": "EXTERNAL"
+    },
+    "solution": [
+        {
+            "lang": "en",
+            "supportingMedia": [
+                {
+                    "base64": false,
+                    "type": "text/html",
+                    "value": "&gt;The vulnerability has been fixed in the latest version."
+                }
+            ],
+            "value": ">The vulnerability has been fixed in the latest version."
+        }
+    ],
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Edgar Carrillo Egea"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "HIGH",
+                "baseScore": 9.8,
+                "baseSeverity": "CRITICAL",
+                "confidentialityImpact": "HIGH",
+                "integrityImpact": "HIGH",
+                "privilegesRequired": "NONE",
+                "scope": "UNCHANGED",
+                "userInteraction": "NONE",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+                "version": "3.1"
            }
        ]
    }
--- a/2023/5xxx/CVE-2023-5217.json
+++ b/2023/5xxx/CVE-2023-5217.json
@ -270,6 +270,11 @@
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/",
                "refsource": "MISC",
                "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"
+            },
+            {
+                "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6",
+                "refsource": "MISC",
+                "name": "http://www.openwall.com/lists/oss-security/2023/10/02/6"
            }
        ]
    }
--- a/2023/5xxx/CVE-2023-5290.json
+++ b/2023/5xxx/CVE-2023-5290.json
@ -1,17 +1,17 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-5290",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@google.com",
+        "STATE": "REJECT"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."
            }
        ]
    }