From 58c8ba1ccaf7b36e43e89c890b6f0e0fdcc9b564 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 12 May 2023 21:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12069.json | 13 +++-- 2023/1xxx/CVE-2023-1096.json | 50 +++++++++++++++++-- 2023/20xxx/CVE-2023-20877.json | 50 +++++++++++++++++-- 2023/20xxx/CVE-2023-20878.json | 50 +++++++++++++++++-- 2023/20xxx/CVE-2023-20879.json | 50 +++++++++++++++++-- 2023/20xxx/CVE-2023-20880.json | 50 +++++++++++++++++-- 2023/25xxx/CVE-2023-25005.json | 50 +++++++++++++++++-- 2023/25xxx/CVE-2023-25006.json | 50 +++++++++++++++++-- 2023/25xxx/CVE-2023-25007.json | 50 +++++++++++++++++-- 2023/25xxx/CVE-2023-25008.json | 50 +++++++++++++++++-- 2023/25xxx/CVE-2023-25009.json | 50 +++++++++++++++++-- 2023/2xxx/CVE-2023-2088.json | 50 +++++++++++++++++-- 2023/2xxx/CVE-2023-2181.json | 90 ++++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2688.json | 18 +++++++ 2023/32xxx/CVE-2023-32303.json | 86 ++++++++++++++++++++++++++++++-- 15 files changed, 713 insertions(+), 44 deletions(-) create mode 100644 2023/2xxx/CVE-2023-2688.json diff --git a/2020/12xxx/CVE-2020-12069.json b/2020/12xxx/CVE-2020-12069.json index 8372cf8b0f1..9cd67144b42 100644 --- a/2020/12xxx/CVE-2020-12069.json +++ b/2020/12xxx/CVE-2020-12069.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2020-12069", - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "info@cert.vde.com", "STATE": "PUBLIC" }, "description": { @@ -39,8 +39,15 @@ "version": { "version_data": [ { - "version_value": "n/a", - "version_affected": "?" + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "n/a", + "status": "unknown" + } + ] + } } ] } diff --git a/2023/1xxx/CVE-2023-1096.json b/2023/1xxx/CVE-2023-1096.json index dd8265fcaa5..2fa30f945c0 100644 --- a/2023/1xxx/CVE-2023-1096.json +++ b/2023/1xxx/CVE-2023-1096.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SnapCenter", + "version": { + "version_data": [ + { + "version_value": "4.7 prior to 4.7P2 and 4.8 prior to 4.8P1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230511-0011/", + "url": "https://security.netapp.com/advisory/ntap-20230511-0011/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user." } ] } diff --git a/2023/20xxx/CVE-2023-20877.json b/2023/20xxx/CVE-2023-20877.json index b81bd4727be..177cc892e2c 100644 --- a/2023/20xxx/CVE-2023-20877.json +++ b/2023/20xxx/CVE-2023-20877.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Aria Operations (formerly vRealize Operations)", + "version": { + "version_data": [ + { + "version_value": "VMware Aria Operations prior to 8.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation." } ] } diff --git a/2023/20xxx/CVE-2023-20878.json b/2023/20xxx/CVE-2023-20878.json index 30efd8fee40..794b402a476 100644 --- a/2023/20xxx/CVE-2023-20878.json +++ b/2023/20xxx/CVE-2023-20878.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20878", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Aria Operations (formerly vRealize Operations)", + "version": { + "version_data": [ + { + "version_value": "VMware Aria Operations prior to 8.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system." } ] } diff --git a/2023/20xxx/CVE-2023-20879.json b/2023/20xxx/CVE-2023-20879.json index 44b007ccc70..de9df6ffd12 100644 --- a/2023/20xxx/CVE-2023-20879.json +++ b/2023/20xxx/CVE-2023-20879.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20879", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Aria Operations (formerly vRealize Operations)", + "version": { + "version_data": [ + { + "version_value": "VMware Aria Operations prior to 8.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system." } ] } diff --git a/2023/20xxx/CVE-2023-20880.json b/2023/20xxx/CVE-2023-20880.json index 0636c33d265..ba2e9c9d7e6 100644 --- a/2023/20xxx/CVE-2023-20880.json +++ b/2023/20xxx/CVE-2023-20880.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20880", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Aria Operations (formerly vRealize Operations)", + "version": { + "version_data": [ + { + "version_value": "VMware Aria Operations prior to 8.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'." } ] } diff --git a/2023/25xxx/CVE-2023-25005.json b/2023/25xxx/CVE-2023-25005.json index a1611413746..0ce47451126 100644 --- a/2023/25xxx/CVE-2023-25005.json +++ b/2023/25xxx/CVE-2023-25005.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk InfraWorks", + "version": { + "version_data": [ + { + "version_value": "2023, 2021" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability." } ] } diff --git a/2023/25xxx/CVE-2023-25006.json b/2023/25xxx/CVE-2023-25006.json index aa179e3138f..4aa729503d4 100644 --- a/2023/25xxx/CVE-2023-25006.json +++ b/2023/25xxx/CVE-2023-25006.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk 3ds Max USD Plugin", + "version": { + "version_data": [ + { + "version_value": "0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-After-Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution." } ] } diff --git a/2023/25xxx/CVE-2023-25007.json b/2023/25xxx/CVE-2023-25007.json index 8370566c692..41e368cdd6d 100644 --- a/2023/25xxx/CVE-2023-25007.json +++ b/2023/25xxx/CVE-2023-25007.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk 3ds Max USD Plugin", + "version": { + "version_data": [ + { + "version_value": "0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uninitialized Pointer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution." } ] } diff --git a/2023/25xxx/CVE-2023-25008.json b/2023/25xxx/CVE-2023-25008.json index 54c590dcad4..d0861092972 100644 --- a/2023/25xxx/CVE-2023-25008.json +++ b/2023/25xxx/CVE-2023-25008.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk 3ds Max USD Plugin", + "version": { + "version_data": [ + { + "version_value": "0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution." } ] } diff --git a/2023/25xxx/CVE-2023-25009.json b/2023/25xxx/CVE-2023-25009.json index e13977137bc..98ff423f6bd 100644 --- a/2023/25xxx/CVE-2023-25009.json +++ b/2023/25xxx/CVE-2023-25009.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk 3ds Max USD Plugin", + "version": { + "version_data": [ + { + "version_value": "0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bound Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0008" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution." } ] } diff --git a/2023/2xxx/CVE-2023-2088.json b/2023/2xxx/CVE-2023-2088.json index 5d4dd8f506d..28494579db6 100644 --- a/2023/2xxx/CVE-2023-2088.json +++ b/2023/2xxx/CVE-2023-2088.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2088", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenStack", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-440->CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/bugs/2004555", + "url": "https://bugs.launchpad.net/bugs/2004555" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality." } ] } diff --git a/2023/2xxx/CVE-2023-2181.json b/2023/2xxx/CVE-2023-2181.json index 7067869feb9..4b35b5c2813 100644 --- a/2023/2xxx/CVE-2023-2181.json +++ b/2023/2xxx/CVE-2023-2181.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "<15.9.8" + }, + { + "version_value": ">=15.10, <15.10.7" + }, + { + "version_value": ">=15.11, <15.11.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/407859", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407859", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1938185", + "url": "https://hackerone.com/reports/1938185", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [inspector-ambitious](https://hackerone.com/inspector-ambitious) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2688.json b/2023/2xxx/CVE-2023-2688.json new file mode 100644 index 00000000000..6c99b4ef0c7 --- /dev/null +++ b/2023/2xxx/CVE-2023-2688.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2688", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/32xxx/CVE-2023-32303.json b/2023/32xxx/CVE-2023-32303.json index 2a3baeefb38..c8f642d5603 100644 --- a/2023/32xxx/CVE-2023-32303.json +++ b/2023/32xxx/CVE-2023-32303.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "planetlabs", + "product": { + "product_data": [ + { + "product_name": "planet-client-python", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85", + "refsource": "MISC", + "name": "https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85" + }, + { + "url": "https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7", + "refsource": "MISC", + "name": "https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7" + }, + { + "url": "https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1", + "refsource": "MISC", + "name": "https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1" + } + ] + }, + "source": { + "advisory": "GHSA-j5fj-rfh6-qj85", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] }