admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-08 15:01:50 +00:00
parent 9a5009ca92
commit 64cccc2f19
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/26xxx/CVE-2020-26254.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "omniauth-apple is the OmniAuth strategy for \"Sign In with Apple\" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication.\n\n\nThis vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other users.\n\nApplications not using info.email for identification but are instead using the uid field are not impacted in the same manner. Note, these applications may still be negatively affected if the value of info.email is being used for other purposes.\n\nApplications using affected versions of omniauth-apple are advised to upgrade to omniauth-apple version 1.0.1 or later."
"value": "omniauth-apple is the OmniAuth strategy for \"Sign In with Apple\" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other users. Applications not using info.email for identification but are instead using the uid field are not impacted in the same manner. Note, these applications may still be negatively affected if the value of info.email is being used for other purposes. Applications using affected versions of omniauth-apple are advised to upgrade to omniauth-apple version 1.0.1 or later."
}
]
},

22
2020/26xxx/CVE-2020-26255.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file.\n\nVisitors without Panel access *cannot* use this attack vector.\n\nThe problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. Please update to one of these or a later version to fix the vulnerability.\n\nNote: Kirby 2 reaches end of life on December 31, 2020. We therefore recommend to upgrade your Kirby 2 sites to Kirby 3. If you cannot upgrade, we still recommend to update to Kirby 2.5.14."
"value": "Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors without Panel access *cannot* use this attack vector. The problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. Please update to one of these or a later version to fix the vulnerability. Note: Kirby 2 reaches end of life on December 31, 2020. We therefore recommend to upgrade your Kirby 2 sites to Kirby 3. If you cannot upgrade, we still recommend to update to Kirby 2.5.14."
}
]
},
@ -69,16 +69,6 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw",
"refsource": "CONFIRM",
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.4.5",
"refsource": "MISC",
"url": "https://github.com/getkirby/kirby/releases/tag/3.4.5"
},
{
"name": "https://packagist.org/packages/getkirby/cms",
"refsource": "MISC",
@ -89,6 +79,16 @@
"refsource": "MISC",
"url": "https://packagist.org/packages/getkirby/panel"
},
{
"name": "https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw",
"refsource": "CONFIRM",
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw"
},
{
"name": "https://github.com/getkirby/kirby/releases/tag/3.4.5",
"refsource": "MISC",
"url": "https://github.com/getkirby/kirby/releases/tag/3.4.5"
},
{
"name": "https://github.com/getkirby/kirby/commit/db8f371b13036861c9cc5ba3e85e27f73fce5e09",
"refsource": "MISC",