From 679ddd8242f589fa2bd36f5be32fa678d2e83d80 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 11 Oct 2024 12:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/5xxx/CVE-2024-5005.json | 100 +++++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9164.json | 100 +++++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9538.json | 76 ++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9858.json | 18 +++++++ 4 files changed, 282 insertions(+), 12 deletions(-) create mode 100644 2024/9xxx/CVE-2024-9858.json diff --git a/2024/5xxx/CVE-2024-5005.json b/2024/5xxx/CVE-2024-5005.json index a232e3a1920..9e703d57caf 100644 --- a/2024/5xxx/CVE-2024-5005.json +++ b/2024/5xxx/CVE-2024-5005.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-684: Incorrect Provision of Specified Functionality", + "cweId": "CWE-684" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.4", + "version_value": "17.2.9" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3.5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108" + }, + { + "url": "https://hackerone.com/reports/2501461", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2501461" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 17.4.2, 17.3.5, 17.2.9 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9164.json b/2024/9xxx/CVE-2024-9164.json index 8902c799da4..ce44f00f803 100644 --- a/2024/9xxx/CVE-2024-9164.json +++ b/2024/9xxx/CVE-2024-9164.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9164", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.5", + "version_value": "17.2.9" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3.5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493946", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/493946" + }, + { + "url": "https://hackerone.com/reports/2711204", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2711204" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 17.2.9, 17.3.5, 17.4.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/9xxx/CVE-2024-9538.json b/2024/9xxx/CVE-2024-9538.json index 0b1348872c9..750c36642ef 100644 --- a/2024/9xxx/CVE-2024-9538.json +++ b/2024/9xxx/CVE-2024-9538.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9538", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "devitemsllc", + "product": { + "product_data": [ + { + "product_name": "ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.9.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b36938e-5333-4331-9bb1-34465fe03f2f?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b36938e-5333-4331-9bb1-34465fe03f2f?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3164057/woolentor-addons", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3164057/woolentor-addons" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ankit Patel" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9858.json b/2024/9xxx/CVE-2024-9858.json new file mode 100644 index 00000000000..cbc252960ea --- /dev/null +++ b/2024/9xxx/CVE-2024-9858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file