diff --git a/2020/17xxx/CVE-2020-17533.json b/2020/17xxx/CVE-2020-17533.json index 04bca127564..89b864ca3e0 100644 --- a/2020/17xxx/CVE-2020-17533.json +++ b/2020/17xxx/CVE-2020-17533.json @@ -1,48 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2020-17533", - "STATE": "PUBLIC", - "TITLE": "Apache Accumulo Improper Handling of Insufficient Permissions" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Apache Accumulo", - "version": { - "version_data": [ - { - "version_affected": ">=", - "version_name": "Apache Accumulo", - "version_value": "1.5.0" - }, - { - "version_affected": "<=", - "version_name": "Apache Accumulo", - "version_value": "1.10.0" - }, - { - "version_affected": "=", - "version_name": "Apache Accumulo", - "version_value": "2.0.0" - } - ] - } - } - ] - }, - "vendor_name": "Apache Software Foundation" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-17533", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -51,41 +15,70 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": {}, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges " + "value": "CWE-252 Improper Handling of Insufficient Permissions or Privileges", + "cweId": "CWE-252" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Accumulo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Apache Accumulo 2.0.0" + }, + { + "version_affected": "<", + "version_name": "1.5.0", + "version_value": "Apache Accumulo*" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cuser.accumulo.apache.org%3E", + "refsource": "MISC", "name": "https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cuser.accumulo.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[announce] 20201228 [SECURITY] CVE-2020-17533: Apache Accumulo Improper Handling of Insufficient Permissions", - "url": "https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed@%3Cannounce.apache.org%3E" + "url": "https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cannounce.apache.org%3E", + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cannounce.apache.org%3E" }, { - "refsource": "MLIST", - "name": "[oss-security] 20201228 CVE-2020-17533: Apache Accumulo Improper Handling of Insufficient Permissions", - "url": "http://www.openwall.com/lists/oss-security/2020/12/29/1" + "url": "http://www.openwall.com/lists/oss-security/2020/12/29/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/12/29/1" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "defect": [ "https://github.com/apache/accumulo/pull/1828" @@ -94,7 +87,7 @@ }, "work_around": [ { - "lang": "eng", + "lang": "en", "value": "Upgrade to Apache Accumulo version 1.10.1, 2.0.1, or later." } ] diff --git a/2021/36xxx/CVE-2021-36372.json b/2021/36xxx/CVE-2021-36372.json index 06cd75dcf45..415791b91f5 100644 --- a/2021/36xxx/CVE-2021-36372.json +++ b/2021/36xxx/CVE-2021-36372.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@apache.org", "ID": "CVE-2021-36372", - "STATE": "PUBLIC", - "TITLE": "Original block tokens are persisted and can be retrieved" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-273 Improper Check for Dropped Privileges", + "cweId": "CWE-273" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Apache Software Foundation", "product": { "product_data": [ { @@ -24,61 +48,28 @@ } } ] - }, - "vendor_name": "Apache Software Foundation" + } } ] } }, - "credit": [ - { - "lang": "eng", - "value": "Apache Ozone would like to thank Marton Elek for reporting this issue." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked." + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E", + "refsource": "MISC", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2021/11/19/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/11/19/1" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": [ - {} - ], - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "cwe-256 Unprotected Storage of Credentials " - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E", - "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20211118 CVE-2021-36372: Apache Ozone: Original block tokens are persisted and can be retrieved", - "url": "http://www.openwall.com/lists/oss-security/2021/11/19/1" - } - ] - }, "source": { "defect": [ "HDDS-5315" @@ -87,8 +78,14 @@ }, "work_around": [ { - "lang": "eng", + "lang": "en", "value": "Upgrade to Apache Ozone release version 1.2.0" } + ], + "credits": [ + { + "lang": "en", + "value": "Apache Ozone would like to thank Marton Elek for reporting this issue." + } ] } \ No newline at end of file diff --git a/2023/51xxx/CVE-2023-51441.json b/2023/51xxx/CVE-2023-51441.json index ef30a4a79af..9b972ec254b 100644 --- a/2023/51xxx/CVE-2023-51441.json +++ b/2023/51xxx/CVE-2023-51441.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation", - "cweId": "CWE-20" + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" } ] }