From 690187dd677797ca01780942852e168057c02fa3 Mon Sep 17 00:00:00 2001 From: zero-24 Date: Fri, 6 May 2022 19:45:35 +0200 Subject: [PATCH] Jooma none-core extension CVE IDs --- 2022/23xxx/CVE-2022-23802.json | 50 ++++++++++++++++++++++++---- 2022/27xxx/CVE-2022-27909.json | 59 ++++++++++++++++++++++++++++++---- 2 files changed, 97 insertions(+), 12 deletions(-) diff --git a/2022/23xxx/CVE-2022-23802.json b/2022/23xxx/CVE-2022-23802.json index 203ee6fafb3..4a09152b59a 100644 --- a/2022/23xxx/CVE-2022-23802.json +++ b/2022/23xxx/CVE-2022-23802.json @@ -1,17 +1,55 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@joomla.org", "ID": "CVE-2022-23802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "DATE_PUBLIC": "2022-05-06T18:00:00", + "STATE": "PUBLIC", + "TITLE": "Extension - Insecure Permissions within Joomla Guru extensions" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Guru", + "version": { + "version_data": [ + { + "version_value": "5.2.5" + } + ] + } + } + ] + }, + "vendor_name": "ijoomla.com" + } + ] + } + }, + "credit": "Rafael García Lázaro", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] } ] } diff --git a/2022/27xxx/CVE-2022-27909.json b/2022/27xxx/CVE-2022-27909.json index bd534fb72ed..f8faa83ceed 100644 --- a/2022/27xxx/CVE-2022-27909.json +++ b/2022/27xxx/CVE-2022-27909.json @@ -1,17 +1,64 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@joomla.org", "ID": "CVE-2022-27909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "DATE_PUBLIC": "2022-05-06T18:00:00", + "STATE": "PUBLIC", + "TITLE": "Extension - Incorrect Access Control within jdownloads extension" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jDownloads", + "version": { + "version_data": [ + { + "version_value": "<=3.9.8.2" + } + ] + } + } + ] + }, + "vendor_name": "jDownloads" + } + ] + } + }, + "credit": "Massimo Chiriv - HackerHood Team Research", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html", + "refsource": "MISC", + "name": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html" } ] }