admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 19:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-06 16:00:35 +00:00
parent 38cf6aadd2
commit 6cdfc1ad6b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 721 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2023/30xxx/CVE-2023-30078.json
View File

@ -1,71 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-30078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30078",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A stack overflow vulnerability exists in function econf_writeFile in file atlibeconf/lib/libeconf.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code." "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-32181. Reason: This record is a duplicate of CVE-2023-32181. Notes: All CVE users should reference CVE-2023-32181 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/openSUSE/libeconf/issues/178",
"refsource": "MISC",
"name": "https://github.com/openSUSE/libeconf/issues/178"
},
{
"url": "https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-write-string-data.c",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-write-string-data.c"
},
{
"url": "https://github.com/yangjiageng/PoC/blob/master/libeconf-PoC/econf_writeFile_546",
"refsource": "MISC",
"name": "https://github.com/yangjiageng/PoC/blob/master/libeconf-PoC/econf_writeFile_546"
} }
] ]
} }

83
2023/30xxx/CVE-2023-30079.json
View File

@ -1,86 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-30079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30079",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code." "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a duplicate of CVE-2023-22652. Notes: All CVE users should reference CVE-2023-22652 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/openSUSE/libeconf/issues/177",
"refsource": "MISC",
"name": "https://github.com/openSUSE/libeconf/issues/177"
},
{
"url": "https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-logindefs1.c",
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-logindefs1.c"
},
{
"url": "https://github.com/yangjiageng/PoC/blob/master/libeconf-PoC/read_file_503",
"refsource": "MISC",
"name": "https://github.com/yangjiageng/PoC/blob/master/libeconf-PoC/read_file_503"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-6432bb65ae",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG5256D5I3GFA3RBAJQ2WYPJDYAIL74/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-86b710bb4f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDD5GL5T3V5XZ3VFA4HPE6YGJ2K4HHPC/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-b4b77f950c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAYW7X753Z6GOJKVLQPXBDHISN6ZT233/"
} }
] ]
} }

154
2023/41xxx/CVE-2023-41378.json
View File

@ -1,17 +1,163 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-41378", "ID": "CVE-2023-41378",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@tigera.io",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"cweId": "CWE-703"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Calico",
"product": {
"product_data": [
{
"product_name": "Typha",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "v3.26.0",
"version_value": "v3.26.2"
},
{
"version_affected": "<=",
"version_name": "0",
"version_value": "v3.25.1"
}
]
}
}
]
}
},
{
"vendor_name": "Tigera",
"product": {
"product_data": [
{
"product_name": "Typha",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "v3.17.0",
"version_value": "v3.17.1"
},
{
"version_affected": "<=",
"version_name": "v3.16.0",
"version_value": "v3.16.3"
},
{
"version_affected": "<=",
"version_name": "0",
"version_value": "v3.15.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tigera.io/security-bulletins-tta-2023-001/",
"refsource": "MISC",
"name": "https://www.tigera.io/security-bulletins-tta-2023-001/"
},
{
"url": "https://github.com/projectcalico/calico/pull/7908",
"refsource": "MISC",
"name": "https://github.com/projectcalico/calico/pull/7908"
},
{
"url": "https://github.com/projectcalico/calico/pull/7993",
"refsource": "MISC",
"name": "https://github.com/projectcalico/calico/pull/7993"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Rodrigo Fior Kuntzer (Github: rodrigorfk)"
},
{
"lang": "en",
"value": "Anthony Tam"
},
{
"lang": "en",
"value": "Behnam Shobiri"
},
{
"lang": "en",
"value": "Shaun Crampton"
},
{
"lang": "en",
"value": "Matt Dupre"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
} }
] ]
} }

105
2023/5xxx/CVE-2023-5678.json
View File

@ -1,18 +1,115 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-5678", "ID": "CVE-2023-5678",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "openssl-security@openssl.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive Iteration"
} }
] ]
} }
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenSSL",
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.2",
"version_value": "1.0.2zj-dev"
},
{
"version_affected": "<",
"version_name": "1.1.1",
"version_value": "1.1.1x-dev"
},
{
"version_affected": "<",
"version_name": "3.0.0",
"version_value": "3.0.13-dev"
},
{
"version_affected": "<",
"version_name": "3.1.0",
"version_value": "3.1.5-dev"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.openssl.org/news/secadv/20231106.txt",
"refsource": "MISC",
"name": "https://www.openssl.org/news/secadv/20231106.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "David Benjamin (Google)"
},
{
"lang": "en",
"value": "Richard Levitte"
}
]
} }

145
2023/5xxx/CVE-2023-5967.json Normal file
View File

@ -0,0 +1,145 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-5967",
"ASSIGNER": "responsibledisclosure@mattermost.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"cweId": "CWE-754"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mattermost",
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.8.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.1.3"
},
{
"status": "unaffected",
"version": "8.0.4"
},
{
"status": "unaffected",
"version": "7.8.12"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://mattermost.com/security-updates",
"refsource": "MISC",
"name": "https://mattermost.com/security-updates"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "MMSA-2023-00246",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54361"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>&nbsp;Update Mattermost Server to versions&nbsp;7.8.12,&nbsp;8.0.4,&nbsp;8.1.3&nbsp;or higher. Alternatively, upgrade the Calls plugin to&nbsp;0.17.1 or higher.&nbsp;</p>"
}
],
"value": "\u00a0Update Mattermost Server to versions\u00a07.8.12,\u00a08.0.4,\u00a08.1.3\u00a0or higher. Alternatively, upgrade the Calls plugin to\u00a00.17.1 or higher.\u00a0\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "DoyenSec"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}
}

155
2023/5xxx/CVE-2023-5968.json Normal file
View File

@ -0,0 +1,155 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-5968",
"ASSIGNER": "responsibledisclosure@mattermost.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.\u00a0\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mattermost",
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "7.8.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.8.12"
},
{
"status": "unaffected",
"version": "8.0.4"
},
{
"status": "unaffected",
"version": "8.1.3"
},
{
"status": "unaffected",
"version": "9.0.1"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://mattermost.com/security-updates",
"refsource": "MISC",
"name": "https://mattermost.com/security-updates"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "MMSA-2023-00242",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54225"
],
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Update Mattermost Server to versions&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">7.8.12,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">8.0.4,&nbsp;</span></span>8.1.3, 9.0.1 or higher.</p>"
}
],
"value": "Update Mattermost Server to versions\u00a07.8.12,\u00a08.0.4,\u00a08.1.3, 9.0.1 or higher.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Juho Nurminen"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
}

155
2023/5xxx/CVE-2023-5969.json Normal file
View File

@ -0,0 +1,155 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-5969",
"ASSIGNER": "responsibledisclosure@mattermost.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost fails to properly sanitize the request to\u00a0/api/v4/redirect_location allowing an\u00a0attacker,\u00a0sending a specially crafted request to /api/v4/redirect_location,\u00a0to fill up the memory due to caching large items.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mattermost",
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "7.8.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.8.12"
},
{
"status": "unaffected",
"version": "8.0.4"
},
{
"status": "unaffected",
"version": "8.1.3"
},
{
"status": "unaffected",
"version": "9.0.1"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://mattermost.com/security-updates",
"refsource": "MISC",
"name": "https://mattermost.com/security-updates"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "MMSA-2023-00240",
"defect": [
"https://mattermost.atlassian.net/browse/MM-54218"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Update Mattermost Server to versions 7.8.12, 8.0.4, 8.1.3, 9.0.1 or higher.</p>"
}
],
"value": "Update Mattermost Server to versions 7.8.12, 8.0.4, 8.1.3, 9.0.1 or higher.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "vultza (vultza)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}
}