Tomcat

2022/23xxx/CVE-2022-23181.json

@@ -1,18 +1,90 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "security@apache.org",
         "ID": "CVE-2022-23181",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Local privilege escalation with FileStore"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Apache Tomcat",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_name": "Apache Tomcat 10.1",
+                                            "version_value": "10.1.0-M1 to 10.1.0-M8"
+                                        },
+                                        {
+                                            "version_affected": "=",
+                                            "version_name": "Apache Tomcat 10.0",
+                                            "version_value": "10.0.0-M5 to 10.0.14"
+                                        },
+                                        {
+                                            "version_affected": "=",
+                                            "version_name": "Apache Tomcat 9",
+                                            "version_value": "9.0.35 to 9.0.56"
+                                        },
+                                        {
+                                            "version_affected": "=",
+                                            "version_name": "Apache Tomcat 8",
+                                            "version_value": "8.5.55 to 8.5.73"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Apache Software Foundation"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. "
             }
         ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": [
+        {
+            "other": "low"
+        }
+    ],
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "UNKNOWN"
     }
-}
+}