From 6dac4c73a96b2192e63211559bee7be5c51ccb08 Mon Sep 17 00:00:00 2001 From: Josh Bressers Date: Mon, 27 Jul 2020 12:53:39 -0500 Subject: [PATCH] Add Elastic CVEs for 20200727 --- 2020/7xxx/CVE-2020-7016.json | 65 ++++++++++++++++++++++++++++++------ 2020/7xxx/CVE-2020-7017.json | 63 +++++++++++++++++++++++++++++----- 2 files changed, 109 insertions(+), 19 deletions(-) diff --git a/2020/7xxx/CVE-2020-7016.json b/2020/7xxx/CVE-2020-7016.json index b59e0e1a9b6..c4313c05c20 100644 --- a/2020/7xxx/CVE-2020-7016.json +++ b/2020/7xxx/CVE-2020-7016.json @@ -2,17 +2,62 @@ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { + "CVE_data_meta": { + "ASSIGNER": "bressers@elastic.co", "ID": "CVE-2020-7016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "before 6.8.11 and 7.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-185: Incorrect Regular Expression" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.elastic.co/community/security/" + }, + { + "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive." + } + ] } -} \ No newline at end of file +} diff --git a/2020/7xxx/CVE-2020-7017.json b/2020/7xxx/CVE-2020-7017.json index f008e79af7c..66ed2d8752c 100644 --- a/2020/7xxx/CVE-2020-7017.json +++ b/2020/7xxx/CVE-2020-7017.json @@ -3,16 +3,61 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "bressers@elastic.co", "ID": "CVE-2020-7017", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "before 6.8.11 and 7.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.elastic.co/community/security/" + }, + { + "url": "https://discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization." + } + ] } -} \ No newline at end of file +}