From 6fd65e75e55cc7b302b7a0666a20679b432053aa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Nov 2023 20:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/30xxx/CVE-2023-30954.json | 71 ++++++++++++++++++++-- 2023/41xxx/CVE-2023-41699.json | 108 +++++++++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47636.json | 86 ++++++++++++++++++++++++-- 2023/47xxx/CVE-2023-47637.json | 86 ++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6166.json | 18 ++++++ 5 files changed, 353 insertions(+), 16 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6166.json diff --git a/2023/30xxx/CVE-2023-30954.json b/2023/30xxx/CVE-2023-30954.json index eca31973a1d..08ad4647ff0 100644 --- a/2023/30xxx/CVE-2023-30954.json +++ b/2023/30xxx/CVE-2023-30954.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@palantir.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palantir", + "product": { + "product_data": [ + { + "product_name": "com.palantir.video:video-application-server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "2.206.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567", + "refsource": "MISC", + "name": "https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567" + } + ] + }, + "source": { + "discovery": "INTERNAL", + "defect": [ + "PLTRSEC-2023-12" + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/CR:H", + "baseSeverity": "LOW", + "baseScore": 2.7 } ] } diff --git a/2023/41xxx/CVE-2023-41699.json b/2023/41xxx/CVE-2023-41699.json index 2fc1e313086..aa7732d8ea3 100644 --- a/2023/41xxx/CVE-2023-41699.json +++ b/2023/41xxx/CVE-2023-41699.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@payara.fish", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Payara Platform", + "product": { + "product_data": [ + { + "product_name": "Payara Server, Micro and Embedded", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.0.0", + "version_value": "5.57.0" + }, + { + "version_affected": "<", + "version_name": "4.1.2.191", + "version_value": "4.1.2.191.46" + }, + { + "version_affected": "<", + "version_name": "6.0.0", + "version_value": "6.8.0" + }, + { + "version_affected": "<", + "version_name": "6.2023.1", + "version_value": "6.2023.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html", + "refsource": "MISC", + "name": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html" + }, + { + "url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html", + "refsource": "MISC", + "name": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "CVE-2023-41080" + ], + "discovery": "INTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Hiroki Sawamura from Fujitsu" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47636.json b/2023/47xxx/CVE-2023-47636.json index b133f1e9e42..81154c40a79 100644 --- a/2023/47xxx/CVE-2023-47636.json +++ b/2023/47xxx/CVE-2023-47636.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn't have an error handle when the file doesn't exist on the server so the server response raises the full path \"fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)\". This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209: Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pimcore", + "product": { + "product_data": [ + { + "product_name": "admin-ui-classic-bundle", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf", + "refsource": "MISC", + "name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf" + }, + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87", + "refsource": "MISC", + "name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87" + }, + { + "url": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/", + "refsource": "MISC", + "name": "https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/" + } + ] + }, + "source": { + "advisory": "GHSA-c8hj-w239-5gvf", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47637.json b/2023/47xxx/CVE-2023-47637.json index a69682f3690..a8f21533786 100644 --- a/2023/47xxx/CVE-2023-47637.json +++ b/2023/47xxx/CVE-2023-47637.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pimcore", + "product": { + "product_data": [ + { + "product_name": "pimcore", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 11.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p" + }, + { + "url": "https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0" + }, + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311", + "refsource": "MISC", + "name": "https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311" + } + ] + }, + "source": { + "advisory": "GHSA-72hh-xf79-429p", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6166.json b/2023/6xxx/CVE-2023-6166.json new file mode 100644 index 00000000000..858c2774a33 --- /dev/null +++ b/2023/6xxx/CVE-2023-6166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file