From 729d0d4846b28da7a864daa9da3d3f0bc8489a4e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 29 Apr 2020 17:01:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/2xxx/CVE-2019-2228.json | 5 +++ 2020/11xxx/CVE-2020-11009.json | 2 +- 2020/12xxx/CVE-2020-12275.json | 56 ++++++++++++++++++++--- 2020/12xxx/CVE-2020-12276.json | 56 ++++++++++++++++++++--- 2020/12xxx/CVE-2020-12277.json | 56 ++++++++++++++++++++--- 2020/12xxx/CVE-2020-12460.json | 18 ++++++++ 2020/12xxx/CVE-2020-12461.json | 82 ++++++++++++++++++++++++++++++++++ 2020/12xxx/CVE-2020-12462.json | 62 +++++++++++++++++++++++++ 2020/12xxx/CVE-2020-12463.json | 18 ++++++++ 9 files changed, 336 insertions(+), 19 deletions(-) create mode 100644 2020/12xxx/CVE-2020-12460.json create mode 100644 2020/12xxx/CVE-2020-12461.json create mode 100644 2020/12xxx/CVE-2020-12462.json create mode 100644 2020/12xxx/CVE-2020-12463.json diff --git a/2019/2xxx/CVE-2019-2228.json b/2019/2xxx/CVE-2019-2228.json index 206c1f7069a..1602d8bc366 100644 --- a/2019/2xxx/CVE-2019-2228.json +++ b/2019/2xxx/CVE-2019-2228.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191222 [SECURITY] [DLA 2047-1] cups security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00030.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4340-1", + "url": "https://usn.ubuntu.com/4340-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11009.json b/2020/11xxx/CVE-2020-11009.json index d31d6fb2471..36a48fbb40b 100644 --- a/2020/11xxx/CVE-2020-11009.json +++ b/2020/11xxx/CVE-2020-11009.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details\nthat they are not authorized to see.\n\nDepending on the configuration and the way that Rundeck is used, this could result in\nanything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have\naccess to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have\naccess to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets,\nsensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher.\n\nThis vulnerability is patched in version 3.2.6" + "value": "In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6" } ] }, diff --git a/2020/12xxx/CVE-2020-12275.json b/2020/12xxx/CVE-2020-12275.json index 9378dfeaed8..6524b77a14d 100644 --- a/2020/12xxx/CVE-2020-12275.json +++ b/2020/12xxx/CVE-2020-12275.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12275", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12275", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/", + "url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/" } ] } diff --git a/2020/12xxx/CVE-2020-12276.json b/2020/12xxx/CVE-2020-12276.json index 2f968de8b92..afc2d4c272c 100644 --- a/2020/12xxx/CVE-2020-12276.json +++ b/2020/12xxx/CVE-2020-12276.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12276", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12276", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/", + "url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/" } ] } diff --git a/2020/12xxx/CVE-2020-12277.json b/2020/12xxx/CVE-2020-12277.json index 152d1bcdf9f..003f1e1ad4c 100644 --- a/2020/12xxx/CVE-2020-12277.json +++ b/2020/12xxx/CVE-2020-12277.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12277", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12277", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/", + "url": "https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/" } ] } diff --git a/2020/12xxx/CVE-2020-12460.json b/2020/12xxx/CVE-2020-12460.json new file mode 100644 index 00000000000..379b1894b4c --- /dev/null +++ b/2020/12xxx/CVE-2020-12460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12461.json b/2020/12xxx/CVE-2020-12461.json new file mode 100644 index 00000000000..e421fada847 --- /dev/null +++ b/2020/12xxx/CVE-2020-12461.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-12461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackmd.io/lq7nA3ISSoeiGjiHVn5CoA", + "refsource": "MISC", + "name": "https://hackmd.io/lq7nA3ISSoeiGjiHVn5CoA" + }, + { + "url": "https://github.com/php-fusion/PHP-Fusion/issues/2308", + "refsource": "MISC", + "name": "https://github.com/php-fusion/PHP-Fusion/issues/2308" + }, + { + "url": "https://github.com/php-fusion/PHP-Fusion/commit/858e43d7b0ea1897f76d5bcb3a1aed438132c0e2", + "refsource": "MISC", + "name": "https://github.com/php-fusion/PHP-Fusion/commit/858e43d7b0ea1897f76d5bcb3a1aed438132c0e2" + }, + { + "url": "https://github.com/php-fusion/PHP-Fusion/commit/d95cd4a2d22487723266c898b98e6be10754e03d", + "refsource": "MISC", + "name": "https://github.com/php-fusion/PHP-Fusion/commit/d95cd4a2d22487723266c898b98e6be10754e03d" + }, + { + "url": "https://github.com/php-fusion/PHP-Fusion/commit/79fe5ec1d5c75e017a6f42127741b9543658f822", + "refsource": "MISC", + "name": "https://github.com/php-fusion/PHP-Fusion/commit/79fe5ec1d5c75e017a6f42127741b9543658f822" + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12462.json b/2020/12xxx/CVE-2020-12462.json new file mode 100644 index 00000000000..3565aebd9a7 --- /dev/null +++ b/2020/12xxx/CVE-2020-12462.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-12462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/ninja-forms/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ninja-forms/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12463.json b/2020/12xxx/CVE-2020-12463.json new file mode 100644 index 00000000000..df286127467 --- /dev/null +++ b/2020/12xxx/CVE-2020-12463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-12463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file