diff --git a/2023/42xxx/CVE-2023-42818.json b/2023/42xxx/CVE-2023-42818.json index aeebd08631d..6b89c148425 100644 --- a/2023/42xxx/CVE-2023-42818.json +++ b/2023/42xxx/CVE-2023-42818.json @@ -62,6 +62,11 @@ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-jv3c-27cv-w8jv", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-jv3c-27cv-w8jv" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2" } ] }, diff --git a/2023/43xxx/CVE-2023-43650.json b/2023/43xxx/CVE-2023-43650.json index cdcd313d1dd..aaf1247d162 100644 --- a/2023/43xxx/CVE-2023-43650.json +++ b/2023/43xxx/CVE-2023-43650.json @@ -62,6 +62,11 @@ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-mwx4-8fwc-2xvw", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-mwx4-8fwc-2xvw" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2" } ] }, diff --git a/2023/43xxx/CVE-2023-43651.json b/2023/43xxx/CVE-2023-43651.json index 9c0117571ba..579293f3816 100644 --- a/2023/43xxx/CVE-2023-43651.json +++ b/2023/43xxx/CVE-2023-43651.json @@ -62,6 +62,11 @@ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-4r5x-x283-wm96" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2" } ] }, diff --git a/2023/43xxx/CVE-2023-43652.json b/2023/43xxx/CVE-2023-43652.json index bfe86a40089..b76d3f0f134 100644 --- a/2023/43xxx/CVE-2023-43652.json +++ b/2023/43xxx/CVE-2023-43652.json @@ -62,6 +62,11 @@ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-fr8h-xh5x-r8g9", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-fr8h-xh5x-r8g9" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2" } ] }, diff --git a/2023/46xxx/CVE-2023-46123.json b/2023/46xxx/CVE-2023-46123.json index 605000fd0f4..85014001624 100644 --- a/2023/46xxx/CVE-2023-46123.json +++ b/2023/46xxx/CVE-2023-46123.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0.\n\n" + "value": "jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0." } ] }, @@ -63,6 +63,11 @@ "url": "https://github.com/jumpserver/jumpserver/releases/tag/v3.8.0", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/releases/tag/v3.8.0" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2" } ] }, diff --git a/2024/29xxx/CVE-2024-29201.json b/2024/29xxx/CVE-2024-29201.json index c21e4435982..3172a09047d 100644 --- a/2024/29xxx/CVE-2024-29201.json +++ b/2024/29xxx/CVE-2024-29201.json @@ -58,6 +58,11 @@ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-pjpp-cm9x-6rwj", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-pjpp-cm9x-6rwj" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2" } ] }, diff --git a/2024/29xxx/CVE-2024-29202.json b/2024/29xxx/CVE-2024-29202.json index c9c1784a866..9357beb9e14 100644 --- a/2024/29xxx/CVE-2024-29202.json +++ b/2024/29xxx/CVE-2024-29202.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.\n\n" + "value": "JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7." } ] }, @@ -58,6 +58,11 @@ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2" } ] }, diff --git a/2024/40xxx/CVE-2024-40628.json b/2024/40xxx/CVE-2024-40628.json index dc582c24398..8cd25701627 100644 --- a/2024/40xxx/CVE-2024-40628.json +++ b/2024/40xxx/CVE-2024-40628.json @@ -58,6 +58,11 @@ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-rpf7-g4xh-84v9" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2" } ] }, diff --git a/2024/40xxx/CVE-2024-40629.json b/2024/40xxx/CVE-2024-40629.json index 14e4e67d4f4..c6e5f327e00 100644 --- a/2024/40xxx/CVE-2024-40629.json +++ b/2024/40xxx/CVE-2024-40629.json @@ -58,6 +58,11 @@ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v", "refsource": "MISC", "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-3wgp-q8m7-v33v" + }, + { + "url": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2", + "refsource": "MISC", + "name": "https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-2-2" } ] }, diff --git a/2025/2xxx/CVE-2025-2799.json b/2025/2xxx/CVE-2025-2799.json new file mode 100644 index 00000000000..44d34e5e25f --- /dev/null +++ b/2025/2xxx/CVE-2025-2799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30216.json b/2025/30xxx/CVE-2025-30216.json index 0cae0a9d2cb..15b69acf86d 100644 --- a/2025/30xxx/CVE-2025-30216.json +++ b/2025/30xxx/CVE-2025-30216.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the `Crypto_TM_ProcessSecurity` function (`crypto_tm.c:1735:8`). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer `p_new_dec_frame`. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nasa", + "product": { + "product_data": [ + { + "product_name": "CryptoLib", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 1.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv", + "refsource": "MISC", + "name": "https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv" + }, + { + "url": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f", + "refsource": "MISC", + "name": "https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f" + }, + { + "url": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4", + "refsource": "MISC", + "name": "https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4" + } + ] + }, + "source": { + "advisory": "GHSA-v3jc-5j74-hcjv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "version": "3.1" } ] }