From 5dc84a7ae032ec42b66942b98d1db3ee411c90c6 Mon Sep 17 00:00:00 2001 From: "Shelby J. Cunningham" Date: Thu, 5 Jan 2023 15:07:23 -0500 Subject: [PATCH 1/2] Correct typo in CVE-2022-23549 --- 2022/23xxx/CVE-2022-23549.json | 119 ++++++++++++++++++--------------- 1 file changed, 64 insertions(+), 55 deletions(-) diff --git a/2022/23xxx/CVE-2022-23549.json b/2022/23xxx/CVE-2022-23549.json index 15ccfa3f42f..408f412538c 100644 --- a/2022/23xxx/CVE-2022-23549.json +++ b/2022/23xxx/CVE-2022-23549.json @@ -1,51 +1,33 @@ { - "data_version": "4.0", - "data_type": "CVE", - "data_format": "MITRE", "CVE_data_meta": { - "ID": "CVE-2022-23549", "ASSIGNER": "security-advisories@github.com", - "STATE": "PUBLIC" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20: Improper Input Validation", - "cweId": "CWE-20" - } - ] - } - ] + "ID": "CVE-2022-23549", + "STATE": "PUBLIC", + "TITLE": "Discourse vulnerable to bypass of post max_length using HTML comments" }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "discourse", "product": { "product_data": [ { - "product_name": "discourse", "version": { "version_data": [ { - "version_value": "< 2.8.14", - "version_affected": "=" + "version_affected": "<", + "version_name": "2.8.14", + "version_value": "2.8.14" }, { - "version_value": ">= 2.9.0.beta0, < 2.9.0.beta15", - "version_affected": "=" + "version_affected": "<=", + "version_name": "2.9.0.beta0", + "version_value": "2.9.0.beta0" + }, + { + "version_affected": "<", + "version_name": "2.9.0.beta16", + "version_value": "2.9.0.beta16" } ] } @@ -56,40 +38,67 @@ ] } }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, "references": { "reference_data": [ { - "url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp", - "refsource": "MISC", - "name": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp" + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp", + "refsource": "CONFIRM", + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp" }, { - "url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8", + "name": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8", "refsource": "MISC", - "name": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8" + "url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8" } ] }, "source": { "advisory": "GHSA-p47g-v5wr-p4xp", + "defect": [ + "GHSA-p47g-v5wr-p4xp" + ], "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 5.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "version": "3.1" - } - ] } } \ No newline at end of file From 92f0dcf473a457f5021878ff30b019a34c544f14 Mon Sep 17 00:00:00 2001 From: Shelby Cunningham Date: Thu, 5 Jan 2023 15:11:26 -0500 Subject: [PATCH 2/2] Add vendor and product names --- 2022/23xxx/CVE-2022-23549.json | 205 +++++++++++++++++---------------- 1 file changed, 105 insertions(+), 100 deletions(-) diff --git a/2022/23xxx/CVE-2022-23549.json b/2022/23xxx/CVE-2022-23549.json index 408f412538c..e0e2826989c 100644 --- a/2022/23xxx/CVE-2022-23549.json +++ b/2022/23xxx/CVE-2022-23549.json @@ -1,104 +1,109 @@ { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2022-23549", - "STATE": "PUBLIC", - "TITLE": "Discourse vulnerable to bypass of post max_length using HTML comments" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.8.14", - "version_value": "2.8.14" - }, - { - "version_affected": "<=", - "version_name": "2.9.0.beta0", - "version_value": "2.9.0.beta0" - }, - { - "version_affected": "<", - "version_name": "2.9.0.beta16", - "version_value": "2.9.0.beta16" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 5.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "CVE_data_meta": { + "ID": "CVE-2022-23549", + "ASSIGNER": "security-advisories@github.com", + "TITLE": "Discourse vulnerable to bypass of post max_length using HTML comments", + "STATE": "PUBLIC" + }, + "source": { + "defect": [ + "GHSA-p47g-v5wr-p4xp" + ], + "advisory": "GHSA-p47g-v5wr-p4xp", + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ { - "lang": "eng", - "value": "CWE-20 Improper Input Validation" + "version_name": "2.8.14", + "version_affected": "<", + "version_value": "2.8.14", + "platform": "" + }, + { + "version_name": "2.9.0.beta0", + "version_affected": "<=", + "version_value": "2.9.0.beta0", + "platform": "" + }, + { + "version_name": "2.9.0.beta16", + "version_affected": "<", + "version_value": "2.9.0.beta16", + "platform": "" } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp", - "refsource": "CONFIRM", - "url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp" - }, - { - "name": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8", - "refsource": "MISC", - "url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8" - } - ] - }, - "source": { - "advisory": "GHSA-p47g-v5wr-p4xp", - "defect": [ - "GHSA-p47g-v5wr-p4xp" - ], - "discovery": "UNKNOWN" + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp" + }, + { + "refsource": "MISC", + "url": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8", + "name": "https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8" + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + } + } +}