admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2017-18103 CVE-2018-5232

Browse Source
This commit is contained in:
David Black 2018-07-18 15:34:05 +10:00
parent f096e722d3
commit 7ca60ee231
2 changed files with 118 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2017/18xxx/CVE-2017-18103.json
View File

@ -1,8 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-07-18T00:00:00",
"ID": "CVE-2017-18103",
"STATE" : "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "atlassian-http",
"version": {
"version_data": [
{
"version_value": "2.0.2",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +36,26 @@
"description_data": [
{
"lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Content Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/HTTP-3"
}
]
}

58
2018/5xxx/CVE-2018-5232.json
View File

@ -1,8 +1,41 @@
{
"CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-07-18T00:00:00",
"ID": "CVE-2018-5232",
"STATE" : "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_value": "7.6.7",
"version_affected": "<"
},
{
"version_value": "7.7.0",
"version_affected": ">="
},
{
"version_value": "7.10.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +44,26 @@
"description_data": [
{
"lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-67410"
}
]
}