admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-06-28 21:00:36 +00:00
parent d9e9baec8d
commit 7d27fbbded
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
3 changed files with 262 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2024/38xxx/CVE-2024-38518.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-38518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be \"role=moderator\", allowing an attacker to join a meeting as moderator using a join link that was originally created for viewer access. This vulnerability has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bigbluebutton",
"product": {
"product_data": [
{
"product_name": "bigbluebutton",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.6.18"
},
{
"version_affected": "=",
"version_value": ">= 2.7.0, < 2.7.8"
},
{
"version_affected": "=",
"version_value": ">= 2.8.0, < 3.0.0-alpha.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4m48-49h7-f3c4",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-4m48-49h7-f3c4"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/pull/20279",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/pull/20279"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/a9d436accdcd26ea66bed9f391488ac128cd62d1",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/a9d436accdcd26ea66bed9f391488ac128cd62d1"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/ea6e9461dceae8fa593543d8c686f77bb8677e72",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/ea6e9461dceae8fa593543d8c686f77bb8677e72"
}
]
},
"source": {
"advisory": "GHSA-4m48-49h7-f3c4",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
]
}

99
2024/39xxx/CVE-2024-39302.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bigbluebutton",
"product": {
"product_data": [
{
"product_name": "bigbluebutton",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.6.18"
},
{
"version_affected": "=",
"version_value": ">= 2.7.0, < 2.7.8"
},
{
"version_affected": "=",
"version_value": ">= 2.8.0, < 3.0.0-alpha.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-5966-9hw8-q96q",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-5966-9hw8-q96q"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/04e916798b6b1f53f88513df3168f009b57b8f18",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/04e916798b6b1f53f88513df3168f009b57b8f18"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/b9a46197ed924783f06a24381e923b3329b9c91a",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/b9a46197ed924783f06a24381e923b3329b9c91a"
},
{
"url": "https://github.com/bigbluebutton/bigbluebutton/commit/f4502e4927609374f5356f824f5dac0101f9976a",
"refsource": "MISC",
"name": "https://github.com/bigbluebutton/bigbluebutton/commit/f4502e4927609374f5356f824f5dac0101f9976a"
}
]
},
"source": {
"advisory": "GHSA-5966-9hw8-q96q",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

76
2024/39xxx/CVE-2024-39307.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Kareadita",
"product": {
"product_data": [
{
"product_name": "Kavita",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 0.8.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Kareadita/Kavita/security/advisories/GHSA-r4qc-3w52-2v84",
"refsource": "MISC",
"name": "https://github.com/Kareadita/Kavita/security/advisories/GHSA-r4qc-3w52-2v84"
}
]
},
"source": {
"advisory": "GHSA-r4qc-3w52-2v84",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}