diff --git a/2021/29xxx/CVE-2021-29421.json b/2021/29xxx/CVE-2021-29421.json
index 58c8f65a958..7330959a706 100644
--- a/2021/29xxx/CVE-2021-29421.json
+++ b/2021/29xxx/CVE-2021-29421.json
@@ -66,6 +66,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-d97bc581be",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJG/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100",
+ "url": "https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100"
}
]
}
diff --git a/2021/38xxx/CVE-2021-38578.json b/2021/38xxx/CVE-2021-38578.json
index 8eb10d44ac6..7dde6400f1b 100644
--- a/2021/38xxx/CVE-2021-38578.json
+++ b/2021/38xxx/CVE-2021-38578.json
@@ -40,7 +40,7 @@
"version": {
"version_data": [
{
- "version_value": "edk-stable202208",
+ "version_value": "edk2-stable202208",
"version_affected": "="
}
]
@@ -67,19 +67,6 @@
"source": {
"discovery": "UNKNOWN"
},
- "solution": [
- {
- "lang": "en",
- "supportingMedia": [
- {
- "base64": false,
- "type": "text/html",
- "value": "patch https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6
"
- }
- ],
- "value": "patch\u00a0 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 \n\n"
- }
- ],
"impact": {
"cvss": [
{
diff --git a/2021/43xxx/CVE-2021-43033.json b/2021/43xxx/CVE-2021-43033.json
index 5fc924f362b..de29e9a1e42 100644
--- a/2021/43xxx/CVE-2021-43033.json
+++ b/2021/43xxx/CVE-2021-43033.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43034.json b/2021/43xxx/CVE-2021-43034.json
index 2b13a9d5ae4..886978e7289 100644
--- a/2021/43xxx/CVE-2021-43034.json
+++ b/2021/43xxx/CVE-2021-43034.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43035.json b/2021/43xxx/CVE-2021-43035.json
index 3688f2a6ab8..b245f524caa 100644
--- a/2021/43xxx/CVE-2021-43035.json
+++ b/2021/43xxx/CVE-2021-43035.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43036.json b/2021/43xxx/CVE-2021-43036.json
index ad2971e3c99..89a92c5511d 100644
--- a/2021/43xxx/CVE-2021-43036.json
+++ b/2021/43xxx/CVE-2021-43036.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43037.json b/2021/43xxx/CVE-2021-43037.json
index bd056b3b14a..5408aebfec5 100644
--- a/2021/43xxx/CVE-2021-43037.json
+++ b/2021/43xxx/CVE-2021-43037.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43038.json b/2021/43xxx/CVE-2021-43038.json
index d2a0e22765e..910efa4af9b 100644
--- a/2021/43xxx/CVE-2021-43038.json
+++ b/2021/43xxx/CVE-2021-43038.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43039.json b/2021/43xxx/CVE-2021-43039.json
index e34ed6125ad..c5c4d71d7a0 100644
--- a/2021/43xxx/CVE-2021-43039.json
+++ b/2021/43xxx/CVE-2021-43039.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43040.json b/2021/43xxx/CVE-2021-43040.json
index 37e2a56afe7..9a8034c666b 100644
--- a/2021/43xxx/CVE-2021-43040.json
+++ b/2021/43xxx/CVE-2021-43040.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43041.json b/2021/43xxx/CVE-2021-43041.json
index 21125d22e08..4ab369bd9b8 100644
--- a/2021/43xxx/CVE-2021-43041.json
+++ b/2021/43xxx/CVE-2021-43041.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43042.json b/2021/43xxx/CVE-2021-43042.json
index 61045e24c4e..fa42f830e82 100644
--- a/2021/43xxx/CVE-2021-43042.json
+++ b/2021/43xxx/CVE-2021-43042.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43043.json b/2021/43xxx/CVE-2021-43043.json
index 577cefb627c..69375883b3d 100644
--- a/2021/43xxx/CVE-2021-43043.json
+++ b/2021/43xxx/CVE-2021-43043.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43044.json b/2021/43xxx/CVE-2021-43044.json
index e9bf69d0c95..561219a9ce0 100644
--- a/2021/43xxx/CVE-2021-43044.json
+++ b/2021/43xxx/CVE-2021-43044.json
@@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1",
"url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2",
+ "url": "https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2"
}
]
}
diff --git a/2021/43xxx/CVE-2021-43258.json b/2021/43xxx/CVE-2021-43258.json
index be29c514384..dae092148a7 100644
--- a/2021/43xxx/CVE-2021-43258.json
+++ b/2021/43xxx/CVE-2021-43258.json
@@ -1,17 +1,71 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2021-43258",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2021-43258",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "http://www.churchdb.org/",
+ "refsource": "MISC",
+ "name": "http://www.churchdb.org/"
+ },
+ {
+ "url": "https://sourceforge.net/projects/churchinfo/files/",
+ "refsource": "MISC",
+ "name": "https://sourceforge.net/projects/churchinfo/files/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/rapid7/metasploit-framework/pull/17257",
+ "url": "https://github.com/rapid7/metasploit-framework/pull/17257"
}
]
}
diff --git a/2021/46xxx/CVE-2021-46849.json b/2021/46xxx/CVE-2021-46849.json
index 97a4f422606..1c98740638c 100644
--- a/2021/46xxx/CVE-2021-46849.json
+++ b/2021/46xxx/CVE-2021-46849.json
@@ -1,66 +1,17 @@
{
- "CVE_data_meta": {
- "ASSIGNER": "cve@mitre.org",
- "ID": "CVE-2021-46849",
- "STATE": "PUBLIC"
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
"data_type": "CVE",
+ "data_format": "MITRE",
"data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2021-46849",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
"description": {
"description_data": [
{
"lang": "eng",
- "value": "pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing."
- }
- ]
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "n/a"
- }
- ]
- }
- ]
- },
- "references": {
- "reference_data": [
- {
- "url": "https://bugs.gentoo.org/779475",
- "refsource": "MISC",
- "name": "https://bugs.gentoo.org/779475"
- },
- {
- "url": "https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100",
- "refsource": "MISC",
- "name": "https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100"
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29421. Reason: This candidate is a duplicate of CVE-2021-29421. Notes: All CVE users should reference CVE-2021-29421 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
diff --git a/2022/32xxx/CVE-2022-32060.json b/2022/32xxx/CVE-2022-32060.json
index 31c571d5e29..e883df12f5e 100644
--- a/2022/32xxx/CVE-2022-32060.json
+++ b/2022/32xxx/CVE-2022-32060.json
@@ -56,6 +56,11 @@
"url": "https://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-b15becc1a5ea",
"refsource": "MISC",
"name": "https://grimthereaperteam.medium.com/snipe-it-version-v6-0-2-file-upload-cross-site-scripting-b15becc1a5ea"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/bypazs/CVE-2022-32060",
+ "url": "https://github.com/bypazs/CVE-2022-32060"
}
]
}
diff --git a/2022/41xxx/CVE-2022-41875.json b/2022/41xxx/CVE-2022-41875.json
index 9b98593b6d5..2e81fe3ced3 100644
--- a/2022/41xxx/CVE-2022-41875.json
+++ b/2022/41xxx/CVE-2022-41875.json
@@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica.\n\nThe vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`."
+ "value": "A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`."
}
]
},
diff --git a/2022/41xxx/CVE-2022-41923.json b/2022/41xxx/CVE-2022-41923.json
index 3da1507e292..c5aaa9a5a09 100644
--- a/2022/41xxx/CVE-2022-41923.json
+++ b/2022/41xxx/CVE-2022-41923.json
@@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack.\n\nThis vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1.\n\nImpacted Applications:\nGrails Spring Security Core plugin versions:\n1.x\n2.x\n>=3.0.0 <3.3.2\n>=4.0.0 <4.0.5\n>=5.0.0 <5.1.1\n\nWe strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin.\n\nWorkarounds:\nUsers should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration:\n\n* `AnnotationFilterInvocationDefinition`\n* `InterceptUrlMapFilterInvocationDefinition`\n* `RequestmapFilterInvocationDefinition`\n\nIn each case, the subclass should override the `calculateUri` method like so:\n```\n@Override\nprotected String calculateUri(HttpServletRequest request) {\n UrlPathHelper.defaultInstance.getRequestUri(request)\n}\n```\n\nThis should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin."
+ "value": "Grails Spring Security Core plugin is vulnerable to privilege escalation. The vulnerability allows an attacker access to one endpoint (i.e. the targeted endpoint) using the authorization requirements of a different endpoint (i.e. the donor endpoint). In some Grails framework applications, access to the targeted endpoint will be granted based on meeting the authorization requirements of the donor endpoint, which can result in a privilege escalation attack. This vulnerability has been patched in grails-spring-security-core versions 3.3.2, 4.0.5 and 5.1.1. Impacted Applications: Grails Spring Security Core plugin versions: 1.x 2.x >=3.0.0 <3.3.2 >=4.0.0 <4.0.5 >=5.0.0 <5.1.1 We strongly suggest that all Grails framework applications using the Grails Spring Security Core plugin be updated to a patched release of the plugin. Workarounds: Users should create a subclass extending one of the following classes from the `grails.plugin.springsecurity.web.access.intercept` package, depending on their security configuration: * `AnnotationFilterInvocationDefinition` * `InterceptUrlMapFilterInvocationDefinition` * `RequestmapFilterInvocationDefinition` In each case, the subclass should override the `calculateUri` method like so: ``` @Override protected String calculateUri(HttpServletRequest request) { UrlPathHelper.defaultInstance.getRequestUri(request) } ``` This should be considered a temporary measure, as the patched versions of grails-spring-security-core deprecates the `calculateUri` method. Once upgraded to a patched version of the plugin, this workaround is no longer needed. The workaround is especially important for version 2.x, as no patch is available version 2.x of the GSSC plugin."
}
]
},
diff --git a/2022/41xxx/CVE-2022-41924.json b/2022/41xxx/CVE-2022-41924.json
index c2c848d0ca6..c97aa27d2d4 100644
--- a/2022/41xxx/CVE-2022-41924.json
+++ b/2022/41xxx/CVE-2022-41924.json
@@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. \n\nAll Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue."
+ "value": "A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue."
}
]
},
@@ -77,16 +77,16 @@
},
"references": {
"reference_data": [
- {
- "name": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp",
- "refsource": "CONFIRM",
- "url": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp"
- },
{
"name": "https://emily.id.au/tailscale",
"refsource": "MISC",
"url": "https://emily.id.au/tailscale"
},
+ {
+ "name": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/tailscale/tailscale/security/advisories/GHSA-vqp6-rc3h-83cp"
+ },
{
"name": "https://tailscale.com/security-bulletins/#ts-2022-004",
"refsource": "MISC",
diff --git a/2022/41xxx/CVE-2022-41925.json b/2022/41xxx/CVE-2022-41925.json
index 4a7247d9f97..e649809c44e 100644
--- a/2022/41xxx/CVE-2022-41925.json
+++ b/2022/41xxx/CVE-2022-41925.json
@@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node’s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node’s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user’s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop.\n\nAll Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue."
+ "value": "A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the node to rebind DNS for the peer API to an attacker-controlled DNS server, and then making peer API requests in the client, including accessing the node\u2019s Tailscale environment variables. An attacker with access to the peer API on a node could use that access to read the node\u2019s environment variables, including any credentials or secrets stored in environment variables. This may include Tailscale authentication keys, which could then be used to add new nodes to the user\u2019s tailnet. The peer API access could also be used to learn of other nodes in the tailnet or send files via Taildrop. All Tailscale clients prior to version v1.32.3 are affected. Upgrade to v1.32.3 or later to remediate the issue."
}
]
},
diff --git a/2022/41xxx/CVE-2022-41927.json b/2022/41xxx/CVE-2022-41927.json
index f5eff9e1d77..84f8ec2b26c 100644
--- a/2022/41xxx/CVE-2022-41927.json
+++ b/2022/41xxx/CVE-2022-41927.json
@@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
- "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation.\n\nThe problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. \n\nWorkarounds:\nIt's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting:\n```\n#if (!$services.csrf.isTokenValid($request.get('form_token')))\n #set ($discard = $response.sendError(401, \"Wrong CSRF token\"))\n#end\n```"
+ "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"
}
]
},
diff --git a/2022/41xxx/CVE-2022-41928.json b/2022/41xxx/CVE-2022-41928.json
index f29668ef1b4..83e018a3d9b 100644
--- a/2022/41xxx/CVE-2022-41928.json
+++ b/2022/41xxx/CVE-2022-41928.json
@@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
- "value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties.\n\nThis has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below:\n\n- 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\n- 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\n- 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
+ "value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
}
]
},