diff --git a/2022/30xxx/CVE-2022-30159.json b/2022/30xxx/CVE-2022-30159.json index 57740d8c2f7..eb5f88226fc 100644 --- a/2022/30xxx/CVE-2022-30159.json +++ b/2022/30xxx/CVE-2022-30159.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172.\n\n" + "value": "Microsoft Office Information Disclosure Vulnerability" } ] }, @@ -35,27 +35,37 @@ "product": { "product_data": [ { - "product_name": "Microsoft SharePoint Enterprise Server", + "product_name": "Microsoft SharePoint Enterprise Server 2016", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "2016" - }, - { - "version_affected": "=", - "version_value": "2013 Service Pack 1" + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.5332.1001" } ] } }, { - "product_name": "Microsoft SharePoint Server", + "product_name": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "2019" + "version_affected": "<", + "version_name": "15.0.0", + "version_value": "15.0.5459.1001" + } + ] + } + }, + { + "product_name": "Microsoft SharePoint Server 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.10387.20008" } ] } @@ -65,19 +75,21 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "unspecified" + "version_affected": "<", + "version_name": "16.0.1", + "version_value": "16.0.14931.20612" } ] } }, { - "product_name": "Microsoft Office Web Apps", + "product_name": "Microsoft Office Web Apps Server 2013 Service Pack 1", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "Server 2013 Service Pack 1" + "version_affected": "<", + "version_name": "15.0.1", + "version_value": "15.0.5459.1001" } ] } @@ -87,8 +99,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "unspecified" + "version_affected": "<", + "version_name": "16.0.0", + "version_value": "16.0.14931.20418" } ] } @@ -108,32 +121,13 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 5.5, + "version": "3.1", "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "exploitCodeMaturity": "UNPROVEN", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "remediationLevel": "OFFICIAL_FIX", - "reportConfidence": "CONFIRMED", - "scope": "UNCHANGED", - "temporalScore": 4.8, - "temporalSeverity": "MEDIUM", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "version": "3.1" + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C" } ] } diff --git a/2024/45xxx/CVE-2024-45591.json b/2024/45xxx/CVE-2024-45591.json index de83f28a595..4dd65a8017e 100644 --- a/2024/45xxx/CVE-2024-45591.json +++ b/2024/45xxx/CVE-2024-45591.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", + "cweId": "CWE-359" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xwiki", + "product": { + "product_data": [ + { + "product_name": "xwiki-platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.8.0, < 15.10.9" + }, + { + "version_affected": "=", + "version_value": ">= 16.0.0-rc-1, < 16.3.0-rc-1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-22052", + "refsource": "MISC", + "name": "https://jira.xwiki.org/browse/XWIKI-22052" + } + ] + }, + "source": { + "advisory": "GHSA-pvmm-55r5-g3mm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] }