From 81c0899327802e17b962f4e4990519173d47acd7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Aug 2023 18:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/20xxx/CVE-2023-20890.json | 77 ++++++++++++++++++++++++++++-- 2023/34xxx/CVE-2023-34039.json | 77 ++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39522.json | 85 ++++++++++++++++++++++++++++++++-- 2023/41xxx/CVE-2023-41377.json | 18 +++++++ 2023/41xxx/CVE-2023-41378.json | 18 +++++++ 2023/41xxx/CVE-2023-41379.json | 18 +++++++ 2023/41xxx/CVE-2023-41380.json | 18 +++++++ 2023/41xxx/CVE-2023-41381.json | 18 +++++++ 2023/4xxx/CVE-2023-4610.json | 18 +++++++ 9 files changed, 335 insertions(+), 12 deletions(-) create mode 100644 2023/41xxx/CVE-2023-41377.json create mode 100644 2023/41xxx/CVE-2023-41378.json create mode 100644 2023/41xxx/CVE-2023-41379.json create mode 100644 2023/41xxx/CVE-2023-41380.json create mode 100644 2023/41xxx/CVE-2023-41381.json create mode 100644 2023/4xxx/CVE-2023-4610.json diff --git a/2023/20xxx/CVE-2023-20890.json b/2023/20xxx/CVE-2023-20890.json index 5c0207508e9..4200664d7d6 100644 --- a/2023/20xxx/CVE-2023-20890.json +++ b/2023/20xxx/CVE-2023-20890.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aria Operations for Networks contains an arbitrary file write vulnerability.\u00a0An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Write Vulnerability" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aria Operations for Networks", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Aria Operations for Networks 6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0018.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0018.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34039.json b/2023/34xxx/CVE-2023-34039.json index 386cfa674f3..f04ff3e657f 100644 --- a/2023/34xxx/CVE-2023-34039.json +++ b/2023/34xxx/CVE-2023-34039.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34039", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation.\u00a0A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass Vulnerability" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aria Operations for Networks", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Aria Operations for Networks 6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2023-0018.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2023-0018.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/39xxx/CVE-2023-39522.json b/2023/39xxx/CVE-2023-39522.json index 7a965d9798c..4eb91fc3da6 100644 --- a/2023/39xxx/CVE-2023-39522.json +++ b/2023/39xxx/CVE-2023-39522.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. An attacker can easily enumerate and check users' existence using the recovery flow, as a clear message is shown when a user doesn't exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-203: Observable Discrepancy", + "cweId": "CWE-203" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "goauthentik", + "product": { + "product_data": [ + { + "product_name": "authentik", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2023.6.0, < 2023.6.2" + }, + { + "version_affected": "=", + "version_value": "< 2023.5.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-vmf9-6pcv-xr87", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-vmf9-6pcv-xr87" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/aa874dd92a770d5f8cd8f265b7cdd31cd73a4599", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/commit/aa874dd92a770d5f8cd8f265b7cdd31cd73a4599" + } + ] + }, + "source": { + "advisory": "GHSA-vmf9-6pcv-xr87", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41377.json b/2023/41xxx/CVE-2023-41377.json new file mode 100644 index 00000000000..e5ae0ebd3f2 --- /dev/null +++ b/2023/41xxx/CVE-2023-41377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41378.json b/2023/41xxx/CVE-2023-41378.json new file mode 100644 index 00000000000..90a07a9b1cd --- /dev/null +++ b/2023/41xxx/CVE-2023-41378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41379.json b/2023/41xxx/CVE-2023-41379.json new file mode 100644 index 00000000000..1b1c88e036f --- /dev/null +++ b/2023/41xxx/CVE-2023-41379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41380.json b/2023/41xxx/CVE-2023-41380.json new file mode 100644 index 00000000000..5887c02b6ab --- /dev/null +++ b/2023/41xxx/CVE-2023-41380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/41xxx/CVE-2023-41381.json b/2023/41xxx/CVE-2023-41381.json new file mode 100644 index 00000000000..3c03dd4ac74 --- /dev/null +++ b/2023/41xxx/CVE-2023-41381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-41381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4610.json b/2023/4xxx/CVE-2023-4610.json new file mode 100644 index 00000000000..2d2ab59075b --- /dev/null +++ b/2023/4xxx/CVE-2023-4610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file