From 828e209dfb581d6eceda267c13df93a30dcc0f89 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 6 Jul 2023 19:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/35xxx/CVE-2020-35525.json | 5 ++ 2020/36xxx/CVE-2020-36732.json | 5 ++ 2022/3xxx/CVE-2022-3515.json | 5 ++ 2023/1xxx/CVE-2023-1298.json | 2 +- 2023/26xxx/CVE-2023-26965.json | 5 ++ 2023/2xxx/CVE-2023-2183.json | 5 ++ 2023/2xxx/CVE-2023-2454.json | 5 ++ 2023/2xxx/CVE-2023-2455.json | 5 ++ 2023/2xxx/CVE-2023-2700.json | 5 ++ 2023/2xxx/CVE-2023-2801.json | 5 ++ 2023/34xxx/CVE-2023-34149.json | 5 ++ 2023/34xxx/CVE-2023-34396.json | 5 ++ 2023/36xxx/CVE-2023-36456.json | 100 +++++++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36459.json | 104 +++++++++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36460.json | 104 +++++++++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36461.json | 104 +++++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3141.json | 5 ++ 2023/3xxx/CVE-2023-3529.json | 85 +++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3530.json | 18 ++++++ 19 files changed, 556 insertions(+), 21 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3530.json diff --git a/2020/35xxx/CVE-2020-35525.json b/2020/35xxx/CVE-2020-35525.json index d629d51284d..678ffda311a 100644 --- a/2020/35xxx/CVE-2020-35525.json +++ b/2020/35xxx/CVE-2020-35525.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.sqlite.org/src/info/a67cf5b7d37d5b14", "url": "https://www.sqlite.org/src/info/a67cf5b7d37d5b14" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230706-0007/", + "url": "https://security.netapp.com/advisory/ntap-20230706-0007/" } ] }, diff --git a/2020/36xxx/CVE-2020-36732.json b/2020/36xxx/CVE-2020-36732.json index c4ca605c74a..c29fc16e8a6 100644 --- a/2020/36xxx/CVE-2020-36732.json +++ b/2020/36xxx/CVE-2020-36732.json @@ -76,6 +76,11 @@ "url": "https://github.com/brix/crypto-js/compare/3.2.0...3.2.1", "refsource": "MISC", "name": "https://github.com/brix/crypto-js/compare/3.2.0...3.2.1" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230706-0003/", + "url": "https://security.netapp.com/advisory/ntap-20230706-0003/" } ] } diff --git a/2022/3xxx/CVE-2022-3515.json b/2022/3xxx/CVE-2022-3515.json index 89d00ac2094..aac3a6984bf 100644 --- a/2022/3xxx/CVE-2022-3515.json +++ b/2022/3xxx/CVE-2022-3515.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/security/cve/CVE-2022-3515", "url": "https://access.redhat.com/security/cve/CVE-2022-3515" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230706-0008/", + "url": "https://security.netapp.com/advisory/ntap-20230706-0008/" } ] }, diff --git a/2023/1xxx/CVE-2023-1298.json b/2023/1xxx/CVE-2023-1298.json index 51905ced55b..2d6319759fd 100644 --- a/2023/1xxx/CVE-2023-1298.json +++ b/2023/1xxx/CVE-2023-1298.json @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "Tokyo Patch 4b" + "version_value": "San Diego Patch 10" } ] } diff --git a/2023/26xxx/CVE-2023-26965.json b/2023/26xxx/CVE-2023-26965.json index 699097a58e3..52383a3767c 100644 --- a/2023/26xxx/CVE-2023-26965.json +++ b/2023/26xxx/CVE-2023-26965.json @@ -56,6 +56,11 @@ "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472", "refsource": "MISC", "name": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230706-0009/", + "url": "https://security.netapp.com/advisory/ntap-20230706-0009/" } ] } diff --git a/2023/2xxx/CVE-2023-2183.json b/2023/2xxx/CVE-2023-2183.json index bdba7a4f77e..b35813ed2f8 100644 --- a/2023/2xxx/CVE-2023-2183.json +++ b/2023/2xxx/CVE-2023-2183.json @@ -116,6 +116,11 @@ "url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3", "refsource": "MISC", "name": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230706-0002/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230706-0002/" } ] }, diff --git a/2023/2xxx/CVE-2023-2454.json b/2023/2xxx/CVE-2023-2454.json index a31bdba7283..04ffb7ede5b 100644 --- a/2023/2xxx/CVE-2023-2454.json +++ b/2023/2xxx/CVE-2023-2454.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://www.postgresql.org/support/security/CVE-2023-2454/", "url": "https://www.postgresql.org/support/security/CVE-2023-2454/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230706-0006/", + "url": "https://security.netapp.com/advisory/ntap-20230706-0006/" } ] }, diff --git a/2023/2xxx/CVE-2023-2455.json b/2023/2xxx/CVE-2023-2455.json index 81e251311e2..e12419c7ba5 100644 --- a/2023/2xxx/CVE-2023-2455.json +++ b/2023/2xxx/CVE-2023-2455.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://www.postgresql.org/support/security/CVE-2023-2455/", "url": "https://www.postgresql.org/support/security/CVE-2023-2455/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230706-0006/", + "url": "https://security.netapp.com/advisory/ntap-20230706-0006/" } ] }, diff --git a/2023/2xxx/CVE-2023-2700.json b/2023/2xxx/CVE-2023-2700.json index b0636438164..adf2ecb4464 100644 --- a/2023/2xxx/CVE-2023-2700.json +++ b/2023/2xxx/CVE-2023-2700.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306", "url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230706-0001/", + "url": "https://security.netapp.com/advisory/ntap-20230706-0001/" } ] }, diff --git a/2023/2xxx/CVE-2023-2801.json b/2023/2xxx/CVE-2023-2801.json index f7cc9866ba4..8f5766cdbd8 100644 --- a/2023/2xxx/CVE-2023-2801.json +++ b/2023/2xxx/CVE-2023-2801.json @@ -81,6 +81,11 @@ "url": "https://grafana.com/security/security-advisories/cve-2023-2801/", "refsource": "MISC", "name": "https://grafana.com/security/security-advisories/cve-2023-2801/" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230706-0002/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230706-0002/" } ] }, diff --git a/2023/34xxx/CVE-2023-34149.json b/2023/34xxx/CVE-2023-34149.json index b62732f1bac..fb02805d8bf 100644 --- a/2023/34xxx/CVE-2023-34149.json +++ b/2023/34xxx/CVE-2023-34149.json @@ -79,6 +79,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/06/14/2", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/06/14/2" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230706-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ] }, diff --git a/2023/34xxx/CVE-2023-34396.json b/2023/34xxx/CVE-2023-34396.json index 94b996dcf97..bbca6895877 100644 --- a/2023/34xxx/CVE-2023-34396.json +++ b/2023/34xxx/CVE-2023-34396.json @@ -79,6 +79,11 @@ "url": "http://www.openwall.com/lists/oss-security/2023/06/14/3", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/06/14/3" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20230706-0005/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ] }, diff --git a/2023/36xxx/CVE-2023-36456.json b/2023/36xxx/CVE-2023-36456.json index 307bee778c6..31f439a6696 100644 --- a/2023/36xxx/CVE-2023-36456.json +++ b/2023/36xxx/CVE-2023-36456.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36456", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used.\n\nThis poses a possible security risk when someone has flows or policies that check the user's IP address, e.g. when they want to ignore the user's 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account's log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to.\n\nVersions 2023.4.3 and 2023.5.5 contain a patch for this issue.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-436: Interpretation Conflict", + "cweId": "CWE-436" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "goauthentik", + "product": { + "product_data": [ + { + "product_name": "authentik", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2023.4.3" + }, + { + "version_affected": "=", + "version_value": ">= 2023.5.0, < 2023.5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-cmxp-jcw7-jjjv", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/security/advisories/GHSA-cmxp-jcw7-jjjv" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/15026748d19d490eb2baf9a9566ead4f805f7dff", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/commit/15026748d19d490eb2baf9a9566ead4f805f7dff" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/c07a48a3eccbd7b23026f72136d3392bbc6f795a", + "refsource": "MISC", + "name": "https://github.com/goauthentik/authentik/commit/c07a48a3eccbd7b23026f72136d3392bbc6f795a" + }, + { + "url": "https://goauthentik.io/docs/releases/2023.4#fixed-in-202343", + "refsource": "MISC", + "name": "https://goauthentik.io/docs/releases/2023.4#fixed-in-202343" + }, + { + "url": "https://goauthentik.io/docs/releases/2023.5#fixed-in-202355", + "refsource": "MISC", + "name": "https://goauthentik.io/docs/releases/2023.5#fixed-in-202355" + } + ] + }, + "source": { + "advisory": "GHSA-cmxp-jcw7-jjjv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36459.json b/2023/36xxx/CVE-2023-36459.json index 174a1bad722..1daab17db74 100644 --- a/2023/36xxx/CVE-2023-36459.json +++ b/2023/36xxx/CVE-2023-36459.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36459", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mastodon", + "product": { + "product_data": [ + { + "product_name": "mastodon", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.3, < 3.5.9" + }, + { + "version_affected": "=", + "version_value": ">= 4.0.0, < 4.0.5" + }, + { + "version_affected": "=", + "version_value": ">= 4.1.0, < 4.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-ccm4-vgcc-73hp", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/security/advisories/GHSA-ccm4-vgcc-73hp" + }, + { + "url": "https://github.com/mastodon/mastodon/commit/6d8e0fae3e96f3cf4febe03fa7fcf5b95ff761b2", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/commit/6d8e0fae3e96f3cf4febe03fa7fcf5b95ff761b2" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3" + } + ] + }, + "source": { + "advisory": "GHSA-ccm4-vgcc-73hp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36460.json b/2023/36xxx/CVE-2023-36460.json index 1b20cce018c..af272c04416 100644 --- a/2023/36xxx/CVE-2023-36460.json +++ b/2023/36xxx/CVE-2023-36460.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36460", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mastodon", + "product": { + "product_data": [ + { + "product_name": "mastodon", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.5.0, < 3.5.9" + }, + { + "version_affected": "=", + "version_value": ">= 4.0.0, < 4.0.5" + }, + { + "version_affected": "=", + "version_value": ">= 4.1.0, < 4.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/security/advisories/GHSA-9928-3cp5-93fm" + }, + { + "url": "https://github.com/mastodon/mastodon/commit/dc8f1fbd976ae544720a4e07120d9a91b2722440", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/commit/dc8f1fbd976ae544720a4e07120d9a91b2722440" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3" + } + ] + }, + "source": { + "advisory": "GHSA-9928-3cp5-93fm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36461.json b/2023/36xxx/CVE-2023-36461.json index c110f353178..939b6e85840 100644 --- a/2023/36xxx/CVE-2023-36461.json +++ b/2023/36xxx/CVE-2023-36461.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mastodon", + "product": { + "product_data": [ + { + "product_name": "mastodon", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.5.9" + }, + { + "version_affected": "=", + "version_value": ">= 4.0.0, < 4.0.5" + }, + { + "version_affected": "=", + "version_value": ">= 4.1.0, < 4.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-9pxv-6qvf-pjwc", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/security/advisories/GHSA-9pxv-6qvf-pjwc" + }, + { + "url": "https://github.com/mastodon/mastodon/commit/c5929798bf7e56cc2c79b15bed0c4692ded3dcb6", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/commit/c5929798bf7e56cc2c79b15bed0c4692ded3dcb6" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v3.5.9" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v4.0.5" + }, + { + "url": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3", + "refsource": "MISC", + "name": "https://github.com/mastodon/mastodon/releases/tag/v4.1.3" + } + ] + }, + "source": { + "advisory": "GHSA-9pxv-6qvf-pjwc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3141.json b/2023/3xxx/CVE-2023-3141.json index ed2147c2d90..fccce91e6aa 100644 --- a/2023/3xxx/CVE-2023-3141.json +++ b/2023/3xxx/CVE-2023-3141.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230706-0004/", + "url": "https://security.netapp.com/advisory/ntap-20230706-0004/" } ] }, diff --git a/2023/3xxx/CVE-2023-3529.json b/2023/3xxx/CVE-2023-3529.json index a502c83f2c2..7a1e9ff57f3 100644 --- a/2023/3xxx/CVE-2023-3529.json +++ b/2023/3xxx/CVE-2023-3529.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3529", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in Rotem Dynamics Rotem CRM bis 20230729 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /LandingPages/api/otp/send?id=[ID][ampersand]method=sms der Komponente OTP URI Interface. Durch das Beeinflussen mit unbekannten Daten kann eine information exposure through discrepancy-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-203 Information Exposure Through Discrepancy", + "cweId": "CWE-203" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rotem Dynamics", + "product": { + "product_data": [ + { + "product_name": "Rotem CRM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20230729" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.233253", + "refsource": "MISC", + "name": "https://vuldb.com/?id.233253" + }, + { + "url": "https://vuldb.com/?ctiid.233253", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.233253" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/3xxx/CVE-2023-3530.json b/2023/3xxx/CVE-2023-3530.json new file mode 100644 index 00000000000..4d768c0cd2f --- /dev/null +++ b/2023/3xxx/CVE-2023-3530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file