From 82e733a4afcd49fbe379e32f3b4741a478d6ba0d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Nov 2023 23:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/48xxx/CVE-2023-48304.json | 106 +++++++++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48305.json | 99 ++++++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48306.json | 106 +++++++++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48307.json | 90 ++++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48310.json | 7 ++- 2023/48xxx/CVE-2023-48699.json | 86 ++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48700.json | 85 ++++++++++++++++++++++++-- 2023/48xxx/CVE-2023-48701.json | 90 ++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6249.json | 18 ++++++ 9 files changed, 658 insertions(+), 29 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6249.json diff --git a/2023/48xxx/CVE-2023-48304.json b/2023/48xxx/CVE-2023-48304.json index e90c37dc0c7..a2d36c3dcd7 100644 --- a/2023/48xxx/CVE-2023-48304.json +++ b/2023/48xxx/CVE-2023-48304.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639: Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nextcloud", + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 25.0.0, < 25.0.11" + }, + { + "version_affected": "=", + "version_value": ">= 26.0.0, < 26.0.6" + }, + { + "version_affected": "=", + "version_value": ">= 27.0.0, < 27.1.0" + }, + { + "version_affected": "=", + "version_value": ">= 22.0.0, < 22.2.10.16" + }, + { + "version_affected": "=", + "version_value": ">= 23.0.0, < 23.0.12.11" + }, + { + "version_affected": "=", + "version_value": ">= 24.0.0, < 24.0.12.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8jwv-c8c8-9fr3", + "refsource": "MISC", + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8jwv-c8c8-9fr3" + }, + { + "url": "https://github.com/nextcloud/server/pull/40292", + "refsource": "MISC", + "name": "https://github.com/nextcloud/server/pull/40292" + }, + { + "url": "https://hackerone.com/reports/2112973", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2112973" + } + ] + }, + "source": { + "advisory": "GHSA-8jwv-c8c8-9fr3", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48305.json b/2023/48xxx/CVE-2023-48305.json index 7aa29c16c7a..ea6ca321e71 100644 --- a/2023/48xxx/CVE-2023-48305.json +++ b/2023/48xxx/CVE-2023-48305.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in plaintext into the log file. If the log file was then leaked or shared in any way the users' passwords would be leaked. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. As a workaround, change config setting `loglevel` to `1` or higher (should always be higher than 1 in production environments)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312: Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nextcloud", + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 25.0.0, < 25.0.11" + }, + { + "version_affected": "=", + "version_value": ">= 26.0.0, < 26.0.6" + }, + { + "version_affected": "=", + "version_value": ">= 27.0.0, < 27.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35p6-4992-w5fr", + "refsource": "MISC", + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35p6-4992-w5fr" + }, + { + "url": "https://github.com/nextcloud/server/issues/38461", + "refsource": "MISC", + "name": "https://github.com/nextcloud/server/issues/38461" + }, + { + "url": "https://github.com/nextcloud/server/pull/40013", + "refsource": "MISC", + "name": "https://github.com/nextcloud/server/pull/40013" + }, + { + "url": "https://hackerone.com/reports/2101165", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2101165" + } + ] + }, + "source": { + "advisory": "GHSA-35p6-4992-w5fr", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48306.json b/2023/48xxx/CVE-2023-48306.json index 1b298c6de51..6c2e389a3bd 100644 --- a/2023/48xxx/CVE-2023-48306.json +++ b/2023/48xxx/CVE-2023-48306.json @@ -1,17 +1,115 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918: Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nextcloud", + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 22.0.0, < 22.2.10.16" + }, + { + "version_affected": "=", + "version_value": ">= 23.0.0, < 23.0.12.11" + }, + { + "version_affected": "=", + "version_value": ">= 24.0.0, < 24.0.12.7" + }, + { + "version_affected": "=", + "version_value": ">= 25.0.0, < 25.0.11" + }, + { + "version_affected": "=", + "version_value": ">= 26.0.0, < 26.0.6" + }, + { + "version_affected": "=", + "version_value": ">= 27.0.0, < 27.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v", + "refsource": "MISC", + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v" + }, + { + "url": "https://github.com/nextcloud/server/pull/40234", + "refsource": "MISC", + "name": "https://github.com/nextcloud/server/pull/40234" + }, + { + "url": "https://hackerone.com/reports/2115212", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2115212" + } + ] + }, + "source": { + "advisory": "GHSA-8f69-f9jg-4x3v", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48307.json b/2023/48xxx/CVE-2023-48307.json index 1eb52893c53..631ef117500 100644 --- a/2023/48xxx/CVE-2023-48307.json +++ b/2023/48xxx/CVE-2023-48307.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918: Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nextcloud", + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 1.13.0, < 2.2.8" + }, + { + "version_affected": "=", + "version_value": ">= 3.1.0, < 3.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999", + "refsource": "MISC", + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999" + }, + { + "url": "https://github.com/nextcloud/mail/pull/8709", + "refsource": "MISC", + "name": "https://github.com/nextcloud/mail/pull/8709" + }, + { + "url": "https://hackerone.com/reports/1869714", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1869714" + } + ] + }, + "source": { + "advisory": "GHSA-4pp4-m8ph-2999", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48310.json b/2023/48xxx/CVE-2023-48310.json index a55564c09d6..303d871ef6f 100644 --- a/2023/48xxx/CVE-2023-48310.json +++ b/2023/48xxx/CVE-2023-48310.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Version 2.1.1 contains a patch for this issue." + "value": "TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue." } ] }, @@ -59,6 +59,11 @@ "refsource": "MISC", "name": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6" }, + { + "url": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-mmpf-rw6c-67mm", + "refsource": "MISC", + "name": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-mmpf-rw6c-67mm" + }, { "url": "https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7", "refsource": "MISC", diff --git a/2023/48xxx/CVE-2023-48699.json b/2023/48xxx/CVE-2023-48699.json index e46526013c9..bab79c67537 100644 --- a/2023/48xxx/CVE-2023-48699.json +++ b/2023/48xxx/CVE-2023-48699.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", + "cweId": "CWE-95" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ubertidavide", + "product": { + "product_data": [ + { + "product_name": "fastbots", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 0.1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9", + "refsource": "MISC", + "name": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9" + }, + { + "url": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806", + "refsource": "MISC", + "name": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806" + }, + { + "url": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57", + "refsource": "MISC", + "name": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57" + } + ] + }, + "source": { + "advisory": "GHSA-vccg-f4gp-45x9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48700.json b/2023/48xxx/CVE-2023-48700.json index b4a87c7deaa..87aa6df059e 100644 --- a/2023/48xxx/CVE-2023-48700.json +++ b/2023/48xxx/CVE-2023-48700.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Plaintext Storage of a Password", + "cweId": "CWE-256" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-312: Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nautobot", + "product": { + "product_data": [ + { + "product_name": "nautobot-plugin-device-onboarding", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 2.0.0, < 3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nautobot/nautobot-plugin-device-onboarding/security/advisories/GHSA-qf3c-rw9f-jh7v", + "refsource": "MISC", + "name": "https://github.com/nautobot/nautobot-plugin-device-onboarding/security/advisories/GHSA-qf3c-rw9f-jh7v" + } + ] + }, + "source": { + "advisory": "GHSA-qf3c-rw9f-jh7v", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48701.json b/2023/48xxx/CVE-2023-48701.json index 4afabe17469..0b63c05a53b 100644 --- a/2023/48xxx/CVE-2023-48701.json +++ b/2023/48xxx/CVE-2023-48701.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the \"Forms\" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "statamic", + "product": { + "product_data": [ + { + "product_name": "cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.4.15 " + }, + { + "version_affected": "=", + "version_value": ">= 4.0.0, < 4.36.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv" + }, + { + "url": "https://github.com/statamic/cms/releases/tag/v3.4.15", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/releases/tag/v3.4.15" + }, + { + "url": "https://github.com/statamic/cms/releases/tag/v4.36.0", + "refsource": "MISC", + "name": "https://github.com/statamic/cms/releases/tag/v4.36.0" + } + ] + }, + "source": { + "advisory": "GHSA-8jjh-j3c2-cjcv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6249.json b/2023/6xxx/CVE-2023-6249.json new file mode 100644 index 00000000000..b4d39749d18 --- /dev/null +++ b/2023/6xxx/CVE-2023-6249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file