admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-21 23:00:35 +00:00
parent 4a41093db9
commit 82e733a4af
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 658 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2023/48xxx/CVE-2023-48304.json
View File

@ -1,17 +1,115 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-48304", "ID": "CVE-2023-48304",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 25.0.0, < 25.0.11"
},
{
"version_affected": "=",
"version_value": ">= 26.0.0, < 26.0.6"
},
{
"version_affected": "=",
"version_value": ">= 27.0.0, < 27.1.0"
},
{
"version_affected": "=",
"version_value": ">= 22.0.0, < 22.2.10.16"
},
{
"version_affected": "=",
"version_value": ">= 23.0.0, < 23.0.12.11"
},
{
"version_affected": "=",
"version_value": ">= 24.0.0, < 24.0.12.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8jwv-c8c8-9fr3",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8jwv-c8c8-9fr3"
},
{
"url": "https://github.com/nextcloud/server/pull/40292",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/40292"
},
{
"url": "https://hackerone.com/reports/2112973",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2112973"
}
]
},
"source": {
"advisory": "GHSA-8jwv-c8c8-9fr3",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

99
2023/48xxx/CVE-2023-48305.json
View File

@ -1,17 +1,108 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-48305", "ID": "CVE-2023-48305",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in plaintext into the log file. If the log file was then leaked or shared in any way the users' passwords would be leaked. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.11, 26.0.6, and 27.1.0 contain a patch for this issue. As a workaround, change config setting `loglevel` to `1` or higher (should always be higher than 1 in production environments)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 25.0.0, < 25.0.11"
},
{
"version_affected": "=",
"version_value": ">= 26.0.0, < 26.0.6"
},
{
"version_affected": "=",
"version_value": ">= 27.0.0, < 27.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35p6-4992-w5fr",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35p6-4992-w5fr"
},
{
"url": "https://github.com/nextcloud/server/issues/38461",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/issues/38461"
},
{
"url": "https://github.com/nextcloud/server/pull/40013",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/40013"
},
{
"url": "https://hackerone.com/reports/2101165",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2101165"
}
]
},
"source": {
"advisory": "GHSA-35p6-4992-w5fr",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

106
2023/48xxx/CVE-2023-48306.json
View File

@ -1,17 +1,115 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-48306", "ID": "CVE-2023-48306",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 22.0.0, < 22.2.10.16"
},
{
"version_affected": "=",
"version_value": ">= 23.0.0, < 23.0.12.11"
},
{
"version_affected": "=",
"version_value": ">= 24.0.0, < 24.0.12.7"
},
{
"version_affected": "=",
"version_value": ">= 25.0.0, < 25.0.11"
},
{
"version_affected": "=",
"version_value": ">= 26.0.0, < 26.0.6"
},
{
"version_affected": "=",
"version_value": ">= 27.0.0, < 27.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8f69-f9jg-4x3v"
},
{
"url": "https://github.com/nextcloud/server/pull/40234",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/40234"
},
{
"url": "https://hackerone.com/reports/2115212",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2115212"
}
]
},
"source": {
"advisory": "GHSA-8f69-f9jg-4x3v",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

90
2023/48xxx/CVE-2023-48307.json
View File

@ -1,17 +1,99 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-48307", "ID": "CVE-2023-48307",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.13.0, < 2.2.8"
},
{
"version_affected": "=",
"version_value": ">= 3.1.0, < 3.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4pp4-m8ph-2999"
},
{
"url": "https://github.com/nextcloud/mail/pull/8709",
"refsource": "MISC",
"name": "https://github.com/nextcloud/mail/pull/8709"
},
{
"url": "https://hackerone.com/reports/1869714",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1869714"
}
]
},
"source": {
"advisory": "GHSA-4pp4-m8ph-2999",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

7
2023/48xxx/CVE-2023-48310.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Version 2.1.1 contains a patch for this issue." "value": "TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue."
} }
] ]
}, },
@ -59,6 +59,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6" "name": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6"
}, },
{
"url": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-mmpf-rw6c-67mm",
"refsource": "MISC",
"name": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-mmpf-rw6c-67mm"
},
{ {
"url": "https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7", "url": "https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7",
"refsource": "MISC", "refsource": "MISC",

86
2023/48xxx/CVE-2023-48699.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-48699", "ID": "CVE-2023-48699",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
"cweId": "CWE-95"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ubertidavide",
"product": {
"product_data": [
{
"product_name": "fastbots",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.1.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9",
"refsource": "MISC",
"name": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9"
},
{
"url": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806",
"refsource": "MISC",
"name": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806"
},
{
"url": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57",
"refsource": "MISC",
"name": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57"
}
]
},
"source": {
"advisory": "GHSA-vccg-f4gp-45x9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

85
2023/48xxx/CVE-2023-48700.json
View File

@ -1,17 +1,94 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-48700", "ID": "CVE-2023-48700",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Plaintext Storage of a Password",
"cweId": "CWE-256"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nautobot",
"product": {
"product_data": [
{
"product_name": "nautobot-plugin-device-onboarding",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 3.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nautobot/nautobot-plugin-device-onboarding/security/advisories/GHSA-qf3c-rw9f-jh7v",
"refsource": "MISC",
"name": "https://github.com/nautobot/nautobot-plugin-device-onboarding/security/advisories/GHSA-qf3c-rw9f-jh7v"
}
]
},
"source": {
"advisory": "GHSA-qf3c-rw9f-jh7v",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

90
2023/48xxx/CVE-2023-48701.json
View File

@ -1,17 +1,99 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-48701", "ID": "CVE-2023-48701",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the \"Forms\" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "statamic",
"product": {
"product_data": [
{
"product_name": "cms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.4.15 "
},
{
"version_affected": "=",
"version_value": ">= 4.0.0, < 4.36.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv"
},
{
"url": "https://github.com/statamic/cms/releases/tag/v3.4.15",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/releases/tag/v3.4.15"
},
{
"url": "https://github.com/statamic/cms/releases/tag/v4.36.0",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/releases/tag/v4.36.0"
}
]
},
"source": {
"advisory": "GHSA-8jjh-j3c2-cjcv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
} }
] ]
} }

18
2023/6xxx/CVE-2023-6249.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6249",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}