CVE-2023-22320

2025-06-10 02:04:31 +00:00 · 2023-01-10 11:40:39 +09:00 · 2023-01-10 11:40:39 +09:00 · 86a925453b
commit 86a925453b
parent fa905d48f2
1 changed files with 65 additions and 17 deletions
--- a/2023/22xxx/CVE-2023-22320.json
+++ b/2023/22xxx/CVE-2023-22320.json
@ -1,18 +1,66 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2023-22320",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+     "data_type": "CVE",
+     "data_format": "MITRE",
+     "data_version": "4.0",
+     "CVE_data_meta": {
+         "ID": "CVE-2022-22320",
+         "ASSIGNER": "vultures@jpcert.or.jp"
+     },
+     "affects": {
+         "vendor": {
+             "vendor_data": [
+                 {
+                     "vendor_name": "OpenAM consortium",
+                     "product": {
+                         "product_data": [
+                             {
+                                 "product_name": "OpenAM Web Policy Agent (OpenAM Consortium Edition)",
+                                 "version": {
+                                     "version_data": [
+                                         {
+                                             "version_value": "4.1.0"
+                                         }
+                                     ]
+                                 }
+                             }
+                         ]
+                     }
+                 }
+             ]
+         }
+     },
+     "problemtype": {
+         "problemtype_data": [
+             {
+                 "description": [
+                     {
+                         "lang": "eng",
+                         "value": "CWE-22: Path Traversal"
+                     }
+                 ]
+             }
+         ]
+     },
+     "references": {
+         "reference_data": [
+             {
+                 "url": "https://github.com/openam-jp/web-agents/issues/3",
+                 "refsource": "CONFIRM",
+                 "name": "issue#3: CVE-2023-22320"
+             },
+             {
+                 "url": "https://jvn.jp/en/vu/JVN91740661/",
+                 "refsource": "JVN",
+                 "name": "OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal"
+             }
+         ]
+     },
+     "description": {
+         "description_data": [
+             {
+                 "lang": "eng",
+                 "value": "OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly."
+             }
+         ]
+     }
+}