admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-02 13:01:00 +00:00
parent 337f6bc029
commit 86bf4f9ee9
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
14 changed files with 62 additions and 1119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
2023/7xxx/CVE-2023-7216.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system." "value": "A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, this allows writing files in arbitrary directories through symlinks."
} }
] ]
}, },
@ -147,6 +147,12 @@
} }
] ]
}, },
"work_around": [
{
"lang": "en",
"value": "Use the --no-absolute-filenames option to avoid this behaviour."
}
],
"credits": [ "credits": [
{ {
"lang": "en", "lang": "en",
@ -157,16 +163,16 @@
"cvss": [ "cvss": [
{ {
"attackComplexity": "LOW", "attackComplexity": "LOW",
"attackVector": "NETWORK", "attackVector": "LOCAL",
"availabilityImpact": "HIGH", "availabilityImpact": "LOW",
"baseScore": 8.8, "baseScore": 5.3,
"baseSeverity": "HIGH", "baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH", "confidentialityImpact": "LOW",
"integrityImpact": "HIGH", "integrityImpact": "LOW",
"privilegesRequired": "NONE", "privilegesRequired": "NONE",
"scope": "UNCHANGED", "scope": "UNCHANGED",
"userInteraction": "REQUIRED", "userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1" "version": "3.1"
} }
] ]

5
2024/0xxx/CVE-2024-0670.json
View File

@ -69,11 +69,6 @@
"url": "https://checkmk.com/werk/16361", "url": "https://checkmk.com/werk/16361",
"refsource": "MISC", "refsource": "MISC",
"name": "https://checkmk.com/werk/16361" "name": "https://checkmk.com/werk/16361"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/29",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2024/Mar/29"
} }
] ]
}, },

101
2024/28xxx/CVE-2024-28847.json
View File

@ -1,110 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28847", "ID": "CVE-2024-28847",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "open-metadata",
"product": {
"product_data": [
{
"product_name": "OpenMetadata",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435",
"refsource": "MISC",
"name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435"
},
{
"url": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection",
"refsource": "MISC",
"name": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection"
},
{
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693",
"refsource": "MISC",
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693"
},
{
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83",
"refsource": "MISC",
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83"
},
{
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219",
"refsource": "MISC",
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219"
},
{
"url": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289",
"refsource": "MISC",
"name": "https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289"
}
]
},
"source": {
"advisory": "GHSA-8p5r-6mvv-2435",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

91
2024/28xxx/CVE-2024-28848.json
View File

@ -1,100 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28848", "ID": "CVE-2024-28848",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `\u200eCompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/policies/validation/condition/<expression>` endpoint passes user-controlled data `CompiledRule::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and therefore any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-236`. This issue may lead to Remote Code Execution and has been resolved in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "open-metadata",
"product": {
"product_data": [
{
"product_name": "OpenMetadata",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r",
"refsource": "MISC",
"name": "https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r"
},
{
"url": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection",
"refsource": "MISC",
"name": "https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection"
},
{
"url": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51",
"refsource": "MISC",
"name": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51"
},
{
"url": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57",
"refsource": "MISC",
"name": "https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57"
}
]
},
"source": {
"advisory": "GHSA-5xv3-fm7g-865r",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

96
2024/28xxx/CVE-2024-28849.json
View File

@ -1,105 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28849", "ID": "CVE-2024-28849",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "follow-redirects",
"product": {
"product_data": [
{
"product_name": "follow-redirects",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.15.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"refsource": "MISC",
"name": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
},
{
"url": "https://github.com/psf/requests/issues/1885",
"refsource": "MISC",
"name": "https://github.com/psf/requests/issues/1885"
},
{
"url": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b",
"refsource": "MISC",
"name": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"
},
{
"url": "https://hackerone.com/reports/2390009",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2390009"
},
{
"url": "https://fetch.spec.whatwg.org/#authentication-entries",
"refsource": "MISC",
"name": "https://fetch.spec.whatwg.org/#authentication-entries"
}
]
},
"source": {
"advisory": "GHSA-cxjh-pqwp-8mfp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

86
2024/28xxx/CVE-2024-28851.json
View File

@ -1,95 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28851", "ID": "CVE-2024-28851",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "snowflakedb",
"product": {
"product_data": [
{
"product_name": "snowflake-hive-metastore-connector",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< dfbf87dff4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/security/advisories/GHSA-r68p-g2x9-mq7x",
"refsource": "MISC",
"name": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/security/advisories/GHSA-r68p-g2x9-mq7x"
},
{
"url": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/commit/dfbf87dff456f6bb62c927711d97316f0c71d8ca",
"refsource": "MISC",
"name": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/commit/dfbf87dff456f6bb62c927711d97316f0c71d8ca"
},
{
"url": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/blob/master/scripts/add_snowflake_hive_metastore_connector_script_action.sh",
"refsource": "MISC",
"name": "https://github.com/snowflakedb/snowflake-hive-metastore-connector/blob/master/scripts/add_snowflake_hive_metastore_connector_script_action.sh"
}
]
},
"source": {
"advisory": "GHSA-r68p-g2x9-mq7x",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

86
2024/28xxx/CVE-2024-28854.json
View File

@ -1,95 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28854", "ID": "CVE-2024-28854",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as `usize::MAX` as the parameter to `Builder::max_handshakes`.\n\n" "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tmccombs",
"product": {
"product_data": [
{
"product_name": "tls-listener",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7",
"refsource": "MISC",
"name": "https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7"
},
{
"url": "https://github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4",
"refsource": "MISC",
"name": "https://github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4"
},
{
"url": "https://en.wikipedia.org/wiki/Slowloris_(computer_security)",
"refsource": "MISC",
"name": "https://en.wikipedia.org/wiki/Slowloris_(computer_security)"
}
]
},
"source": {
"advisory": "GHSA-2qph-qpvm-2qf7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
} }
] ]
} }

135
2024/28xxx/CVE-2024-28855.json
View File

@ -1,144 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28855", "ID": "CVE-2024-28855",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15. An attacker could create a malicious link, where he injected code which would be rendered as part of the login screen. While it was possible to inject HTML including JavaScript, the execution of such scripts would be prevented by the Content Security Policy. Versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15 contain a patch for this issue. No known workarounds are available." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zitadel",
"product": {
"product_data": [
{
"product_name": "zitadel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.41.15"
},
{
"version_affected": "=",
"version_value": ">= 2.42.0, < 2.42.15"
},
{
"version_affected": "=",
"version_value": ">= 2.43.0, < 2.43.9"
},
{
"version_affected": "=",
"version_value": ">= 2.44.0, < 2.44.3"
},
{
"version_affected": "=",
"version_value": "= 2.45.0"
},
{
"version_affected": "=",
"version_value": "= 2.46.0"
},
{
"version_affected": "=",
"version_value": ">= 2.47.0, < 2.47.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-hfrg-4jwr-jfpj",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-hfrg-4jwr-jfpj"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.41.15",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.41.15"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.42.15",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.42.15"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.43.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.43.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.44.3",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.44.3"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.45.1",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.45.1"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.46.1",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.46.1"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.47.3",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.47.3"
}
]
},
"source": {
"advisory": "GHSA-hfrg-4jwr-jfpj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
} }
] ]
} }

81
2024/28xxx/CVE-2024-28859.json
View File

@ -1,90 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28859", "ID": "CVE-2024-28859",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. Symfony 1 depends on Swift Mailer which is bundled by default in vendor directory in the default installation since 1.3.0. Swift Mailer classes implement some `__destruct()` methods. These methods are called when php destroys the object in memory. However, it is possible to include any object type in `$this->_keys` to make PHP access to another array/object properties than intended by the developer. In particular, it is possible to abuse the array access which is triggered on foreach($this->_keys ...) for any class implementing ArrayAccess interface. This may allow an attacker to execute any PHP command which leads to remote code execution. This issue has been addressed in version 1.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FriendsOfSymfony1",
"product": {
"product_data": [
{
"product_name": "symfony1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.3.0, < 1.5.18"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-wjv8-pxr6-5f4r",
"refsource": "MISC",
"name": "https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-wjv8-pxr6-5f4r"
},
{
"url": "https://github.com/FriendsOfSymfony1/symfony1/commit/edb850f94fb4de18ca53d0d1824910d6e8130166",
"refsource": "MISC",
"name": "https://github.com/FriendsOfSymfony1/symfony1/commit/edb850f94fb4de18ca53d0d1824910d6e8130166"
}
]
},
"source": {
"advisory": "GHSA-wjv8-pxr6-5f4r",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }

80
2024/28xxx/CVE-2024-28862.json
View File

@ -1,89 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28862", "ID": "CVE-2024-28862",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mdp",
"product": {
"product_data": [
{
"product_name": "rotp",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "= 6.2.2"
},
{
"version_affected": "=",
"version_value": "= 6.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f",
"refsource": "MISC",
"name": "https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f"
}
]
},
"source": {
"advisory": "GHSA-x2h8-qmj4-g62f",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }

91
2024/28xxx/CVE-2024-28864.json
View File

@ -1,100 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28864", "ID": "CVE-2024-28864",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `\\n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IlicMiljan",
"product": {
"product_data": [
{
"product_name": "Secure-Props",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.2.0, < 1.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/IlicMiljan/Secure-Props/security/advisories/GHSA-rj29-j2g4-77q8",
"refsource": "MISC",
"name": "https://github.com/IlicMiljan/Secure-Props/security/advisories/GHSA-rj29-j2g4-77q8"
},
{
"url": "https://github.com/IlicMiljan/Secure-Props/issues/20",
"refsource": "MISC",
"name": "https://github.com/IlicMiljan/Secure-Props/issues/20"
},
{
"url": "https://github.com/IlicMiljan/Secure-Props/pull/21",
"refsource": "MISC",
"name": "https://github.com/IlicMiljan/Secure-Props/pull/21"
},
{
"url": "https://github.com/IlicMiljan/Secure-Props/commit/ab7b561040cd37fda3dbf9a6cab01fefcaa16627",
"refsource": "MISC",
"name": "https://github.com/IlicMiljan/Secure-Props/commit/ab7b561040cd37fda3dbf9a6cab01fefcaa16627"
}
]
},
"source": {
"advisory": "GHSA-rj29-j2g4-77q8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

81
2024/28xxx/CVE-2024-28865.json
View File

@ -1,90 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-28865", "ID": "CVE-2024-28865",
"ASSIGNER": "security-advisories@github.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "django-wiki",
"product": {
"product_data": [
{
"product_name": "django-wiki",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.10.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h",
"refsource": "MISC",
"name": "https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h"
},
{
"url": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c",
"refsource": "MISC",
"name": "https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c"
}
]
},
"source": {
"advisory": "GHSA-wj85-w4f4-xh8h",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
} }
] ]
} }

97
2024/2xxx/CVE-2024-2371.json
View File

@ -1,106 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2371", "ID": "CVE-2024-2371",
"ASSIGNER": "cve-coordination@incibe.es", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Korenix",
"product": {
"product_data": [
{
"product_name": "JetI/O 6550",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "F208 Build:0817"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/information-exposure-vulnerability-korenix-jetio-6550",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/information-exposure-vulnerability-korenix-jetio-6550"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"credits": [
{
"lang": "en",
"value": "HADESS"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
} }
] ]
} }

129
2024/2xxx/CVE-2024-2390.json
View File

@ -1,138 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-2390", "ID": "CVE-2024-2390",
"ASSIGNER": "vulnreport@tenable.com", "ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC" "STATE": "RESERVED"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "\nAs a part of Tenable\u2019s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n" "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenable",
"product": {
"product_data": [
{
"product_name": "Nessus Agent",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "#202403142053",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Nessus",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "#202403142053",
"status": "affected",
"version": "0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/tns-2024-05",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2024-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "TNS-2024-05",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nTenable has released updates to plugins to resolve the issue. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202403142053.\n\n<br>"
}
],
"value": "\nTenable has released updates to plugins to resolve the issue. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202403142053.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Rich Sprigg (RythmStick)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }