admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-06 10:00:45 +00:00
parent 8f28661591
commit 87aeef9f79
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 263 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2021/23xxx/CVE-2021-23163.json
View File

@ -1,92 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23163",
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JFrog",
"product": {
"product_data": [
{
"product_name": "JFrog Artifactory",
"version": {
"version_data": [
{
"version_name": "JFrog Artifactory versions before 7.33.6",
"version_affected": "<",
"version_value": "7.x",
"platform": ""
},
{
"version_name": "JFrog Artifactory versions before 6.23.38",
"version_affected": "<",
"version_value": "6.x",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23163",
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JFrog",
"product": {
"product_data": [
{
"product_name": "JFrog Artifactory",
"version": {
"version_data": [
{
"version_name": "JFrog Artifactory versions before 7.33.6",
"version_affected": "<",
"version_value": "7.x",
"platform": ""
},
{
"version_name": "JFrog Artifactory versions before 6.23.38",
"version_affected": "<",
"version_value": "6.x",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. \n\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.33.6 versions prior to 7.x;\nJFrog Artifactory versions before 6.23.38 versions prior to 6.x."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
},
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth",
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
},
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth",
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW"
}
}
}
}
}

170
2021/45xxx/CVE-2021-45721.json
View File

@ -1,92 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45721",
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JFrog",
"product": {
"product_data": [
{
"product_name": "JFrog Artifactory",
"version": {
"version_data": [
{
"version_name": "JFrog Artifactory versions before 7.36.1",
"version_affected": "<",
"version_value": "7.29.8",
"platform": ""
},
{
"version_name": "JFrog Artifactory versions before 6.23.41",
"version_affected": "<",
"version_value": "6.23.38",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45721",
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JFrog",
"product": {
"product_data": [
{
"product_name": "JFrog Artifactory",
"version": {
"version_data": [
{
"version_name": "JFrog Artifactory versions before 7.36.1",
"version_affected": "<",
"version_value": "7.29.8",
"platform": ""
},
{
"version_name": "JFrog Artifactory versions before 6.23.41",
"version_affected": "<",
"version_value": "6.23.38",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint.\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.36.1 versions prior to 7.29.8;\nJFrog Artifactory versions before 6.23.41 versions prior to 6.23.38."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
},
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API",
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
},
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API",
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
}
}
}
}

170
2021/46xxx/CVE-2021-46687.json
View File

@ -1,92 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46687",
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JFrog",
"product": {
"product_data": [
{
"product_name": "JFrog Artifactory",
"version": {
"version_data": [
{
"version_name": "JFrog Artifactory versions before 7.31.10",
"version_affected": "<",
"version_value": "7.x",
"platform": ""
},
{
"version_name": "JFrog Artifactory versions before 6.23.38",
"version_affected": "<",
"version_value": "6.x",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-46687",
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JFrog",
"product": {
"product_data": [
{
"product_name": "JFrog Artifactory",
"version": {
"version_data": [
{
"version_name": "JFrog Artifactory versions before 7.31.10",
"version_affected": "<",
"version_value": "7.x",
"platform": ""
},
{
"version_name": "JFrog Artifactory versions before 6.23.38",
"version_affected": "<",
"version_value": "6.x",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Information ('Privacy Violation')"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Information ('Privacy Violation')"
}
]
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API.\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.31.10 versions prior to 7.x;\nJFrog Artifactory versions before 6.23.38 versions prior to 6.x."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
},
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin",
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
},
{
"refsource": "MISC",
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin",
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
}
}
}
}
}

14
2022/32xxx/CVE-2022-32533.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option \"xss.filter.post = true\" may mitigate these issues.\n\nNOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue. "
"value": "** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option \"xss.filter.post = true\" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue."
}
]
},
@ -70,16 +70,18 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2",
"name": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2"
},
{
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2022/07/06/1"
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/07/06/1",
"name": "https://www.openwall.com/lists/oss-security/2022/07/06/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}