From 87aeef9f797c0928770400d1ed66fe52c64d5d3c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 6 Jul 2022 10:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/23xxx/CVE-2021-23163.json | 170 ++++++++++++++++----------------- 2021/45xxx/CVE-2021-45721.json | 170 ++++++++++++++++----------------- 2021/46xxx/CVE-2021-46687.json | 170 ++++++++++++++++----------------- 2022/32xxx/CVE-2022-32533.json | 14 +-- 4 files changed, 263 insertions(+), 261 deletions(-) diff --git a/2021/23xxx/CVE-2021-23163.json b/2021/23xxx/CVE-2021-23163.json index 0a6a961b42b..e1ea250e3f2 100644 --- a/2021/23xxx/CVE-2021-23163.json +++ b/2021/23xxx/CVE-2021-23163.json @@ -1,92 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-23163", - "ASSIGNER": "security@jfrog.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "JFrog", - "product": { - "product_data": [ - { - "product_name": "JFrog Artifactory", - "version": { - "version_data": [ - { - "version_name": "JFrog Artifactory versions before 7.33.6", - "version_affected": "<", - "version_value": "7.x", - "platform": "" - }, - { - "version_name": "JFrog Artifactory versions before 6.23.38", - "version_affected": "<", - "version_value": "6.x", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23163", + "ASSIGNER": "security@jfrog.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JFrog", + "product": { + "product_data": [ + { + "product_name": "JFrog Artifactory", + "version": { + "version_data": [ + { + "version_name": "JFrog Artifactory versions before 7.33.6", + "version_affected": "<", + "version_value": "7.x", + "platform": "" + }, + { + "version_name": "JFrog Artifactory versions before 6.23.38", + "version_affected": "<", + "version_value": "6.x", + "platform": "" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. \n\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.33.6 versions prior to 7.x;\nJFrog Artifactory versions before 6.23.38 versions prior to 6.x." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", - "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" - }, - { - "refsource": "MISC", - "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth", - "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth" - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 3.1, - "baseSeverity": "LOW" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", + "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" + }, + { + "refsource": "MISC", + "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth", + "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth" + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW" + } } - } -} +} \ No newline at end of file diff --git a/2021/45xxx/CVE-2021-45721.json b/2021/45xxx/CVE-2021-45721.json index 4b09359d7e4..2dfb41def8e 100644 --- a/2021/45xxx/CVE-2021-45721.json +++ b/2021/45xxx/CVE-2021-45721.json @@ -1,92 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-45721", - "ASSIGNER": "security@jfrog.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "JFrog", - "product": { - "product_data": [ - { - "product_name": "JFrog Artifactory", - "version": { - "version_data": [ - { - "version_name": "JFrog Artifactory versions before 7.36.1", - "version_affected": "<", - "version_value": "7.29.8", - "platform": "" - }, - { - "version_name": "JFrog Artifactory versions before 6.23.41", - "version_affected": "<", - "version_value": "6.23.38", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-45721", + "ASSIGNER": "security@jfrog.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JFrog", + "product": { + "product_data": [ + { + "product_name": "JFrog Artifactory", + "version": { + "version_data": [ + { + "version_name": "JFrog Artifactory versions before 7.36.1", + "version_affected": "<", + "version_value": "7.29.8", + "platform": "" + }, + { + "version_name": "JFrog Artifactory versions before 6.23.41", + "version_affected": "<", + "version_value": "6.23.38", + "platform": "" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint.\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.36.1 versions prior to 7.29.8;\nJFrog Artifactory versions before 6.23.41 versions prior to 6.23.38." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", - "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" - }, - { - "refsource": "MISC", - "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API", - "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API" - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", + "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" + }, + { + "refsource": "MISC", + "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API", + "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API" + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + } } - } -} +} \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46687.json b/2021/46xxx/CVE-2021-46687.json index d6866f7aef4..ee2ea90088e 100644 --- a/2021/46xxx/CVE-2021-46687.json +++ b/2021/46xxx/CVE-2021-46687.json @@ -1,92 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46687", - "ASSIGNER": "security@jfrog.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "JFrog", - "product": { - "product_data": [ - { - "product_name": "JFrog Artifactory", - "version": { - "version_data": [ - { - "version_name": "JFrog Artifactory versions before 7.31.10", - "version_affected": "<", - "version_value": "7.x", - "platform": "" - }, - { - "version_name": "JFrog Artifactory versions before 6.23.38", - "version_affected": "<", - "version_value": "6.x", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-46687", + "ASSIGNER": "security@jfrog.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JFrog", + "product": { + "product_data": [ + { + "product_name": "JFrog Artifactory", + "version": { + "version_data": [ + { + "version_name": "JFrog Artifactory versions before 7.31.10", + "version_affected": "<", + "version_value": "7.x", + "platform": "" + }, + { + "version_name": "JFrog Artifactory versions before 6.23.38", + "version_affected": "<", + "version_value": "6.x", + "platform": "" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-359 Exposure of Private Information ('Privacy Violation')" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-359 Exposure of Private Information ('Privacy Violation')" + } + ] + } ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API.\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.31.10 versions prior to 7.x;\nJFrog Artifactory versions before 6.23.38 versions prior to 6.x." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", - "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" - }, - { - "refsource": "MISC", - "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin", - "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin" - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "baseScore": 4.9, - "baseSeverity": "MEDIUM" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", + "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" + }, + { + "refsource": "MISC", + "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin", + "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin" + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + } } - } -} +} \ No newline at end of file diff --git a/2022/32xxx/CVE-2022-32533.json b/2022/32xxx/CVE-2022-32533.json index 01f6ad04eb2..b8da082a105 100644 --- a/2022/32xxx/CVE-2022-32533.json +++ b/2022/32xxx/CVE-2022-32533.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option \"xss.filter.post = true\" may mitigate these issues.\n\nNOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue. " + "value": "** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option \"xss.filter.post = true\" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue." } ] }, @@ -70,16 +70,18 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2" + "refsource": "MISC", + "url": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2", + "name": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2" }, { - "refsource": "CONFIRM", - "url": "https://www.openwall.com/lists/oss-security/2022/07/06/1" + "refsource": "MISC", + "url": "https://www.openwall.com/lists/oss-security/2022/07/06/1", + "name": "https://www.openwall.com/lists/oss-security/2022/07/06/1" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file