admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-06 10:00:45 +00:00
parent 8f28661591
commit 87aeef9f79
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 263 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2021/23xxx/CVE-2021-23163.json
View File

@ -1,92 +1,92 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-23163", "ID": "CVE-2021-23163",
"ASSIGNER": "security@jfrog.com", "ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "JFrog", "vendor_name": "JFrog",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "JFrog Artifactory", "product_name": "JFrog Artifactory",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_name": "JFrog Artifactory versions before 7.33.6", "version_name": "JFrog Artifactory versions before 7.33.6",
"version_affected": "<", "version_affected": "<",
"version_value": "7.x", "version_value": "7.x",
"platform": "" "platform": ""
}, },
{ {
"version_name": "JFrog Artifactory versions before 6.23.38", "version_name": "JFrog Artifactory versions before 6.23.38",
"version_affected": "<", "version_affected": "<",
"version_value": "6.x", "version_value": "6.x",
"platform": "" "platform": ""
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
"lang": "eng", }
"value": "CWE-352 Cross-Site Request Forgery (CSRF)" ]
} }
] ]
} },
] "description": {
}, "description_data": [
"description": { {
"description_data": [ "lang": "eng",
{ "value": "JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x."
"lang": "eng", }
"value": "JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. \n\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.33.6 versions prior to 7.x;\nJFrog Artifactory versions before 6.23.38 versions prior to 6.x." ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "refsource": "MISC",
{ "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"refsource": "MISC", "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", },
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" {
}, "refsource": "MISC",
{ "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth",
"refsource": "MISC", "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth"
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth", }
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth" ]
} },
] "impact": {
}, "cvss": {
"impact": { "version": "3.1",
"cvss": { "attackVector": "NETWORK",
"version": "3.1", "attackComplexity": "HIGH",
"attackVector": "NETWORK", "privilegesRequired": "NONE",
"attackComplexity": "HIGH", "userInteraction": "REQUIRED",
"privilegesRequired": "NONE", "scope": "UNCHANGED",
"userInteraction": "REQUIRED", "confidentialityImpact": "NONE",
"scope": "UNCHANGED", "integrityImpact": "LOW",
"confidentialityImpact": "NONE", "availabilityImpact": "NONE",
"integrityImpact": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"availabilityImpact": "NONE", "baseScore": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"
"baseScore": 3.1, }
"baseSeverity": "LOW"
} }
} }
}

170
2021/45xxx/CVE-2021-45721.json
View File

@ -1,92 +1,92 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-45721", "ID": "CVE-2021-45721",
"ASSIGNER": "security@jfrog.com", "ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "JFrog", "vendor_name": "JFrog",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "JFrog Artifactory", "product_name": "JFrog Artifactory",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_name": "JFrog Artifactory versions before 7.36.1", "version_name": "JFrog Artifactory versions before 7.36.1",
"version_affected": "<", "version_affected": "<",
"version_value": "7.29.8", "version_value": "7.29.8",
"platform": "" "platform": ""
}, },
{ {
"version_name": "JFrog Artifactory versions before 6.23.41", "version_name": "JFrog Artifactory versions before 6.23.41",
"version_affected": "<", "version_affected": "<",
"version_value": "6.23.38", "version_value": "6.23.38",
"platform": "" "platform": ""
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-79 Cross-site Scripting (XSS)"
"lang": "eng", }
"value": "CWE-79 Cross-site Scripting (XSS)" ]
} }
] ]
} },
] "description": {
}, "description_data": [
"description": { {
"description_data": [ "lang": "eng",
{ "value": "JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38."
"lang": "eng", }
"value": "JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint.\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.36.1 versions prior to 7.29.8;\nJFrog Artifactory versions before 6.23.41 versions prior to 6.23.38." ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "refsource": "MISC",
{ "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"refsource": "MISC", "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", },
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" {
}, "refsource": "MISC",
{ "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API",
"refsource": "MISC", "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API"
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API", }
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API" ]
} },
] "impact": {
}, "cvss": {
"impact": { "version": "3.1",
"cvss": { "attackVector": "NETWORK",
"version": "3.1", "attackComplexity": "LOW",
"attackVector": "NETWORK", "privilegesRequired": "HIGH",
"attackComplexity": "LOW", "userInteraction": "REQUIRED",
"privilegesRequired": "HIGH", "scope": "UNCHANGED",
"userInteraction": "REQUIRED", "confidentialityImpact": "HIGH",
"scope": "UNCHANGED", "integrityImpact": "HIGH",
"confidentialityImpact": "HIGH", "availabilityImpact": "NONE",
"integrityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"availabilityImpact": "NONE", "baseScore": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "baseSeverity": "MEDIUM"
"baseScore": 6.1, }
"baseSeverity": "MEDIUM"
} }
} }
}

170
2021/46xxx/CVE-2021-46687.json
View File

@ -1,92 +1,92 @@
{ {
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-46687", "ID": "CVE-2021-46687",
"ASSIGNER": "security@jfrog.com", "ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "JFrog", "vendor_name": "JFrog",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "JFrog Artifactory", "product_name": "JFrog Artifactory",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_name": "JFrog Artifactory versions before 7.31.10", "version_name": "JFrog Artifactory versions before 7.31.10",
"version_affected": "<", "version_affected": "<",
"version_value": "7.x", "version_value": "7.x",
"platform": "" "platform": ""
}, },
{ {
"version_name": "JFrog Artifactory versions before 6.23.38", "version_name": "JFrog Artifactory versions before 6.23.38",
"version_affected": "<", "version_affected": "<",
"version_value": "6.x", "version_value": "6.x",
"platform": "" "platform": ""
}
]
}
}
]
} }
]
} }
}
] ]
}
} }
] },
} "problemtype": {
}, "problemtype_data": [
"problemtype": { {
"problemtype_data": [ "description": [
{ {
"description": [ "lang": "eng",
{ "value": "CWE-359 Exposure of Private Information ('Privacy Violation')"
"lang": "eng", }
"value": "CWE-359 Exposure of Private Information ('Privacy Violation')" ]
} }
] ]
} },
] "description": {
}, "description_data": [
"description": { {
"description_data": [ "lang": "eng",
{ "value": "JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x."
"lang": "eng", }
"value": "JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API.\n\nThis issue affects:\nJFrog JFrog Artifactory\nJFrog Artifactory versions before 7.31.10 versions prior to 7.x;\nJFrog Artifactory versions before 6.23.38 versions prior to 6.x." ]
} },
] "references": {
}, "reference_data": [
"references": { {
"reference_data": [ "refsource": "MISC",
{ "url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories",
"refsource": "MISC", "name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories"
"url": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories", },
"name": "https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories" {
}, "refsource": "MISC",
{ "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin",
"refsource": "MISC", "name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin"
"url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin", }
"name": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin" ]
} },
] "impact": {
}, "cvss": {
"impact": { "version": "3.1",
"cvss": { "attackVector": "NETWORK",
"version": "3.1", "attackComplexity": "LOW",
"attackVector": "NETWORK", "privilegesRequired": "HIGH",
"attackComplexity": "LOW", "userInteraction": "NONE",
"privilegesRequired": "HIGH", "scope": "UNCHANGED",
"userInteraction": "NONE", "confidentialityImpact": "HIGH",
"scope": "UNCHANGED", "integrityImpact": "NONE",
"confidentialityImpact": "HIGH", "availabilityImpact": "NONE",
"integrityImpact": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"availabilityImpact": "NONE", "baseScore": 4.9,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseSeverity": "MEDIUM"
"baseScore": 4.9, }
"baseSeverity": "MEDIUM"
} }
} }
}

14
2022/32xxx/CVE-2022-32533.json
View File

@ -43,7 +43,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option \"xss.filter.post = true\" may mitigate these issues.\n\nNOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue. " "value": "** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option \"xss.filter.post = true\" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue."
} }
] ]
}, },
@ -70,16 +70,18 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2" "url": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2",
"name": "https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2"
}, },
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/07/06/1" "url": "https://www.openwall.com/lists/oss-security/2022/07/06/1",
"name": "https://www.openwall.com/lists/oss-security/2022/07/06/1"
} }
] ]
}, },
"source": { "source": {
"discovery": "UNKNOWN" "discovery": "UNKNOWN"
} }
} }