admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-22 14:01:23 +00:00
parent a892367167
commit 87d58a191f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 44 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/13xxx/CVE-2020-13379.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on." "value": "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault."
} }
] ]
}, },

18
2020/14xxx/CVE-2020-14970.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/14xxx/CVE-2020-14971.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

4
2020/8xxx/CVE-2020-8903.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-coordination@google.com", "ASSIGNER": "security@google.com",
"ID": "CVE-2020-8903", "ID": "CVE-2020-8903",
"STATE": "PUBLIC", "STATE": "PUBLIC",
"TITLE": "Priviged Escalation in Google Cloud Platform's Guest-OSLogin" "TITLE": "Priviged Escalation in Google Cloud Platform's Guest-OSLogin"
@ -100,4 +100,4 @@
"source": { "source": {
"discovery": "EXTERNAL" "discovery": "EXTERNAL"
} }
} }

7
2020/8xxx/CVE-2020-8907.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-coordination@google.com", "ASSIGNER": "security@google.com",
"ID": "CVE-2020-8907", "ID": "CVE-2020-8907",
"STATE": "PUBLIC", "STATE": "PUBLIC",
"TITLE": "Priviged Escalation in Google Cloud Platform's Guest-OSLogin" "TITLE": "Priviged Escalation in Google Cloud Platform's Guest-OSLogin"
@ -43,7 +43,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using their membership to the \"docker\" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"docker\" user from the OS Login entry." "value": "A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using their membership to the \"docker\" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"docker\" user from the OS Login entry."
} }
] ]
}, },
@ -100,5 +100,4 @@
"source": { "source": {
"discovery": "EXTERNAL" "discovery": "EXTERNAL"
} }
} }

5
2020/8xxx/CVE-2020-8933.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-coordination@google.com", "ASSIGNER": "security@google.com",
"ID": "CVE-2020-8933", "ID": "CVE-2020-8933",
"STATE": "PUBLIC", "STATE": "PUBLIC",
"TITLE": "Priviged Escalation in Google Cloud Platform's Guest-OSLogin" "TITLE": "Priviged Escalation in Google Cloud Platform's Guest-OSLogin"
@ -100,5 +100,4 @@
"source": { "source": {
"discovery": "EXTERNAL" "discovery": "EXTERNAL"
} }
} }