From 8b5e354abf5cf6c518a61ab5c7bc6bb5886a8f44 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Jan 2025 23:00:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0402.json | 18 +++++++ 2021/0xxx/CVE-2021-0323.json | 8 ++-- 2021/0xxx/CVE-2021-0447.json | 8 ++-- 2021/21xxx/CVE-2021-21158.json | 8 ++-- 2022/0xxx/CVE-2022-0303.json | 8 ++-- 2022/20xxx/CVE-2022-20128.json | 8 ++-- 2024/13xxx/CVE-2024-13526.json | 18 +++++++ 2024/44xxx/CVE-2024-44092.json | 8 +++- 2025/23xxx/CVE-2025-23208.json | 86 ++++++++++++++++++++++++++++++++-- 9 files changed, 145 insertions(+), 25 deletions(-) create mode 100644 2020/0xxx/CVE-2020-0402.json create mode 100644 2024/13xxx/CVE-2024-13526.json diff --git a/2020/0xxx/CVE-2020-0402.json b/2020/0xxx/CVE-2020-0402.json new file mode 100644 index 00000000000..e4254a40823 --- /dev/null +++ b/2020/0xxx/CVE-2020-0402.json @@ -0,0 +1,18 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2020-0402", + "ASSIGNER": "security@android.com", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ] + } +} \ No newline at end of file diff --git a/2021/0xxx/CVE-2021-0323.json b/2021/0xxx/CVE-2021-0323.json index bd22bfd1958..89da9c4e42f 100644 --- a/2021/0xxx/CVE-2021-0323.json +++ b/2021/0xxx/CVE-2021-0323.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0323", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } diff --git a/2021/0xxx/CVE-2021-0447.json b/2021/0xxx/CVE-2021-0447.json index f00ae41ed11..f07af546873 100644 --- a/2021/0xxx/CVE-2021-0447.json +++ b/2021/0xxx/CVE-2021-0447.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0447", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } diff --git a/2021/21xxx/CVE-2021-21158.json b/2021/21xxx/CVE-2021-21158.json index e4e1d32e3a8..d1c333a2d3d 100644 --- a/2021/21xxx/CVE-2021-21158.json +++ b/2021/21xxx/CVE-2021-21158.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Further investigation determines issue is not within scope of this CNA" } ] } diff --git a/2022/0xxx/CVE-2022-0303.json b/2022/0xxx/CVE-2022-0303.json index bf6497763e6..794e7ffbc02 100644 --- a/2022/0xxx/CVE-2022-0303.json +++ b/2022/0xxx/CVE-2022-0303.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-0303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** Further investigation determines issue is not a vulnerability" } ] } diff --git a/2022/20xxx/CVE-2022-20128.json b/2022/20xxx/CVE-2022-20128.json index de70dc08d2a..3bb355d21c4 100644 --- a/2022/20xxx/CVE-2022-20128.json +++ b/2022/20xxx/CVE-2022-20128.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-20128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } diff --git a/2024/13xxx/CVE-2024-13526.json b/2024/13xxx/CVE-2024-13526.json new file mode 100644 index 00000000000..073cedc859c --- /dev/null +++ b/2024/13xxx/CVE-2024-13526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/44xxx/CVE-2024-44092.json b/2024/44xxx/CVE-2024-44092.json index fda38dd9cc1..2e966a02546 100644 --- a/2024/44xxx/CVE-2024-44092.json +++ b/2024/44xxx/CVE-2024-44092.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + "value": "There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] }, @@ -59,5 +59,11 @@ "name": "https://source.android.com/security/bulletin/pixel/2024-09-01" } ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/23xxx/CVE-2025-23208.json b/2025/23xxx/CVE-2025-23208.json index b5fb7f90400..b44cd4fc7e0 100644 --- a/2025/23xxx/CVE-2025-23208.json +++ b/2025/23xxx/CVE-2025-23208.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the group definitions in the config file, but that wasn't obvious to me if it were the case. Any Zot configuration that relies on group-based authorization will not respect group remove/revocation by an IdP. This issue has been addressed in version 2.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "project-zot", + "product": { + "product_data": [ + { + "product_name": "zot", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/project-zot/zot/security/advisories/GHSA-c9p4-xwr9-rfhx", + "refsource": "MISC", + "name": "https://github.com/project-zot/zot/security/advisories/GHSA-c9p4-xwr9-rfhx" + }, + { + "url": "https://github.com/project-zot/zot/commit/002ac62d8a15bf0cba010b3ba7bde86f9837b613", + "refsource": "MISC", + "name": "https://github.com/project-zot/zot/commit/002ac62d8a15bf0cba010b3ba7bde86f9837b613" + }, + { + "url": "https://github.com/project-zot/zot/blob/5e30fec65c49e3139907e2819ccb39b2e3bd784e/pkg/meta/boltdb/boltdb.go#L1665", + "refsource": "MISC", + "name": "https://github.com/project-zot/zot/blob/5e30fec65c49e3139907e2819ccb39b2e3bd784e/pkg/meta/boltdb/boltdb.go#L1665" + } + ] + }, + "source": { + "advisory": "GHSA-c9p4-xwr9-rfhx", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] }