diff --git a/2024/3xxx/CVE-2024-3727.json b/2024/3xxx/CVE-2024-3727.json index d9c30401a61..0fc3af38883 100644 --- a/2024/3xxx/CVE-2024-3727.json +++ b/2024/3xxx/CVE-2024-3727.json @@ -224,6 +224,195 @@ ] } }, + { + "product_name": "Red Hat Advanced Cluster Security 4.5", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "4.5.2-2", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8", "version": { @@ -332,7 +521,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "4:4.9.4-5.1.rhaos4.16.el8", + "version": "4:4.9.4-5.1.rhaos4.16.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -346,7 +535,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "2:1.14.4-1.rhaos4.16.el9", + "version": "2:1.14.4-1.rhaos4.16.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -360,7 +549,7 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el9", + "version": "0:1.29.5-7.rhaos4.16.git7db4ada.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected" @@ -1081,6 +1270,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:6054" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:6708", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:6708" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-3727", "refsource": "MISC", diff --git a/2024/4xxx/CVE-2024-4283.json b/2024/4xxx/CVE-2024-4283.json index 9297baeed47..5113633019a 100644 --- a/2024/4xxx/CVE-2024-4283.json +++ b/2024/4xxx/CVE-2024-4283.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "11.1", + "version_value": "17.1.7" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2.5" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458502", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/458502" + }, + { + "url": "https://hackerone.com/reports/2474286", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2474286" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 17.1.7, 17.2.5, 17.3.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/6xxx/CVE-2024-6685.json b/2024/6xxx/CVE-2024-6685.json index f2fc5c57b85..f7ef0d1f48d 100644 --- a/2024/6xxx/CVE-2024-6685.json +++ b/2024/6xxx/CVE-2024-6685.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639: Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.7", + "version_value": "17.1.7" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/472012", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/472012" + }, + { + "url": "https://hackerone.com/reports/2584372", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2584372" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 17.3.2, 17.2.5, 17.1.7 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" } ] } diff --git a/2024/8xxx/CVE-2024-8913.json b/2024/8xxx/CVE-2024-8913.json new file mode 100644 index 00000000000..63aa767949b --- /dev/null +++ b/2024/8xxx/CVE-2024-8913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8914.json b/2024/8xxx/CVE-2024-8914.json new file mode 100644 index 00000000000..dbc35dde899 --- /dev/null +++ b/2024/8xxx/CVE-2024-8914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8915.json b/2024/8xxx/CVE-2024-8915.json new file mode 100644 index 00000000000..0d960c1695f --- /dev/null +++ b/2024/8xxx/CVE-2024-8915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8916.json b/2024/8xxx/CVE-2024-8916.json new file mode 100644 index 00000000000..66e0f787790 --- /dev/null +++ b/2024/8xxx/CVE-2024-8916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/8xxx/CVE-2024-8917.json b/2024/8xxx/CVE-2024-8917.json new file mode 100644 index 00000000000..dea3fa40b63 --- /dev/null +++ b/2024/8xxx/CVE-2024-8917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-8917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file