diff --git a/2022/23xxx/CVE-2022-23223.json b/2022/23xxx/CVE-2022-23223.json index 6220c472888..e29fafa45ec 100644 --- a/2022/23xxx/CVE-2022-23223.json +++ b/2022/23xxx/CVE-2022-23223.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@apache.org", "ID": "CVE-2022-23223", - "STATE": "PUBLIC", - "TITLE": "Apache ShenYu Password leakage" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522 Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Apache Software Foundation", "product": { "product_data": [ { @@ -24,60 +48,33 @@ } } ] - }, - "vendor_name": "Apache Software Foundation" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "references": { + "reference_data": [ { - "lang": "eng", - "value": "The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1." + "url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2022/01/25/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/25/7" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2022/01/26/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2022/01/26/4" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, - "impact": [ - {} - ], - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-522 Insufficiently Protected Credentials" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s", - "name": "https://lists.apache.org/thread/q2gg6ny6lpkph7nkrvjzqdvqpm805v8s" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20220125 CVE-2022-23223: Password leakage in Apache ShenYu", - "url": "http://www.openwall.com/lists/oss-security/2022/01/25/7" - }, - { - "refsource": "MLIST", - "name": "[oss-security] 20220126 CVE-2022-23223: Apache ShenYu (incubating) Password leakage", - "url": "http://www.openwall.com/lists/oss-security/2022/01/26/4" - } - ] - }, "source": { "discovery": "UNKNOWN" } diff --git a/2023/39xxx/CVE-2023-39410.json b/2023/39xxx/CVE-2023-39410.json index e7b68cb8786..5ace9083245 100644 --- a/2023/39xxx/CVE-2023-39410.json +++ b/2023/39xxx/CVE-2023-39410.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation", - "cweId": "CWE-20" + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" } ] } @@ -61,9 +61,9 @@ "name": "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds" }, { - "url": "http://www.openwall.com/lists/oss-security/2023/09/29/6", + "url": "https://www.openwall.com/lists/oss-security/2023/09/29/6", "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2023/09/29/6" + "name": "https://www.openwall.com/lists/oss-security/2023/09/29/6" } ] }, diff --git a/2023/44xxx/CVE-2023-44272.json b/2023/44xxx/CVE-2023-44272.json index 028a23b14b8..83d5d1d5359 100644 --- a/2023/44xxx/CVE-2023-44272.json +++ b/2023/44xxx/CVE-2023-44272.json @@ -1,17 +1,77 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Citadel", + "product": { + "product_data": [ + { + "product_name": "Citadel", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "prior to 994" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.citadel.org/download.html", + "refsource": "MISC", + "name": "https://www.citadel.org/download.html" + }, + { + "url": "https://code.citadel.org/citadel/citadel", + "refsource": "MISC", + "name": "https://code.citadel.org/citadel/citadel" + }, + { + "url": "https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e", + "refsource": "MISC", + "name": "https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e" + }, + { + "url": "https://jvn.jp/en/jp/JVN08237727/", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN08237727/" } ] } diff --git a/2023/4xxx/CVE-2023-4540.json b/2023/4xxx/CVE-2023-4540.json index 6a0a450ba96..2b796373cdf 100644 --- a/2023/4xxx/CVE-2023-4540.json +++ b/2023/4xxx/CVE-2023-4540.json @@ -64,6 +64,11 @@ "url": "https://cert.pl/posts/2023/09/CVE-2023-4540/", "refsource": "MISC", "name": "https://cert.pl/posts/2023/09/CVE-2023-4540/" + }, + { + "url": "https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/", + "refsource": "MISC", + "name": "https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/" } ] }, diff --git a/2023/5xxx/CVE-2023-5375.json b/2023/5xxx/CVE-2023-5375.json new file mode 100644 index 00000000000..46e630326d9 --- /dev/null +++ b/2023/5xxx/CVE-2023-5375.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-5375", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601 URL Redirection to Untrusted Site", + "cweId": "CWE-601" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mosparo", + "product": { + "product_data": [ + { + "product_name": "mosparo/mosparo", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/3fa2abde-cb58-45a3-a115-1727ece9acb9", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/3fa2abde-cb58-45a3-a115-1727ece9acb9" + }, + { + "url": "https://github.com/mosparo/mosparo/commit/9d5da367b78b8c883bfef5f332ffea26292f99e8", + "refsource": "MISC", + "name": "https://github.com/mosparo/mosparo/commit/9d5da367b78b8c883bfef5f332ffea26292f99e8" + } + ] + }, + "source": { + "advisory": "3fa2abde-cb58-45a3-a115-1727ece9acb9", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file