admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-03-22 19:00:35 +00:00
parent 9b1735efb2
commit 954b1f729d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 367 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
2023/0xxx/CVE-2023-0870.json
View File

@ -1,17 +1,160 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0870",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@opennms.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The OpenNMS Group ",
"product": {
"product_data": [
{
"product_name": "Meridian",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2020.1.0",
"version_value": "2020.1.33"
},
{
"version_affected": "<",
"version_name": "2021.1.0 ",
"version_value": "2021.1.25"
},
{
"version_affected": "<",
"version_name": "2022.1.0",
"version_value": "2022.1.14"
},
{
"version_affected": "<",
"version_name": "2023.1.0",
"version_value": "2023.1.1"
}
]
}
}
]
}
},
{
"vendor_name": "The OpenNMS Group",
"product": {
"product_data": [
{
"product_name": "Horizon",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unaffected",
"version": "31.0.6"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OpenNMS/opennms/pull/5835/files",
"refsource": "MISC",
"name": "https://github.com/OpenNMS/opennms/pull/5835/files"
},
{
"url": "https://docs.opennms.com/meridian/2023/releasenotes/changelog.html#releasenotes-changelog-Meridian-2023.1.1",
"refsource": "MISC",
"name": "https://docs.opennms.com/meridian/2023/releasenotes/changelog.html#releasenotes-changelog-Meridian-2023.1.1"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.<br>"
}
],
"value": "Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. <br>"
}
],
"value": "Upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. \n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}

18
2023/1xxx/CVE-2023-1583.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1583",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

110
2023/25xxx/CVE-2023-25820.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25820",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud Enterprise Server versions 25.0.x prior to 25.0.4, 24.0.x prior to 24.0.10, 23.0.x prior to 23.0.12.5, 22.x prior to 22.2.0.10, and 21.x prior to 21.0.9.10, when an attacker gets access to an already logged in user session they can then brute force the password on the confirmation endpoint. Nextcloud Server should upgraded to 24.0.10 or 25.0.4 and Nextcloud Enterprise Server should upgraded to 21.0.9.10, 22.2.10.10, 23.0.12.5, 24.0.10, or 25.0.4 to receive a patch. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"cweId": "CWE-307"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nextcloud",
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Nextcloud Server >= 24.0.0, < 24.0.10"
},
{
"version_affected": "=",
"version_value": "Nextcloud Server >= 25.0.0, < 25.0.4"
},
{
"version_affected": "=",
"version_value": "Nextcloud Enterprise Server >= 25.0.0, < 25.0.4"
},
{
"version_affected": "=",
"version_value": "Nextcloud Enterprise Server >= 24.0.0, < 24.0.10"
},
{
"version_affected": "=",
"version_value": "Nextcloud Enterprise Server >= 23.0.0, < 23.0.12.5"
},
{
"version_affected": "=",
"version_value": "Nextcloud Enterprise Server >= 22.0.0, < 22.2.10.10"
},
{
"version_affected": "=",
"version_value": "Nextcloud Enterprise Server >= 21.0.0, < 21.0.9.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36g6-wjx2-333x",
"refsource": "MISC",
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-36g6-wjx2-333x"
},
{
"url": "https://github.com/nextcloud/server/pull/36489",
"refsource": "MISC",
"name": "https://github.com/nextcloud/server/pull/36489"
},
{
"url": "https://hackerone.com/reports/1842114",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1842114"
}
]
},
"source": {
"advisory": "GHSA-36g6-wjx2-333x",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

100
2023/28xxx/CVE-2023-28114.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28114",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "`cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,`cilium-cli`, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the `etcd` store used to mirror local cluster information to remote clusters. Users who have set up cluster meshes using the Cilium Helm chart are not affected by this issue. Due to an incorrect mount point specification, the settings specified by the `initContainer` that configures `etcd` users and their permissions are overwritten when using `cilium-cli` to configure a cluster mesh. An attacker who has already gained access to a valid key and certificate for an `etcd` cluster compromised in this manner could then modify state in that `etcd` cluster. This issue is patched in `cilium-cli` 0.13.2. As a workaround, one may use Cilium's Helm charts to create their cluster."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ",
"cweId": "CWE-280"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-755: Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cilium",
"product": {
"product_data": [
{
"product_name": "cilium-cli",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.13.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cilium/cilium-cli/security/advisories/GHSA-6f27-3p6c-p5jc",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium-cli/security/advisories/GHSA-6f27-3p6c-p5jc"
},
{
"url": "https://github.com/cilium/cilium-cli/commit/fb1427025764e1eebc4a7710d902c4f22cae2610",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium-cli/commit/fb1427025764e1eebc4a7710d902c4f22cae2610"
},
{
"url": "https://artifacthub.io/packages/helm/cilium/cilium",
"refsource": "MISC",
"name": "https://artifacthub.io/packages/helm/cilium/cilium"
},
{
"url": "https://github.com/cilium/cilium-cli/releases/tag/v0.13.2",
"refsource": "MISC",
"name": "https://github.com/cilium/cilium-cli/releases/tag/v0.13.2"
}
]
},
"source": {
"advisory": "GHSA-6f27-3p6c-p5jc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}