Updates CWE as per audit

2025-08-04 08:44:25 +00:00 · 2022-07-29 11:17:48 +02:00 · 2022-07-29 11:17:48 +02:00 · 971b992528
commit 971b992528
parent 83b620d0ea
28 changed files with 188 additions and 20 deletions
--- a/2021/24xxx/CVE-2021-24352.json
+++ b/2021/24xxx/CVE-2021-24352.json
@ -66,7 +66,7 @@
      {
        "description": [
          {
-            "value": "CWE-284 Improper Access Control",
+            "value": "CWE-862 Missing Authorization",
            "lang": "eng"
          }
        ]
@ -82,4 +82,4 @@
  "source": {
    "discovery": "UNKNOWN"
  }
-}
+}
--- a/2021/24xxx/CVE-2021-24353.json
+++ b/2021/24xxx/CVE-2021-24353.json
@ -66,7 +66,7 @@
            {
                "description": [
                    {
-                        "value": "CWE-284 Improper Access Control",
+                        "value": "CWE-862 Missing Authorization",
                        "lang": "eng"
                    }
                ]
@ -82,4 +82,4 @@
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}
--- a/2021/24xxx/CVE-2021-24355.json
+++ b/2021/24xxx/CVE-2021-24355.json
@ -66,7 +66,7 @@
            {
                "description": [
                    {
-                        "value": "CWE-284 Improper Access Control",
+                        "value": "CWE-862 Missing Authorization",
                        "lang": "eng"
                    }
                ]
@ -82,4 +82,4 @@
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}
--- a/2021/24xxx/CVE-2021-24356.json
+++ b/2021/24xxx/CVE-2021-24356.json
@ -66,7 +66,7 @@
            {
                "description": [
                    {
-                        "value": "CWE-284 Improper Access Control",
+                        "value": "CWE-862 Missing Authorization",
                        "lang": "eng"
                    }
                ]
@ -82,4 +82,4 @@
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}
--- a/2021/24xxx/CVE-2021-24374.json
+++ b/2021/24xxx/CVE-2021-24374.json
@ -61,7 +61,7 @@
      {
        "description": [
          {
-            "value": "CWE-668 Exposure of Resource to Wrong Sphere",
+            "value": "CWE-639 Authorization Bypass Through User-Controlled Key",
            "lang": "eng"
          }
        ]
--- a/2021/24xxx/CVE-2021-24388.json
+++ b/2021/24xxx/CVE-2021-24388.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24431.json
+++ b/2021/24xxx/CVE-2021-24431.json
@ -53,6 +53,14 @@
  },
  "problemtype": {
    "problemtype_data": [
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
+      },
      {
        "description": [
          {
--- a/2021/24xxx/CVE-2021-24434.json
+++ b/2021/24xxx/CVE-2021-24434.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
@ -72,4 +80,4 @@
  "source": {
    "discovery": "UNKNOWN"
  }
-}
+}
--- a/2021/24xxx/CVE-2021-24467.json
+++ b/2021/24xxx/CVE-2021-24467.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24487.json
+++ b/2021/24xxx/CVE-2021-24487.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24504.json
+++ b/2021/24xxx/CVE-2021-24504.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24543.json
+++ b/2021/24xxx/CVE-2021-24543.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24555.json
+++ b/2021/24xxx/CVE-2021-24555.json
@ -65,6 +65,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
@ -77,4 +85,4 @@
  "source": {
    "discovery": "UNKNOWN"
  }
-}
+}
--- a/2021/24xxx/CVE-2021-24570.json
+++ b/2021/24xxx/CVE-2021-24570.json
@ -65,6 +65,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
@ -77,4 +85,4 @@
  "source": {
    "discovery": "EXTERNAL"
  }
-}
+}
--- a/2021/24xxx/CVE-2021-24581.json
+++ b/2021/24xxx/CVE-2021-24581.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24584.json
+++ b/2021/24xxx/CVE-2021-24584.json
@ -56,7 +56,15 @@
      {
        "description": [
          {
-            "value": "CWE-284 Improper Access Control",
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
            "lang": "eng"
          }
        ]
--- a/2021/24xxx/CVE-2021-24586.json
+++ b/2021/24xxx/CVE-2021-24586.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24595.json
+++ b/2021/24xxx/CVE-2021-24595.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24615.json
+++ b/2021/24xxx/CVE-2021-24615.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24618.json
+++ b/2021/24xxx/CVE-2021-24618.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24626.json
+++ b/2021/24xxx/CVE-2021-24626.json
@ -65,6 +65,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
@ -77,4 +85,4 @@
  "source": {
    "discovery": "EXTERNAL"
  }
-}
+}
--- a/2021/24xxx/CVE-2021-24639.json
+++ b/2021/24xxx/CVE-2021-24639.json
@ -56,7 +56,7 @@
      {
        "description": [
          {
-            "value": "CWE-284 Improper Access Control",
+            "value": "CWE-862 Missing Authorization",
            "lang": "eng"
          }
        ]
--- a/2021/24xxx/CVE-2021-24642.json
+++ b/2021/24xxx/CVE-2021-24642.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24651.json
+++ b/2021/24xxx/CVE-2021-24651.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-203 Observable Discrepancy",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24683.json
+++ b/2021/24xxx/CVE-2021-24683.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24685.json
+++ b/2021/24xxx/CVE-2021-24685.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-79 Cross-site Scripting (XSS)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
@ -72,4 +80,4 @@
  "source": {
    "discovery": "EXTERNAL"
  }
-}
+}
--- a/2021/24xxx/CVE-2021-24695.json
+++ b/2021/24xxx/CVE-2021-24695.json
@ -56,7 +56,7 @@
      {
        "description": [
          {
-            "value": "CWE-200 Information Exposure",
+            "value": "CWE-425 Direct Request ('Forced Browsing')",
            "lang": "eng"
          }
        ]
@ -72,4 +72,4 @@
  "source": {
    "discovery": "EXTERNAL"
  }
-}
+}
--- a/2021/24xxx/CVE-2021-24730.json
+++ b/2021/24xxx/CVE-2021-24730.json
@ -56,7 +56,15 @@
      {
        "description": [
          {
-            "value": "CWE-284 Improper Access Control",
+            "value": "CWE-862 Missing Authorization",
+            "lang": "eng"
+          }
+        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
            "lang": "eng"
          }
        ]
@ -72,4 +80,4 @@
  "source": {
    "discovery": "EXTERNAL"
  }
-}
+}