From 971b9925284eb9007a23e12efe3d2a14c1c12521 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Fri, 29 Jul 2022 11:17:48 +0200 Subject: [PATCH] Updates CWE as per audit --- 2021/24xxx/CVE-2021-24352.json | 4 ++-- 2021/24xxx/CVE-2021-24353.json | 4 ++-- 2021/24xxx/CVE-2021-24355.json | 4 ++-- 2021/24xxx/CVE-2021-24356.json | 4 ++-- 2021/24xxx/CVE-2021-24374.json | 2 +- 2021/24xxx/CVE-2021-24388.json | 8 ++++++++ 2021/24xxx/CVE-2021-24431.json | 8 ++++++++ 2021/24xxx/CVE-2021-24434.json | 10 +++++++++- 2021/24xxx/CVE-2021-24467.json | 8 ++++++++ 2021/24xxx/CVE-2021-24487.json | 8 ++++++++ 2021/24xxx/CVE-2021-24504.json | 8 ++++++++ 2021/24xxx/CVE-2021-24543.json | 8 ++++++++ 2021/24xxx/CVE-2021-24555.json | 10 +++++++++- 2021/24xxx/CVE-2021-24570.json | 10 +++++++++- 2021/24xxx/CVE-2021-24581.json | 8 ++++++++ 2021/24xxx/CVE-2021-24584.json | 10 +++++++++- 2021/24xxx/CVE-2021-24586.json | 8 ++++++++ 2021/24xxx/CVE-2021-24595.json | 8 ++++++++ 2021/24xxx/CVE-2021-24615.json | 8 ++++++++ 2021/24xxx/CVE-2021-24618.json | 8 ++++++++ 2021/24xxx/CVE-2021-24626.json | 10 +++++++++- 2021/24xxx/CVE-2021-24639.json | 2 +- 2021/24xxx/CVE-2021-24642.json | 8 ++++++++ 2021/24xxx/CVE-2021-24651.json | 8 ++++++++ 2021/24xxx/CVE-2021-24683.json | 8 ++++++++ 2021/24xxx/CVE-2021-24685.json | 10 +++++++++- 2021/24xxx/CVE-2021-24695.json | 4 ++-- 2021/24xxx/CVE-2021-24730.json | 12 ++++++++++-- 28 files changed, 188 insertions(+), 20 deletions(-) diff --git a/2021/24xxx/CVE-2021-24352.json b/2021/24xxx/CVE-2021-24352.json index d8eded37f5f..ce3ec680a21 100644 --- a/2021/24xxx/CVE-2021-24352.json +++ b/2021/24xxx/CVE-2021-24352.json @@ -66,7 +66,7 @@ { "description": [ { - "value": "CWE-284 Improper Access Control", + "value": "CWE-862 Missing Authorization", "lang": "eng" } ] @@ -82,4 +82,4 @@ "source": { "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24353.json b/2021/24xxx/CVE-2021-24353.json index e23362dfd8d..1aff04bd4be 100644 --- a/2021/24xxx/CVE-2021-24353.json +++ b/2021/24xxx/CVE-2021-24353.json @@ -66,7 +66,7 @@ { "description": [ { - "value": "CWE-284 Improper Access Control", + "value": "CWE-862 Missing Authorization", "lang": "eng" } ] @@ -82,4 +82,4 @@ "source": { "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24355.json b/2021/24xxx/CVE-2021-24355.json index 3f7cd7e651f..fb4b4954596 100644 --- a/2021/24xxx/CVE-2021-24355.json +++ b/2021/24xxx/CVE-2021-24355.json @@ -66,7 +66,7 @@ { "description": [ { - "value": "CWE-284 Improper Access Control", + "value": "CWE-862 Missing Authorization", "lang": "eng" } ] @@ -82,4 +82,4 @@ "source": { "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24356.json b/2021/24xxx/CVE-2021-24356.json index 3c03bb9f452..bf645af7777 100644 --- a/2021/24xxx/CVE-2021-24356.json +++ b/2021/24xxx/CVE-2021-24356.json @@ -66,7 +66,7 @@ { "description": [ { - "value": "CWE-284 Improper Access Control", + "value": "CWE-862 Missing Authorization", "lang": "eng" } ] @@ -82,4 +82,4 @@ "source": { "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24374.json b/2021/24xxx/CVE-2021-24374.json index 48d846c5c3f..40da7e79265 100644 --- a/2021/24xxx/CVE-2021-24374.json +++ b/2021/24xxx/CVE-2021-24374.json @@ -61,7 +61,7 @@ { "description": [ { - "value": "CWE-668 Exposure of Resource to Wrong Sphere", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "eng" } ] diff --git a/2021/24xxx/CVE-2021-24388.json b/2021/24xxx/CVE-2021-24388.json index 6c30cded8fa..af8fb8af5ac 100644 --- a/2021/24xxx/CVE-2021-24388.json +++ b/2021/24xxx/CVE-2021-24388.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24431.json b/2021/24xxx/CVE-2021-24431.json index d454aad07d0..ba313646741 100644 --- a/2021/24xxx/CVE-2021-24431.json +++ b/2021/24xxx/CVE-2021-24431.json @@ -53,6 +53,14 @@ }, "problemtype": { "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + }, { "description": [ { diff --git a/2021/24xxx/CVE-2021-24434.json b/2021/24xxx/CVE-2021-24434.json index b303a7ab652..21cb22daa1c 100644 --- a/2021/24xxx/CVE-2021-24434.json +++ b/2021/24xxx/CVE-2021-24434.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] } ] }, @@ -72,4 +80,4 @@ "source": { "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24467.json b/2021/24xxx/CVE-2021-24467.json index 32d209b60f5..f7aa9c65009 100644 --- a/2021/24xxx/CVE-2021-24467.json +++ b/2021/24xxx/CVE-2021-24467.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24487.json b/2021/24xxx/CVE-2021-24487.json index 03b465c712f..73630e9efaf 100644 --- a/2021/24xxx/CVE-2021-24487.json +++ b/2021/24xxx/CVE-2021-24487.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24504.json b/2021/24xxx/CVE-2021-24504.json index 845ce1eadea..7de8f5a071c 100644 --- a/2021/24xxx/CVE-2021-24504.json +++ b/2021/24xxx/CVE-2021-24504.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24543.json b/2021/24xxx/CVE-2021-24543.json index b9eaa20efce..c29585da605 100644 --- a/2021/24xxx/CVE-2021-24543.json +++ b/2021/24xxx/CVE-2021-24543.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24555.json b/2021/24xxx/CVE-2021-24555.json index b6ec3475000..e76643f72a8 100644 --- a/2021/24xxx/CVE-2021-24555.json +++ b/2021/24xxx/CVE-2021-24555.json @@ -65,6 +65,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] } ] }, @@ -77,4 +85,4 @@ "source": { "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24570.json b/2021/24xxx/CVE-2021-24570.json index 4fe578ac991..f21367e3be0 100644 --- a/2021/24xxx/CVE-2021-24570.json +++ b/2021/24xxx/CVE-2021-24570.json @@ -65,6 +65,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, @@ -77,4 +85,4 @@ "source": { "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24581.json b/2021/24xxx/CVE-2021-24581.json index 38bfa06c9bd..ab4ff336c82 100644 --- a/2021/24xxx/CVE-2021-24581.json +++ b/2021/24xxx/CVE-2021-24581.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24584.json b/2021/24xxx/CVE-2021-24584.json index b5f172fe4d5..6b602ce64f7 100644 --- a/2021/24xxx/CVE-2021-24584.json +++ b/2021/24xxx/CVE-2021-24584.json @@ -56,7 +56,15 @@ { "description": [ { - "value": "CWE-284 Improper Access Control", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", "lang": "eng" } ] diff --git a/2021/24xxx/CVE-2021-24586.json b/2021/24xxx/CVE-2021-24586.json index a530e8b003f..b80696fe413 100644 --- a/2021/24xxx/CVE-2021-24586.json +++ b/2021/24xxx/CVE-2021-24586.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24595.json b/2021/24xxx/CVE-2021-24595.json index 0526ad737db..0455975981d 100644 --- a/2021/24xxx/CVE-2021-24595.json +++ b/2021/24xxx/CVE-2021-24595.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24615.json b/2021/24xxx/CVE-2021-24615.json index 6b0f4c44af9..2bced42f854 100644 --- a/2021/24xxx/CVE-2021-24615.json +++ b/2021/24xxx/CVE-2021-24615.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24618.json b/2021/24xxx/CVE-2021-24618.json index 4660725827a..ad88b2892df 100644 --- a/2021/24xxx/CVE-2021-24618.json +++ b/2021/24xxx/CVE-2021-24618.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24626.json b/2021/24xxx/CVE-2021-24626.json index c9cdc1b1fb8..df0de08b674 100644 --- a/2021/24xxx/CVE-2021-24626.json +++ b/2021/24xxx/CVE-2021-24626.json @@ -65,6 +65,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] } ] }, @@ -77,4 +85,4 @@ "source": { "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24639.json b/2021/24xxx/CVE-2021-24639.json index b175e74aacb..240e88fb08c 100644 --- a/2021/24xxx/CVE-2021-24639.json +++ b/2021/24xxx/CVE-2021-24639.json @@ -56,7 +56,7 @@ { "description": [ { - "value": "CWE-284 Improper Access Control", + "value": "CWE-862 Missing Authorization", "lang": "eng" } ] diff --git a/2021/24xxx/CVE-2021-24642.json b/2021/24xxx/CVE-2021-24642.json index 2509be390b8..29e7eb0554a 100644 --- a/2021/24xxx/CVE-2021-24642.json +++ b/2021/24xxx/CVE-2021-24642.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24651.json b/2021/24xxx/CVE-2021-24651.json index 604070ad61f..6fb5060b71a 100644 --- a/2021/24xxx/CVE-2021-24651.json +++ b/2021/24xxx/CVE-2021-24651.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-203 Observable Discrepancy", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24683.json b/2021/24xxx/CVE-2021-24683.json index b55c0e2a2c4..c43167b3fed 100644 --- a/2021/24xxx/CVE-2021-24683.json +++ b/2021/24xxx/CVE-2021-24683.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, diff --git a/2021/24xxx/CVE-2021-24685.json b/2021/24xxx/CVE-2021-24685.json index 4c3b057eb58..cfad3284fe7 100644 --- a/2021/24xxx/CVE-2021-24685.json +++ b/2021/24xxx/CVE-2021-24685.json @@ -60,6 +60,14 @@ "lang": "eng" } ] + }, + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] } ] }, @@ -72,4 +80,4 @@ "source": { "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24695.json b/2021/24xxx/CVE-2021-24695.json index b21814ba1aa..8bfb517bef0 100644 --- a/2021/24xxx/CVE-2021-24695.json +++ b/2021/24xxx/CVE-2021-24695.json @@ -56,7 +56,7 @@ { "description": [ { - "value": "CWE-200 Information Exposure", + "value": "CWE-425 Direct Request ('Forced Browsing')", "lang": "eng" } ] @@ -72,4 +72,4 @@ "source": { "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24730.json b/2021/24xxx/CVE-2021-24730.json index 5751048f68e..7dbd00c1307 100644 --- a/2021/24xxx/CVE-2021-24730.json +++ b/2021/24xxx/CVE-2021-24730.json @@ -56,7 +56,15 @@ { "description": [ { - "value": "CWE-284 Improper Access Control", + "value": "CWE-862 Missing Authorization", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "eng" } ] @@ -72,4 +80,4 @@ "source": { "discovery": "EXTERNAL" } -} \ No newline at end of file +}