From 98bf270b9c978d64bc59e8d706e8db6118ea2300 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 30 Jan 2024 22:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/7xxx/CVE-2018-7550.json | 5 ++ 2021/3xxx/CVE-2021-3156.json | 10 ++++ 2022/39xxx/CVE-2022-39046.json | 10 ++++ 2023/51xxx/CVE-2023-51197.json | 56 +++++++++++++++++--- 2023/51xxx/CVE-2023-51198.json | 56 +++++++++++++++++--- 2023/51xxx/CVE-2023-51202.json | 56 +++++++++++++++++--- 2023/51xxx/CVE-2023-51204.json | 56 +++++++++++++++++--- 2023/6xxx/CVE-2023-6816.json | 26 ++++++++++ 2024/1xxx/CVE-2024-1059.json | 59 +++++++++++++++++++-- 2024/1xxx/CVE-2024-1060.json | 59 +++++++++++++++++++-- 2024/1xxx/CVE-2024-1077.json | 59 +++++++++++++++++++-- 2024/1xxx/CVE-2024-1090.json | 18 +++++++ 2024/1xxx/CVE-2024-1091.json | 18 +++++++ 2024/1xxx/CVE-2024-1092.json | 18 +++++++ 2024/21xxx/CVE-2024-21735.json | 4 +- 2024/23xxx/CVE-2024-23834.json | 95 ++++++++++++++++++++++++++++++++-- 16 files changed, 563 insertions(+), 42 deletions(-) create mode 100644 2024/1xxx/CVE-2024-1090.json create mode 100644 2024/1xxx/CVE-2024-1091.json create mode 100644 2024/1xxx/CVE-2024-1092.json diff --git a/2018/7xxx/CVE-2018-7550.json b/2018/7xxx/CVE-2018-7550.json index 572cf304979..75205d766fa 100644 --- a/2018/7xxx/CVE-2018-7550.json +++ b/2018/7xxx/CVE-2018-7550.json @@ -101,6 +101,11 @@ "name": "RHSA-2018:2462", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2462" + }, + { + "refsource": "MISC", + "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53", + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53" } ] } diff --git a/2021/3xxx/CVE-2021-3156.json b/2021/3xxx/CVE-2021-3156.json index 08cfb0ab38b..2df3f78377a 100644 --- a/2021/3xxx/CVE-2021-3156.json +++ b/2021/3xxx/CVE-2021-3156.json @@ -196,6 +196,16 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", + "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", + "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6" } ] } diff --git a/2022/39xxx/CVE-2022-39046.json b/2022/39xxx/CVE-2022-39046.json index 6e38b131aba..4d2a3ed052a 100644 --- a/2022/39xxx/CVE-2022-39046.json +++ b/2022/39xxx/CVE-2022-39046.json @@ -66,6 +66,16 @@ "refsource": "GENTOO", "name": "GLSA-202310-03", "url": "https://security.gentoo.org/glsa/202310-03" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", + "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", + "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6" } ] }, diff --git a/2023/51xxx/CVE-2023-51197.json b/2023/51xxx/CVE-2023-51197.json index 56695a53189..93aa268e7d8 100644 --- a/2023/51xxx/CVE-2023-51197.json +++ b/2023/51xxx/CVE-2023-51197.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51197", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51197", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue discovered in shell command execution in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows an attacker to run arbitrary commands and cause other impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/16yashpatel/CVE-2023-51197", + "url": "https://github.com/16yashpatel/CVE-2023-51197" } ] } diff --git a/2023/51xxx/CVE-2023-51198.json b/2023/51xxx/CVE-2023-51198.json index 06699f19669..c6b08a2e8f4 100644 --- a/2023/51xxx/CVE-2023-51198.json +++ b/2023/51xxx/CVE-2023-51198.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51198", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51198", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the permission and access control components within ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to gain escalate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/16yashpatel/CVE-2023-51198", + "url": "https://github.com/16yashpatel/CVE-2023-51198" } ] } diff --git a/2023/51xxx/CVE-2023-51202.json b/2023/51xxx/CVE-2023-51202.json index 074dd06854f..686d30fd759 100644 --- a/2023/51xxx/CVE-2023-51202.json +++ b/2023/51xxx/CVE-2023-51202.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51202", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51202", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerability in command processing or system call componentsROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/16yashpatel/CVE-2023-51202", + "url": "https://github.com/16yashpatel/CVE-2023-51202" } ] } diff --git a/2023/51xxx/CVE-2023-51204.json b/2023/51xxx/CVE-2023-51204.json index 346192e7e3c..330d1992512 100644 --- a/2023/51xxx/CVE-2023-51204.json +++ b/2023/51xxx/CVE-2023-51204.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51204", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51204", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary code via a crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/16yashpatel/CVE-2023-51204", + "url": "https://github.com/16yashpatel/CVE-2023-51204" } ] } diff --git a/2023/6xxx/CVE-2023-6816.json b/2023/6xxx/CVE-2023-6816.json index c915026c09f..858d0c6a754 100644 --- a/2023/6xxx/CVE-2023-6816.json +++ b/2023/6xxx/CVE-2023-6816.json @@ -201,6 +201,27 @@ ] } }, + { + "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "0:1.12.0-6.el8_6.9", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "version": { @@ -364,6 +385,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:0614" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0621", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:0621" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6816", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1059.json b/2024/1xxx/CVE-2024-1059.json index 5a41fc1d2b0..fad4d1d1444 100644 --- a/2024/1xxx/CVE-2024-1059.json +++ b/2024/1xxx/CVE-2024-1059.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "121.0.6167.139", + "version_value": "121.0.6167.139" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html" + }, + { + "url": "https://crbug.com/1514777", + "refsource": "MISC", + "name": "https://crbug.com/1514777" } ] } diff --git a/2024/1xxx/CVE-2024-1060.json b/2024/1xxx/CVE-2024-1060.json index b4fabb9534a..7566b42675d 100644 --- a/2024/1xxx/CVE-2024-1060.json +++ b/2024/1xxx/CVE-2024-1060.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "121.0.6167.139", + "version_value": "121.0.6167.139" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html" + }, + { + "url": "https://crbug.com/1511567", + "refsource": "MISC", + "name": "https://crbug.com/1511567" } ] } diff --git a/2024/1xxx/CVE-2024-1077.json b/2024/1xxx/CVE-2024-1077.json index 2336b19086e..9f35d53bfd3 100644 --- a/2024/1xxx/CVE-2024-1077.json +++ b/2024/1xxx/CVE-2024-1077.json @@ -1,17 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1077", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "121.0.6167.139", + "version_value": "121.0.6167.139" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html" + }, + { + "url": "https://crbug.com/1511085", + "refsource": "MISC", + "name": "https://crbug.com/1511085" } ] } diff --git a/2024/1xxx/CVE-2024-1090.json b/2024/1xxx/CVE-2024-1090.json new file mode 100644 index 00000000000..6cd75c8b522 --- /dev/null +++ b/2024/1xxx/CVE-2024-1090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1091.json b/2024/1xxx/CVE-2024-1091.json new file mode 100644 index 00000000000..4a89e09f6d3 --- /dev/null +++ b/2024/1xxx/CVE-2024-1091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/1xxx/CVE-2024-1092.json b/2024/1xxx/CVE-2024-1092.json new file mode 100644 index 00000000000..0cec3777a87 --- /dev/null +++ b/2024/1xxx/CVE-2024-1092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/21xxx/CVE-2024-21735.json b/2024/21xxx/CVE-2024-21735.json index b6f1541fa20..12852d58748 100644 --- a/2024/21xxx/CVE-2024-21735.json +++ b/2024/21xxx/CVE-2024-21735.json @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-285: Improper Authorization", - "cweId": "CWE-285" + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" } ] } diff --git a/2024/23xxx/CVE-2024-23834.json b/2024/23xxx/CVE-2024-23834.json index 50683a251b6..0c5aa906898 100644 --- a/2024/23xxx/CVE-2024-23834.json +++ b/2024/23xxx/CVE-2024-23834.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.1.5" + }, + { + "version_affected": "=", + "version_value": ">= 3.2.0.beta1, < 3.2.0.beta5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc" + }, + { + "url": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000" + }, + { + "url": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094", + "refsource": "MISC", + "name": "https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094" + }, + { + "url": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093", + "refsource": "MISC", + "name": "https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093" + } + ] + }, + "source": { + "advisory": "GHSA-rj3g-8q6p-63pc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] }