"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2023-11-17 04:00:33 +00:00 · 2023-11-17 04:00:33 +00:00 · 99c6fe529e
commit 99c6fe529e
parent 8d22994dcd
9 changed files with 268 additions and 0 deletions
--- a/2023/48xxx/CVE-2023-48647.json
+++ b/2023/48xxx/CVE-2023-48647.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-48647",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2023/48xxx/CVE-2023-48648.json
+++ b/2023/48xxx/CVE-2023-48648.json
@ -0,0 +1,72 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2023-48648",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release",
+                "refsource": "MISC",
+                "name": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"
+            },
+            {
+                "url": "https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes",
+                "refsource": "MISC",
+                "name": "https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes"
+            },
+            {
+                "url": "https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes",
+                "refsource": "MISC",
+                "name": "https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes"
+            }
+        ]
+    }
+}
--- a/2023/48xxx/CVE-2023-48649.json
+++ b/2023/48xxx/CVE-2023-48649.json
@ -0,0 +1,96 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2023-48649",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release",
+                "refsource": "MISC",
+                "name": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release"
+            },
+            {
+                "url": "https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes",
+                "refsource": "MISC",
+                "name": "https://documentation.concretecms.org/developers/introduction/version-history/922-release-notes"
+            },
+            {
+                "url": "https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes",
+                "refsource": "MISC",
+                "name": "https://documentation.concretecms.org/developers/introduction/version-history/8513-release-notes"
+            },
+            {
+                "url": "https://github.com/concretecms/concretecms/pull/11695",
+                "refsource": "MISC",
+                "name": "https://github.com/concretecms/concretecms/pull/11695"
+            },
+            {
+                "url": "https://github.com/concretecms/concretecms/pull/11739",
+                "refsource": "MISC",
+                "name": "https://github.com/concretecms/concretecms/pull/11739"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R",
+            "version": "3.1"
+        }
+    }
+}
--- a/2023/48xxx/CVE-2023-48650.json
+++ b/2023/48xxx/CVE-2023-48650.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-48650",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2023/48xxx/CVE-2023-48651.json
+++ b/2023/48xxx/CVE-2023-48651.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-48651",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2023/48xxx/CVE-2023-48652.json
+++ b/2023/48xxx/CVE-2023-48652.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-48652",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2023/48xxx/CVE-2023-48653.json
+++ b/2023/48xxx/CVE-2023-48653.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-48653",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2023/5xxx/CVE-2023-5367.json
+++ b/2023/5xxx/CVE-2023-5367.json
@ -299,6 +299,11 @@
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/",
                "refsource": "MISC",
                "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/"
+            },
+            {
+                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/",
+                "refsource": "MISC",
+                "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/"
            }
        ]
    },
--- a/2023/5xxx/CVE-2023-5380.json
+++ b/2023/5xxx/CVE-2023-5380.json
@ -227,6 +227,11 @@
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/",
                "refsource": "MISC",
                "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/"
+            },
+            {
+                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/",
+                "refsource": "MISC",
+                "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/"
            }
        ]
    },