admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-28 14:05:16 -05:00
parent 60d9c77be6
commit 9a0677de1e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 224 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
2017/6xxx/CVE-2017-6922.json
View File

@ -1,100 +1,115 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-6922",
"ASSIGNER": "mlhess@drupal.org",
"DATE_PUBLIC": "",
"TITLE": "Files uploaded by anonymous users into a private file system can be accessed by other anonymous users",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "SA-CORE-2017-003",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "Drupal Core",
"version": {
"version_data": [
{
"version_name": "Drupal 8 ",
"affected": "<",
"version_value": "8.3.3",
"platform": ""
},
{
"version_name": "Drupal 7 ",
"affected": "<",
"version_value": "7.55",
"platform": ""
}
"CVE_data_meta" : {
"AKA" : "",
"ASSIGNER" : "mlhess@drupal.org",
"DATE_PUBLIC" : "",
"ID" : "CVE-2017-6922",
"STATE" : "PUBLIC",
"TITLE" : "Files uploaded by anonymous users into a private file system can be accessed by other anonymous users"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Drupal Core",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "",
"version_name" : "Drupal 8 ",
"version_value" : "8.3.3"
},
{
"affected" : "<",
"platform" : "",
"version_name" : "Drupal 7 ",
"version_value" : "7.55"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "Drupal"
}
]
}
},
"configuration" : [],
"credit" : [],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system."
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core before 7.56 and 8.x before 8.3.4 did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system."
},
"exploit" : [],
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "PHYSICAL",
"availabilityImpact" : "NONE",
"baseScore" : 0,
"baseSeverity" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
"version" : "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple",
"name": "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.0",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
"baseScore": 0,
"baseSeverity": "NONE"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": []
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Access Bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple"
},
{
"name" : "DSA-3897",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3897"
},
{
"name" : "99219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99219"
},
{
"name" : "1038781",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038781"
}
]
},
"solution" : [],
"source" : {
"advisory" : "SA-CORE-2017-003",
"defect" : [],
"discovery" : "UNKNOWN"
},
"work_around" : []
}

2
2018/19xxx/CVE-2018-19015.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01"
}
]

188
2018/7xxx/CVE-2018-7603.json
View File

@ -1,99 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7603",
"ASSIGNER": "mlhess@drupal.org",
"DATE_PUBLIC": "",
"TITLE": "Search Autocomplete ",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [],
"advisory": "https://www.drupal.org/sa-contrib-2018-070",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Drupal",
"product": {
"product_data": [
{
"product_name": "3rd party module - Search Autocomplete",
"version": {
"version_data": [
{
"version_name": "7.x-4.x",
"affected": "<",
"version_value": "7.x-4.8",
"platform": ""
}
"CVE_data_meta" : {
"AKA" : "",
"ASSIGNER" : "mlhess@drupal.org",
"DATE_PUBLIC" : "",
"ID" : "CVE-2018-7603",
"STATE" : "PUBLIC",
"TITLE" : "Search Autocomplete "
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "3rd party module - Search Autocomplete",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "",
"version_name" : "7.x-4.x",
"version_value" : "7.x-4.8"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "Drupal"
}
]
}
},
"configuration" : [],
"credit" : [
{
"lang" : "eng",
"value" : "Reported By: Simon Kapadia Fixed By: Dominique CLAUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments."
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Drupal's 3rd party module Search Autocomplete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments."
},
"exploit" : [],
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "PHYSICAL",
"availabilityImpact" : "NONE",
"baseScore" : 0,
"baseSeverity" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
"version" : "3.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A vulnerability in search auto complete a 3rd party Druapl contributed module. Search Autocomplete allows an attacker to execute javascript code to causing xss. Affected releases are Drupal 3rd party module - Search Autocomplete: versions prior to 7.x-4.8."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.drupal.org/sa-contrib-2018-070",
"name": "https://www.drupal.org/sa-contrib-2018-070"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.0",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
"baseScore": 0,
"baseSeverity": "NONE"
}
},
"exploit": [],
"work_around": [],
"solution": [],
"credit": [
{
"lang": "eng",
"value": "Reported By: Simon Kapadia Fixed By: Dominique CLAUSE"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "A vulnerability in search auto complete a 3rd party Druapl contributed module. Search Autocomplete allows an attacker to execute javascript code to causing xss. Affected releases are Drupal 3rd party module - Search Autocomplete: versions prior to 7.x-4.8."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/sa-contrib-2018-070",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/sa-contrib-2018-070"
}
]
},
"solution" : [],
"source" : {
"advisory" : "https://www.drupal.org/sa-contrib-2018-070",
"defect" : [],
"discovery" : "UNKNOWN"
},
"work_around" : []
}

18
2019/6xxx/CVE-2019-6989.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6989",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}