"-Synchronized-Data."

2025-05-06 18:53:08 +00:00 · 2022-02-28 20:01:19 +00:00 · 2022-02-28 20:01:19 +00:00 · a0f35d3637
commit a0f35d3637
parent 274f79e413
5 changed files with 43 additions and 2 deletions
--- a/2021/35xxx/CVE-2021-35033.json
+++ b/2021/35xxx/CVE-2021-35033.json
@ -98,6 +98,11 @@
                "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml",
                "refsource": "CONFIRM",
                "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.tenable.com/security/research/tra-2022-06",
+                "url": "https://www.tenable.com/security/research/tra-2022-06"
            }
        ]
    },
--- a/2021/41xxx/CVE-2021-41111.json
+++ b/2021/41xxx/CVE-2021-41111.json
@ -38,7 +38,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds.\n"
+                "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user could use the revealed webhook tokens to trigger webhooks. Severity depends on trust level of authenticated users and whether any webhooks exist that trigger sensitive actions. There are patches for this vulnerability in versions 3.4.5 and 3.3.15. There are currently no known workarounds."
            }
        ]
    },
--- a/2021/41xxx/CVE-2021-41112.json
+++ b/2021/41xxx/CVE-2021-41112.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization.  Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds."
+                "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could cause Scheduled Jobs to execute, or not execute on desired calendar days. Severity depends on trust level of authenticated users and impact of running or not running scheduled jobs on days governed by calendar definitions. Version 3.4.5 contains a patch for this issue. There are currently no known workarounds."
            }
        ]
    },
--- a/2022/0xxx/CVE-2022-0784.json
+++ b/2022/0xxx/CVE-2022-0784.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-0784",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2022/0xxx/CVE-2022-0785.json
+++ b/2022/0xxx/CVE-2022-0785.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-0785",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}