"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2022-06-25 08:00:49 +00:00 · 2022-06-25 08:00:49 +00:00 · a1edf47fa7
commit a1edf47fa7
parent 7d991e78a4
4 changed files with 38 additions and 2 deletions
--- a/2022/29xxx/CVE-2022-29168.json
+++ b/2022/29xxx/CVE-2022-29168.json
@ -38,7 +38,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist. "
+                "value": "Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist."
            }
        ]
    },
--- a/2022/2xxx/CVE-2022-2204.json
+++ b/2022/2xxx/CVE-2022-2204.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-2204",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2022/2xxx/CVE-2022-2205.json
+++ b/2022/2xxx/CVE-2022-2205.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2022-2205",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2022/31xxx/CVE-2022-31016.json
+++ b/2022/31xxx/CVE-2022-31016.json
@ -41,7 +41,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service,  resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file.  The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade."
+                "value": "Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade."
            }
        ]
    },