From a5359217a67e518b53ffedd014a46195b3609a97 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Jul 2018 09:04:09 -0400 Subject: [PATCH] - Synchronized data. --- 2018/13xxx/CVE-2018-13388.json | 68 ++++++++++++++++++---------------- 2018/13xxx/CVE-2018-13389.json | 64 ++++++++++++++++---------------- 2018/1xxx/CVE-2018-1337.json | 4 +- 3 files changed, 72 insertions(+), 64 deletions(-) diff --git a/2018/13xxx/CVE-2018-13388.json b/2018/13xxx/CVE-2018-13388.json index 9bff16b7e32..b889c983701 100644 --- a/2018/13xxx/CVE-2018-13388.json +++ b/2018/13xxx/CVE-2018-13388.json @@ -1,64 +1,68 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2018-07-09T00:00:00", - "ID": "CVE-2018-13388", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "security@atlassian.com", + "DATE_PUBLIC" : "2018-07-09T00:00:00", + "ID" : "CVE-2018-13388", + "STATE" : "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Fisheye and Crucible", - "version": { - "version_data": [ + "product_name" : "Fisheye and Crucible", + "version" : { + "version_data" : [ { - "version_value": "4.5.3", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "4.5.3" } ] } } ] }, - "vendor_name": "Atlassian" + "vendor_name" : "Atlassian" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files." + "lang" : "eng", + "value" : "The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" + "lang" : "eng", + "value" : "Cross Site Scripting (XSS)" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://jira.atlassian.com/browse/FE-7059" + "name" : "https://jira.atlassian.com/browse/CRUC-8209", + "refsource" : "CONFIRM", + "url" : "https://jira.atlassian.com/browse/CRUC-8209" }, { - "url": "https://jira.atlassian.com/browse/CRUC-8209" + "name" : "https://jira.atlassian.com/browse/FE-7059", + "refsource" : "CONFIRM", + "url" : "https://jira.atlassian.com/browse/FE-7059" } ] } diff --git a/2018/13xxx/CVE-2018-13389.json b/2018/13xxx/CVE-2018-13389.json index fb24a0a9666..aab6075df52 100644 --- a/2018/13xxx/CVE-2018-13389.json +++ b/2018/13xxx/CVE-2018-13389.json @@ -1,61 +1,63 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2018-07-09T00:00:00", - "ID": "CVE-2018-13389", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "security@atlassian.com", + "DATE_PUBLIC" : "2018-07-09T00:00:00", + "ID" : "CVE-2018-13389", + "STATE" : "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "Confluence", - "version": { - "version_data": [ + "product_name" : "Confluence", + "version" : { + "version_data" : [ { - "version_value": "6.6.1", - "version_affected": "<" + "version_affected" : "<", + "version_value" : "6.6.1" } ] } } ] }, - "vendor_name": "Atlassian" + "vendor_name" : "Atlassian" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml." + "lang" : "eng", + "value" : "The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml." } ] }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Content Spoofing" + "lang" : "eng", + "value" : "Content Spoofing" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "url": "https://jira.atlassian.com/browse/CONFSERVER-54906" + "name" : "https://jira.atlassian.com/browse/CONFSERVER-54906", + "refsource" : "CONFIRM", + "url" : "https://jira.atlassian.com/browse/CONFSERVER-54906" } ] } diff --git a/2018/1xxx/CVE-2018-1337.json b/2018/1xxx/CVE-2018-1337.json index a8f9619cb6d..fe9024922d6 100644 --- a/2018/1xxx/CVE-2018-1337.json +++ b/2018/1xxx/CVE-2018-1337.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)" + "value" : "In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel", + "refsource" : "MLIST", "url" : "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f@%3Cdev.directory.apache.org%3E" } ]