admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-20 09:00:36 +00:00
parent 21b7b97fe2
commit a652e575ea
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 681 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/1000xxx/CVE-2016-1000027.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC",
"name": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525",
"url": "https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0009/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0009/"
}
]
}

147
2021/24xxx/CVE-2021-24510.json
View File

@ -1,75 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24510",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "MF Gig Calendar",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.1",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39",
"name": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-24510",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "MF Gig Calendar",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "iohex"
},
{
"lang": "en",
"value": "WPScan"
}
]
},
"credit": [
{
"lang": "eng",
"value": "iohex"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

5
2022/2xxx/CVE-2022-2097.json
View File

@ -124,6 +124,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0008/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
}
]
}

169
2022/34xxx/CVE-2022-34149.json
View File

@ -1,105 +1,128 @@
{
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-08-02T12:07:00.000Z",
"ID": "CVE-2022-34149",
"STATE": "PUBLIC",
"TITLE": "WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP OAuth Server (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 3.0.4",
"version_value": "3.0.4"
}
]
}
}
]
},
"vendor_name": "miniOrange"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Lana Codes (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-34149",
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress."
"value": "Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
"value": "CWE-264 Permissions, Privileges, and Access Controls",
"cweId": "CWE-264"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "miniOrange",
"product": {
"product_data": [
{
"product_name": "WP OAuth Server (WordPress plugin)",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.0.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.0.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability"
"url": "https://patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability?_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/miniorange-oauth-20-server/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/miniorange-oauth-20-server/#developers"
"url": "https://lana.codes/lanavdb/6d794d65-d44b-4099-94c5-3dd2995b218c?_s_id=cve",
"refsource": "MISC",
"name": "https://lana.codes/lanavdb/6d794d65-d44b-4099-94c5-3dd2995b218c?_s_id=cve"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 4.0.1 or higher version."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Update to 4.0.1 or a higher version.</p>"
}
],
"value": "Update to 4.0.1 or a higher version.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

5
2022/4xxx/CVE-2022-4095.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0005/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0005/"
}
]
},

92
2023/0xxx/CVE-2023-0383.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@m-files.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "M-Files",
"product": {
"product_data": [
{
"product_name": "M-Files Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "23.4.12528.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0383/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0383/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to patched version.<br>\n\n<br>"
}
],
"value": "\nUpdate to patched version.\n\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

92
2023/0xxx/CVE-2023-0384.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@m-files.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1\n\n due to uncontrolled memory consumption for a scheduled job.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "M-Files",
"product": {
"product_data": [
{
"product_name": "M-Files Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "23.4.12528.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0384/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0384/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to patched version.<br>\n\n<br>"
}
],
"value": "\nUpdate to patched version.\n\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

5
2023/0xxx/CVE-2023-0386.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0004/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0004/"
}
]
},

5
2023/1xxx/CVE-2023-1390.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6",
"url": "https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0001/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0001/"
}
]
},

7
2023/1xxx/CVE-2023-1410.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix."
"value": "Grafana is an open-source platform for monitoring and observability.\u00a0\n\nGrafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. \n\nThe stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized.\n\nAn attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description.\u00a0\n\n Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. \n\n\n\n\n\n\n\n\n\n\n"
}
]
},
@ -96,6 +96,11 @@
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76",
"refsource": "MISC",
"name": "https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0003/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230420-0003/"
}
]
},

5
2023/20xxx/CVE-2023-20861.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://spring.io/security/cve-2023-20861",
"url": "https://spring.io/security/cve-2023-20861"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0007/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0007/"
}
]
},

15
2023/27xxx/CVE-2023-27490.json
View File

@ -63,11 +63,6 @@
},
"references": {
"reference_data": [
{
"url": "https://next-auth.js.org/configuration/initialization#advanced-initialization",
"refsource": "MISC",
"name": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
},
{
"url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-7r7x-4c4q-c4qf",
"refsource": "MISC",
@ -83,6 +78,11 @@
"refsource": "MISC",
"name": "https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/"
},
{
"url": "https://next-auth.js.org/configuration/initialization#advanced-initialization",
"refsource": "MISC",
"name": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
},
{
"url": "https://next-auth.js.org/configuration/providers/oauth",
"refsource": "MISC",
@ -92,6 +92,11 @@
"url": "https://www.rfc-editor.org/rfc/rfc6749#section-10.12",
"refsource": "MISC",
"name": "https://www.rfc-editor.org/rfc/rfc6749#section-10.12"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0006/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20230420-0006/"
}
]
},

5
2023/27xxx/CVE-2023-27533.json
View File

@ -53,6 +53,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2023-7e7414e64d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0011/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0011/"
}
]
},

5
2023/27xxx/CVE-2023-27534.json
View File

@ -53,6 +53,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2023-7e7414e64d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0012/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0012/"
}
]
},

5
2023/27xxx/CVE-2023-27535.json
View File

@ -53,6 +53,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2023-7e7414e64d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0010/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/"
}
]
},

5
2023/27xxx/CVE-2023-27536.json
View File

@ -53,6 +53,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2023-7e7414e64d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0010/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/"
}
]
},

5
2023/27xxx/CVE-2023-27537.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://hackerone.com/reports/1897203",
"url": "https://hackerone.com/reports/1897203"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0010/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/"
}
]
},

5
2023/27xxx/CVE-2023-27538.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://hackerone.com/reports/1898475",
"url": "https://hackerone.com/reports/1898475"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0010/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/"
}
]
},

5
2023/28xxx/CVE-2023-28486.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13",
"refsource": "MISC",
"name": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0002/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
}
]
}

5
2023/28xxx/CVE-2023-28487.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13",
"refsource": "MISC",
"name": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20230420-0002/",
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
}
]
}

92
2023/2xxx/CVE-2023-2112.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@m-files.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.\u00a0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "M-Files",
"product": {
"product_data": [
{
"product_name": "M-Files Desktop",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "23.4.12455.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2112/",
"refsource": "MISC",
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2112/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the patched version.&nbsp;"
}
],
"value": "Update to the patched version.\u00a0"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

159
2023/2xxx/CVE-2023-2193.json Normal file
View File

@ -0,0 +1,159 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-2193",
"ASSIGNER": "responsibledisclosure@mattermost.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mattermost",
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "7.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.10"
},
{
"status": "unaffected",
"version": "7.9.3"
},
{
"status": "unaffected",
"version": "7.8.4"
},
{
"status": "unaffected",
"version": "7.7.5"
},
{
"status": "unaffected",
"version": "7.1.9"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://mattermost.com/security-updates/",
"refsource": "MISC",
"name": "https://mattermost.com/security-updates/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "MMSA-2023-00157",
"defect": [
"https://mattermost.atlassian.net/browse/MM-50219"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Mattermost to version v7.10, v7.9.3, v7.8.4, v7.7.5, v7.1.9 or higher.<br>"
}
],
"value": "Update Mattermost to version v7.10, v7.9.3, v7.8.4, v7.7.5, v7.1.9 or higher.\n"
}
],
"credits": [
{
"lang": "en",
"value": "whitehattushu"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}
}