diff --git a/2024/2xxx/CVE-2024-2796.json b/2024/2xxx/CVE-2024-2796.json index e936606d10b..a23efe23567 100644 --- a/2024/2xxx/CVE-2024-2796.json +++ b/2024/2xxx/CVE-2024-2796.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@perforce.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A server-side request forgery (SSRF) was discovered in the Akana Community Manager Developer Portal in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Akana", + "product": { + "product_data": [ + { + "product_name": "Community Manager Developer Portal", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2022.1.1 ", + "version_value": "2022.1.1 (CVE-2024-2796 Patch) " + }, + { + "version_affected": "<", + "version_name": "2022.1.2 ", + "version_value": "2022.1.2 (CVE-2024-2796 Patch) " + }, + { + "version_affected": "<", + "version_name": "2022.1.3 ", + "version_value": "2022.1.3 (CVE-2024-2796 Patch) " + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://portal.perforce.com/s/detail/a91PA000001STuXYAW", + "refsource": "MISC", + "name": "https://portal.perforce.com/s/detail/a91PA000001STuXYAW" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/30xxx/CVE-2024-30564.json b/2024/30xxx/CVE-2024-30564.json index 88d853815f9..7c8eeaa30d4 100644 --- a/2024/30xxx/CVE-2024-30564.json +++ b/2024/30xxx/CVE-2024-30564.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-30564", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-30564", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/andrei-tatar/nora-firebase-common/issues/9", + "refsource": "MISC", + "name": "https://github.com/andrei-tatar/nora-firebase-common/issues/9" + }, + { + "url": "https://github.com/andrei-tatar/nora-firebase-common/commit/bf30b75d51be04f6c1f884561a223226c890f01b", + "refsource": "MISC", + "name": "https://github.com/andrei-tatar/nora-firebase-common/commit/bf30b75d51be04f6c1f884561a223226c890f01b" + }, + { + "url": "https://gist.github.com/mestrtee/5dc2c948c2057f98d3de0a9790903c6c", + "refsource": "MISC", + "name": "https://gist.github.com/mestrtee/5dc2c948c2057f98d3de0a9790903c6c" } ] } diff --git a/2024/32xxx/CVE-2024-32466.json b/2024/32xxx/CVE-2024-32466.json index 7cfbeec9a66..13aca25dd6b 100644 --- a/2024/32xxx/CVE-2024-32466.json +++ b/2024/32xxx/CVE-2024-32466.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32466", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to `translation.view`. This vulnerability is fixed in v3.57.2\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tolgee", + "product": { + "product_data": [ + { + "product_name": "tolgee-platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.57.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc", + "refsource": "MISC", + "name": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc" + }, + { + "url": "https://github.com/tolgee/tolgee-platform/commit/f71213925d6f80019f841db0ead9baa7488c1821", + "refsource": "MISC", + "name": "https://github.com/tolgee/tolgee-platform/commit/f71213925d6f80019f841db0ead9baa7488c1821" + } + ] + }, + "source": { + "advisory": "GHSA-r95p-fqqv-fppc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/32xxx/CVE-2024-32470.json b/2024/32xxx/CVE-2024-32470.json index 589c577c466..74a2fa141ee 100644 --- a/2024/32xxx/CVE-2024-32470.json +++ b/2024/32xxx/CVE-2024-32470.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32470", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tolgee", + "product": { + "product_data": [ + { + "product_name": "tolgee-platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.57.2, < 3.57.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-pm57-hcm8-38gw", + "refsource": "MISC", + "name": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-pm57-hcm8-38gw" + }, + { + "url": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc", + "refsource": "MISC", + "name": "https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc" + }, + { + "url": "https://github.com/tolgee/tolgee-platform/commit/a0d861028d931f8a54387770eaf3a75031b81234", + "refsource": "MISC", + "name": "https://github.com/tolgee/tolgee-platform/commit/a0d861028d931f8a54387770eaf3a75031b81234" + } + ] + }, + "source": { + "advisory": "GHSA-pm57-hcm8-38gw", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3952.json b/2024/3xxx/CVE-2024-3952.json new file mode 100644 index 00000000000..0914d453ba5 --- /dev/null +++ b/2024/3xxx/CVE-2024-3952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3953.json b/2024/3xxx/CVE-2024-3953.json new file mode 100644 index 00000000000..88e9fa3beb8 --- /dev/null +++ b/2024/3xxx/CVE-2024-3953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3954.json b/2024/3xxx/CVE-2024-3954.json new file mode 100644 index 00000000000..130a070cc43 --- /dev/null +++ b/2024/3xxx/CVE-2024-3954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3955.json b/2024/3xxx/CVE-2024-3955.json new file mode 100644 index 00000000000..0a4b11847fa --- /dev/null +++ b/2024/3xxx/CVE-2024-3955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3956.json b/2024/3xxx/CVE-2024-3956.json new file mode 100644 index 00000000000..0b6e224e870 --- /dev/null +++ b/2024/3xxx/CVE-2024-3956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3957.json b/2024/3xxx/CVE-2024-3957.json new file mode 100644 index 00000000000..1b5a53876ea --- /dev/null +++ b/2024/3xxx/CVE-2024-3957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file