From ad34999642fd49040ae504be632081974b25e0b7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 26 May 2023 21:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/28xxx/CVE-2023-28319.json | 50 +++++++++++++++++-- 2023/28xxx/CVE-2023-28320.json | 50 +++++++++++++++++-- 2023/28xxx/CVE-2023-28321.json | 50 +++++++++++++++++-- 2023/28xxx/CVE-2023-28322.json | 50 +++++++++++++++++-- 2023/2xxx/CVE-2023-2825.json | 84 +++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2854.json | 87 ++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2855.json | 87 ++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2856.json | 87 ++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2857.json | 87 ++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2858.json | 87 ++++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2879.json | 79 +++++++++++++++++++++++++++-- 2023/30xxx/CVE-2023-30549.json | 12 ++--- 2023/33xxx/CVE-2023-33185.json | 86 ++++++++++++++++++++++++++++++-- 2023/33xxx/CVE-2023-33187.json | 81 ++++++++++++++++++++++++++++-- 2023/33xxx/CVE-2023-33194.json | 90 ++++++++++++++++++++++++++++++++-- 2023/33xxx/CVE-2023-33196.json | 86 ++++++++++++++++++++++++++++++-- 16 files changed, 1092 insertions(+), 61 deletions(-) diff --git a/2023/28xxx/CVE-2023-28319.json b/2023/28xxx/CVE-2023-28319.json index ade5071f868..a3d80cf2893 100644 --- a/2023/28xxx/CVE-2023-28319.json +++ b/2023/28xxx/CVE-2023-28319.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/curl/curl", + "version": { + "version_data": [ + { + "version_value": "Fixed in 8.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1913733", + "url": "https://hackerone.com/reports/1913733" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free vulnerability exists in curl =4.0.0, <4.0.6" + }, + { + "version_value": ">=3.6.0, <3.6.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer over-read in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2023-17.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2023-17.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/19084", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19084", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Huascar Tejeda" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2855.json b/2023/2xxx/CVE-2023-2855.json index 2834d88742c..310c0f1df6f 100644 --- a/2023/2xxx/CVE-2023-2855.json +++ b/2023/2xxx/CVE-2023-2855.json @@ -4,15 +4,94 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=4.0.0, <4.0.6" + }, + { + "version_value": ">=3.6.0, <3.6.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer over-read in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2023-12.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2023-12.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/19062", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19062", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2855.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2855.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Huascar Tejeda" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2856.json b/2023/2xxx/CVE-2023-2856.json index da2ee9d2045..d65f9027171 100644 --- a/2023/2xxx/CVE-2023-2856.json +++ b/2023/2xxx/CVE-2023-2856.json @@ -4,15 +4,94 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=4.0.0, <4.0.6" + }, + { + "version_value": ">=3.6.0, <3.6.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer over-read in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2023-16.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2023-16.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/19083", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19083", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2856.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2856.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Huascar Tejeda" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2857.json b/2023/2xxx/CVE-2023-2857.json index 60b479ade8e..c4a5c715508 100644 --- a/2023/2xxx/CVE-2023-2857.json +++ b/2023/2xxx/CVE-2023-2857.json @@ -4,15 +4,94 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=4.0.0, <4.0.6" + }, + { + "version_value": ">=3.6.0, <3.6.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer over-read in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2023-13.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2023-13.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/19063", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19063", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2857.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2857.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Huascar Tejeda" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2858.json b/2023/2xxx/CVE-2023-2858.json index 7bf2825eccb..541d493a13b 100644 --- a/2023/2xxx/CVE-2023-2858.json +++ b/2023/2xxx/CVE-2023-2858.json @@ -4,15 +4,94 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2858", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=4.0.0, <4.0.6" + }, + { + "version_value": ">=3.6.0, <3.6.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer over-read in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2023-15.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2023-15.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/19081", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19081", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2858.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2858.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Huascar Tejeda" + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2879.json b/2023/2xxx/CVE-2023-2879.json index e3ba5b7569b..d52de14436b 100644 --- a/2023/2xxx/CVE-2023-2879.json +++ b/2023/2xxx/CVE-2023-2879.json @@ -4,15 +4,88 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2879", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=4.0.0, <4.0.6" + }, + { + "version_value": ">=3.6.0, <3.6.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Loop with unreachable exit condition ('infinite loop') in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2023-14.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2023-14.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/wireshark/wireshark/-/issues/19068", + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19068", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2879.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2879.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file" } ] + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + } } } \ No newline at end of file diff --git a/2023/30xxx/CVE-2023-30549.json b/2023/30xxx/CVE-2023-30549.json index df02f094010..d63abb12c7c 100644 --- a/2023/30xxx/CVE-2023-30549.json +++ b/2023/30xxx/CVE-2023-30549.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation.\n\nApptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid \"rootless\" mode using fuse2fs.\n\nSome workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed." + "value": "Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid \"rootless\" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed." } ] }, @@ -54,6 +54,11 @@ }, "references": { "reference_data": [ + { + "url": "https://ubuntu.com/security/CVE-2022-1184", + "refsource": "MISC", + "name": "https://ubuntu.com/security/CVE-2022-1184" + }, { "url": "https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg", "refsource": "MISC", @@ -79,11 +84,6 @@ "refsource": "MISC", "name": "https://security-tracker.debian.org/tracker/CVE-2022-1184" }, - { - "url": "https://ubuntu.com/security/CVE-2022-1184", - "refsource": "MISC", - "name": "https://ubuntu.com/security/CVE-2022-1184" - }, { "url": "https://www.suse.com/security/cve/CVE-2022-1184.html", "refsource": "MISC", diff --git a/2023/33xxx/CVE-2023-33185.json b/2023/33xxx/CVE-2023-33185.json index 603564b01fb..d3807f2baa2 100644 --- a/2023/33xxx/CVE-2023-33185.json +++ b/2023/33xxx/CVE-2023-33185.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature", + "cweId": "CWE-347" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "django-ses", + "product": { + "product_data": [ + { + "product_name": "django-ses", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25", + "refsource": "MISC", + "name": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25" + }, + { + "url": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795", + "refsource": "MISC", + "name": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795" + }, + { + "url": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md", + "refsource": "MISC", + "name": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md" + } + ] + }, + "source": { + "advisory": "GHSA-qg36-9jxh-fj25", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33187.json b/2023/33xxx/CVE-2023-33187.json index e58fa9656ac..7ec50f5479a 100644 --- a/2023/33xxx/CVE-2023-33187.json +++ b/2023/33xxx/CVE-2023-33187.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type=\"text\"` via a javascript \"Show Password\" button. This differs from the expected behavior which always obfuscates `type=\"password\"` inputs. A customer may assume that switching to `type=\"text\"` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0.\nThis patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type=\"password\"` continues to be obfuscated. \n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "highlight", + "product": { + "product_data": [ + { + "product_name": "highlight", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/highlight/highlight/security/advisories/GHSA-9qpj-qq2r-5mcc", + "refsource": "MISC", + "name": "https://github.com/highlight/highlight/security/advisories/GHSA-9qpj-qq2r-5mcc" + }, + { + "url": "https://github.com/rrweb-io/rrweb/pull/1184", + "refsource": "MISC", + "name": "https://github.com/rrweb-io/rrweb/pull/1184" + } + ] + }, + "source": { + "advisory": "GHSA-9qpj-qq2r-5mcc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33194.json b/2023/33xxx/CVE-2023-33194.json index 25aa031682f..d9674c3eb21 100644 --- a/2023/33xxx/CVE-2023-33194.json +++ b/2023/33xxx/CVE-2023-33194.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn\u2019t fix it when clicking save. This issue was patched in version 4.4.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "cweId": "CWE-80" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "craftcms", + "product": { + "product_data": [ + { + "product_name": "cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.0.0-RC1, < 4.4.6" + }, + { + "version_affected": "=", + "version_value": ">= 3.0.0, <= 3.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9" + }, + { + "url": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888" + }, + { + "url": "https://github.com/craftcms/cms/releases/tag/4.4.6", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/releases/tag/4.4.6" + } + ] + }, + "source": { + "advisory": "GHSA-3wxg-w96j-8hq9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33196.json b/2023/33xxx/CVE-2023-33196.json index cdc24dbc976..27de1762265 100644 --- a/2023/33xxx/CVE-2023-33196.json +++ b/2023/33xxx/CVE-2023-33196.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "cweId": "CWE-80" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "craftcms", + "product": { + "product_data": [ + { + "product_name": "cms", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 4.0.0-RC1, <= 4.4.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5" + }, + { + "url": "https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7" + }, + { + "url": "https://github.com/craftcms/cms/releases/tag/4.4.7", + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/releases/tag/4.4.7" + } + ] + }, + "source": { + "advisory": "GHSA-cjmm-x9x9-m2w5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] }