diff --git a/2022/21xxx/CVE-2022-21953.json b/2022/21xxx/CVE-2022-21953.json index a867f3985d1..4427aab4e58 100644 --- a/2022/21xxx/CVE-2022-21953.json +++ b/2022/21xxx/CVE-2022-21953.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2023-01-25T00:00:00.000Z", "ID": "CVE-2022-21953", "STATE": "PUBLIC", @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.17;\nRancher versions prior to 2.6.10;\nRancher versions prior to 2.7.1." + "value": "A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1." } ] }, diff --git a/2022/31xxx/CVE-2022-31249.json b/2022/31xxx/CVE-2022-31249.json index 0fe1af70803..aac40e9c145 100644 --- a/2022/31xxx/CVE-2022-31249.json +++ b/2022/31xxx/CVE-2022-31249.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2023-01-25T00:00:00.000Z", "ID": "CVE-2022-31249", "STATE": "PUBLIC", @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler.\nThis issue affects:\nSUSE Rancher\nwrangler version 0.7.3 and prior versions;\nwrangler version 0.8.4 and prior versions;\nwrangler version 1.0.0 and prior versions." + "value": "A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions." } ] }, diff --git a/2022/43xxx/CVE-2022-43755.json b/2022/43xxx/CVE-2022-43755.json index 2fc65428d3e..366d71dc755 100644 --- a/2022/43xxx/CVE-2022-43755.json +++ b/2022/43xxx/CVE-2022-43755.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2023-01-25T00:00:00.000Z", "ID": "CVE-2022-43755", "STATE": "PUBLIC", @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed.\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.6.10;\nRancher versions prior to 2.7.1." + "value": "A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1." } ] }, diff --git a/2022/43xxx/CVE-2022-43756.json b/2022/43xxx/CVE-2022-43756.json index 91584bce860..8f062758576 100644 --- a/2022/43xxx/CVE-2022-43756.json +++ b/2022/43xxx/CVE-2022-43756.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2023-01-25T00:00:00.000Z", "ID": "CVE-2022-43756", "STATE": "PUBLIC", @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials.\nThis issue affects:\nSUSE Rancher\nwrangler version 0.7.3 and prior versions;\nwrangler version 0.8.4 and prior versions;\nwrangler version 1.0.0 and prior versions." + "value": "A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions." } ] }, diff --git a/2022/43xxx/CVE-2022-43757.json b/2022/43xxx/CVE-2022-43757.json index 6ae749213a9..a4e0aaf75a9 100644 --- a/2022/43xxx/CVE-2022-43757.json +++ b/2022/43xxx/CVE-2022-43757.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2023-01-25T00:00:00.000Z", "ID": "CVE-2022-43757", "STATE": "PUBLIC", @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.17;\nRancher versions prior to 2.6.10;\nRancher versions prior to 2.7.1." + "value": "A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1." } ] }, @@ -99,4 +99,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43758.json b/2022/43xxx/CVE-2022-43758.json index 3ab6c453b87..1ea52e256ce 100644 --- a/2022/43xxx/CVE-2022-43758.json +++ b/2022/43xxx/CVE-2022-43758.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2023-01-25T00:00:00.000Z", "ID": "CVE-2022-43758", "STATE": "PUBLIC", @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default)\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.17;\nRancher versions prior to 2.6.10;\nRancher versions prior to 2.7.1." + "value": "A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1." } ] }, diff --git a/2022/43xxx/CVE-2022-43759.json b/2022/43xxx/CVE-2022-43759.json index 769a6f423a1..5052fcf52be 100644 --- a/2022/43xxx/CVE-2022-43759.json +++ b/2022/43xxx/CVE-2022-43759.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "security@suse.de", + "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2023-01-25T00:00:00.000Z", "ID": "CVE-2022-43759", "STATE": "PUBLIC", @@ -50,7 +50,7 @@ "description_data": [ { "lang": "eng", - "value": "A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster.\nThis issue affects:\nSUSE Rancher\nRancher versions prior to 2.5.17;\nRancher versions prior to 2.6.10." + "value": "A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10." } ] }, diff --git a/2023/0xxx/CVE-2023-0707.json b/2023/0xxx/CVE-2023-0707.json new file mode 100644 index 00000000000..4d059728483 --- /dev/null +++ b/2023/0xxx/CVE-2023-0707.json @@ -0,0 +1,101 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-0707", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester Medical Certificate Generator App 1.0 ausgemacht. Es geht hierbei um die Funktion delete_record der Datei function.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Medical Certificate Generator App", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.220346", + "refsource": "MISC", + "name": "https://vuldb.com/?id.220346" + }, + { + "url": "https://vuldb.com/?ctiid.220346", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.220346" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "p1nk (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file