mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
cda8868a33
commit
aec04f47bd
@ -1,17 +1,90 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-23491",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-345: Insufficient Verification of Data Authenticity",
|
||||
"cweId": "CWE-345"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "certifi",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "python-certifi",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "< 2022.12.07",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8"
|
||||
},
|
||||
{
|
||||
"url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ",
|
||||
"refsource": "MISC",
|
||||
"name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-43fp-rhv2-5gv8",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.8,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n\/a"
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -49,7 +49,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \/back\/index.php\/user\/User\/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095."
|
||||
"value": "A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /back/index.php/user/User/?1. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215095."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -57,16 +57,20 @@
|
||||
"cvss": {
|
||||
"version": "3.1",
|
||||
"baseScore": "3.5",
|
||||
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https:\/\/gitee.com\/csliuwy\/coder-chain_gdut\/issues\/I53DPF"
|
||||
"url": "https://gitee.com/csliuwy/coder-chain_gdut/issues/I53DPF",
|
||||
"refsource": "MISC",
|
||||
"name": "https://gitee.com/csliuwy/coder-chain_gdut/issues/I53DPF"
|
||||
},
|
||||
{
|
||||
"url": "https:\/\/vuldb.com\/?id.215095"
|
||||
"url": "https://vuldb.com/?id.215095",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.215095"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user