diff --git a/2018/19xxx/CVE-2018-19648.json b/2018/19xxx/CVE-2018-19648.json new file mode 100644 index 00000000000..e5434c2a97c --- /dev/null +++ b/2018/19xxx/CVE-2018-19648.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19648", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19649.json b/2018/19xxx/CVE-2018-19649.json new file mode 100644 index 00000000000..22cb2c0529e --- /dev/null +++ b/2018/19xxx/CVE-2018-19649.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19649", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/5xxx/CVE-2018-5559.json b/2018/5xxx/CVE-2018-5559.json index dcf39ab8e5f..dc91e1bded2 100644 --- a/2018/5xxx/CVE-2018-5559.json +++ b/2018/5xxx/CVE-2018-5559.json @@ -1,130 +1,126 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-5559", - "ASSIGNER": "cve@rapid7.com", - "DATE_PUBLIC": "2018-11-07T18:00:00.000Z", - "TITLE": "", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [ - "R7-2018-53" - ], - "advisory": "", - "discovery": "EXTERNAL" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Rapid7", - "product": { - "product_data": [ - { - "product_name": "Komand", - "version": { - "version_data": [ - { - "version_name": "0.41.0", - "affected": "<=", - "version_value": "0.41.0", - "platform": "" - }, - { - "version_name": "0.42.0", - "affected": "!>=", - "version_value": "0.42.0", - "platform": "" - } + "CVE_data_meta" : { + "AKA" : "", + "ASSIGNER" : "cve@rapid7.com", + "DATE_PUBLIC" : "2018-11-07T18:00:00.000Z", + "ID" : "CVE-2018-5559", + "STATE" : "PUBLIC", + "TITLE" : "" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Komand", + "version" : { + "version_data" : [ + { + "affected" : "<=", + "platform" : "", + "version_name" : "0.41.0", + "version_value" : "0.41.0" + }, + { + "affected" : "!>=", + "platform" : "", + "version_name" : "0.42.0", + "version_value" : "0.42.0" + } + ] + } + } ] - } - } - ] - } - } + }, + "vendor_name" : "Rapid7" + } + ] + } + }, + "configuration" : [ + { + "lang" : "eng", + "value" : "In order to expose this issue, a Komand administrator must first configure an affected plugin with a password." + } + ], + "credit" : [ + { + "lang" : "eng", + "value" : "Alexander Jäger, https://twitter.com/alexanderjaeger" + } + ], + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions." + } ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel." - }, - { - "lang": "eng", - "value": "This issue affects:\nRapid7 Komand version 0.41.0 and prior versions.\n\nThis issue does not affect:\nRapid7 Komand version 0.42.0 and later versions." + }, + "exploit" : [], + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "NETWORK", + "availabilityImpact" : "NONE", + "baseScore" : 3.4, + "baseSeverity" : "LOW", + "confidentialityImpact" : "LOW", + "integrityImpact" : "NONE", + "privilegesRequired" : "HIGH", + "scope" : "CHANGED", + "userInteraction" : "REQUIRED", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N", + "version" : "3.0" } - ] - }, - "problemtype": { - "problemtype_data": [ + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-212" + }, + { + "lang" : "eng", + "value" : "Improper Cross-boundary Removal of Sensitive Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/", + "refsource" : "MISC", + "url" : "https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/" + }, + { + "name" : "https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1", + "refsource" : "CONFIRM", + "url" : "https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1" + } + ] + }, + "solution" : [ { - "description": [ - { - "lang": "eng", - "value": "CWE-212" - }, - { - "lang": "eng", - "value": "Improper Cross-boundary Removal of Sensitive Data" - } - ] + "lang" : "eng", + "value" : "Update to at least version 0.42.0 of Rapid7 Komand" } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1", - "name": "https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1" - }, - { - "refsource": "MISC", - "url": "https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/", - "name": "https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/" - } - ] - }, - "configuration": [ - { - "lang": "eng", - "value": "In order to expose this issue, a Komand administrator must first configure an affected plugin with a password." - } - ], - "impact": { - "cvss": { - "version": "3.0", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "REQUIRED", - "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N", - "baseScore": 3.4, - "baseSeverity": "LOW" - } - }, - "exploit": [], - "work_around": [], - "solution": [ - { - "lang": "eng", - "value": "Update to at least version 0.42.0 of Rapid7 Komand" - } - ], - "credit": [ - { - "lang": "eng", - "value": "Alexander Jäger, https://twitter.com/alexanderjaeger" - } - ] + ], + "source" : { + "advisory" : "", + "defect" : [ + "R7-2018-53" + ], + "discovery" : "EXTERNAL" + }, + "work_around" : [] }