mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
58535fb597
commit
b3350ffb1c
@ -1,17 +1,170 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-2954",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine problematische Schwachstelle in mannaandpoem OpenManus bis 2025.3.13 gefunden. Es geht dabei um die Funktion execute der Datei app/tool/file_saver.py der Komponente File Handler. Mit der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Improper Access Controls",
|
||||
"cweId": "CWE-284"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Incorrect Privilege Assignment",
|
||||
"cweId": "CWE-266"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "mannaandpoem",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "OpenManus",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.7"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.9"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.10"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.11"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.12"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2025.3.13"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.302007",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.302007"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.302007",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.302007"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.521545",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?submit.521545"
|
||||
},
|
||||
{
|
||||
"url": "https://magnificent-dill-351.notion.site/Arbitrary-File-Writing-in-OpenManus-2025-3-13-1b9c693918ed805e8e7fd35a896d2d41",
|
||||
"refsource": "MISC",
|
||||
"name": "https://magnificent-dill-351.notion.site/Arbitrary-File-Writing-in-OpenManus-2025-3-13-1b9c693918ed805e8e7fd35a896d2d41"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "s0l42 (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 3.3,
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 3.3,
|
||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 1.7,
|
||||
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user