From b39467aebf43b28df4e2390973a25f25b510be37 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 19 Nov 2021 10:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/36xxx/CVE-2021-36372.json | 9 +++++---- 2021/39xxx/CVE-2021-39231.json | 9 +++++---- 2021/39xxx/CVE-2021-39232.json | 9 +++++---- 2021/39xxx/CVE-2021-39233.json | 9 +++++---- 2021/39xxx/CVE-2021-39234.json | 9 +++++---- 2021/39xxx/CVE-2021-39235.json | 9 +++++---- 2021/39xxx/CVE-2021-39236.json | 9 +++++---- 2021/41xxx/CVE-2021-41532.json | 7 ++++--- 2021/42xxx/CVE-2021-42338.json | 7 ++++--- 2022/21xxx/CVE-2022-21742.json | 18 ++++++++++++++++++ 10 files changed, 61 insertions(+), 34 deletions(-) create mode 100644 2022/21xxx/CVE-2022-21742.json diff --git a/2021/36xxx/CVE-2021-36372.json b/2021/36xxx/CVE-2021-36372.json index a3760e552fd..7a64a9f0671 100644 --- a/2021/36xxx/CVE-2021-36372.json +++ b/2021/36xxx/CVE-2021-36372.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked. " + "value": "In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked." } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E" + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E" } ] }, @@ -85,4 +86,4 @@ "value": "Upgrade to Apache Ozone release version 1.2.0" } ] -} +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39231.json b/2021/39xxx/CVE-2021-39231.json index dc8b296cc87..fab73680e81 100644 --- a/2021/39xxx/CVE-2021-39231.json +++ b/2021/39xxx/CVE-2021-39231.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. " + "value": "In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration." } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E" + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E" } ] }, @@ -88,4 +89,4 @@ "value": "Upgrade to Apache Ozone release version 1.2.0" } ] -} +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39232.json b/2021/39xxx/CVE-2021-39232.json index e2a19a60c2b..fab2ddcda35 100644 --- a/2021/39xxx/CVE-2021-39232.json +++ b/2021/39xxx/CVE-2021-39232.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. " + "value": "In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins." } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E" + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E" } ] }, @@ -85,4 +86,4 @@ "value": "Upgrade to Apache Ozone release version 1.2.0" } ] -} +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39233.json b/2021/39xxx/CVE-2021-39233.json index 9055e1468fa..ab89e8e1a1b 100644 --- a/2021/39xxx/CVE-2021-39233.json +++ b/2021/39xxx/CVE-2021-39233.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client. " + "value": "In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client." } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E" + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E" } ] }, @@ -86,4 +87,4 @@ "value": "Upgrade to Apache Ozone release version 1.2.0" } ] -} +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39234.json b/2021/39xxx/CVE-2021-39234.json index 2a89f9af477..1892f4061d5 100644 --- a/2021/39xxx/CVE-2021-39234.json +++ b/2021/39xxx/CVE-2021-39234.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL. " + "value": "In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL." } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E" + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E" } ] }, @@ -85,4 +86,4 @@ "value": "Upgrade to Apache Ozone release version 1.2.0" } ] -} +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39235.json b/2021/39xxx/CVE-2021-39235.json index 5380c5bae2e..e53f51f2a9c 100644 --- a/2021/39xxx/CVE-2021-39235.json +++ b/2021/39xxx/CVE-2021-39235.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block. " + "value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block." } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E" + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E" } ] }, @@ -86,4 +87,4 @@ "value": "Upgrade to Apache Ozone release version 1.2.0" } ] -} +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39236.json b/2021/39xxx/CVE-2021-39236.json index 6bc0b714a59..1fe39f27a3a 100644 --- a/2021/39xxx/CVE-2021-39236.json +++ b/2021/39xxx/CVE-2021-39236.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. " + "value": "In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user." } ] }, @@ -68,8 +68,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C0fd74baa-88a0-39a2-8f3a-b982acb25d5a%40apache.org%3E" + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C0fd74baa-88a0-39a2-8f3a-b982acb25d5a%40apache.org%3E", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C0fd74baa-88a0-39a2-8f3a-b982acb25d5a%40apache.org%3E" } ] }, @@ -85,4 +86,4 @@ "value": "Upgrade to Apache Ozone release version 1.2.0" } ] -} +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41532.json b/2021/41xxx/CVE-2021-41532.json index fc8aa0fedb4..51e92ddd0a6 100644 --- a/2021/41xxx/CVE-2021-41532.json +++ b/2021/41xxx/CVE-2021-41532.json @@ -70,8 +70,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E" + "refsource": "MISC", + "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E", + "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E" } ] }, @@ -87,4 +88,4 @@ "value": "Upgrade to Apache Ozone release version 1.2.0" } ] -} +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42338.json b/2021/42xxx/CVE-2021-42338.json index 0539914232f..53e7086409e 100644 --- a/2021/42xxx/CVE-2021-42338.json +++ b/2021/42xxx/CVE-2021-42338.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files." + "value": "4MOSAn GCB Doctor\u2019s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files." } ] }, @@ -76,8 +76,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html" + "refsource": "MISC", + "url": "https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html", + "name": "https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html" } ] }, diff --git a/2022/21xxx/CVE-2022-21742.json b/2022/21xxx/CVE-2022-21742.json new file mode 100644 index 00000000000..26e9ceb4e55 --- /dev/null +++ b/2022/21xxx/CVE-2022-21742.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21742", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file