Add CVE-2021-29450 for GHSA-pmmh-2f36-wvhq

2025-08-04 08:44:25 +00:00 · 2021-04-15 14:14:38 -07:00 · 2021-04-15 14:14:38 -07:00 · b396909c93
commit b396909c93
parent 4de20d23ba
1 changed files with 76 additions and 6 deletions
--- a/2021/29xxx/CVE-2021-29450.json
+++ b/2021/29xxx/CVE-2021-29450.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-29450",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "WordPress Authenticated disclosure of password-protected posts and pages"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "wordpress-develop",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 4.70,< 5.7.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "WordPress"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.5,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "{\"CWE-200\":\"Exposure of Sensitive Information to an Unauthorized Actor\"}"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq"
+            },
+            {
+                "name": "https://wordpress.org/news/category/security/",
+                "refsource": "MISC",
+                "url": "https://wordpress.org/news/category/security/"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-pmmh-2f36-wvhq",
+        "discovery": "UNKNOWN"
    }
 }