admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Correct some information on previously-registered bugs.

Browse Source
This commit is contained in:
Anton Black 🆎 2022-02-23 14:41:13 +11:00
parent aba9f69835
commit b5a7c42891
5 changed files with 174 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2021/26xxx/CVE-2021-26073.json
View File

@ -40,7 +40,7 @@
"description_data": [
{
"lang": "eng",
"value": "Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions between 3.0.2 - 6.5.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."
"value": "Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions from 3.0.2 before 6.6.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."
}
]
},

2
2021/26xxx/CVE-2021-26074.json
View File

@ -40,7 +40,7 @@
"description_data": [
{
"lang": "eng",
"value": "Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 - 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."
"value": "Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions from version 1.1.0 before version 2.1.3 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app."
}
]
},

14
2021/26xxx/CVE-2021-26084.json
View File

@ -16,7 +16,7 @@
"version": {
"version_data": [
{
"version_value": "6.13.22",
"version_value": "6.13.23",
"version_affected": "<"
},
{
@ -51,7 +51,7 @@
"version": {
"version_data": [
{
"version_value": "6.13.22",
"version_value": "6.13.23",
"version_affected": "<"
},
{
@ -117,16 +117,6 @@
"url": "https://jira.atlassian.com/browse/CONFSERVER-67940",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-67940"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164013/Confluence-Server-7.12.4-OGNL-Injection-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/164013/Confluence-Server-7.12.4-OGNL-Injection-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164122/Atlassian-Confluence-WebWork-OGNL-Injection.html",
"url": "http://packetstormsecurity.com/files/164122/Atlassian-Confluence-WebWork-OGNL-Injection.html"
}
]
}

157
2021/39xxx/CVE-2021-39116.json
View File

@ -1,75 +1,88 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-08-30T00:00:00",
"ID": "CVE-2021-39116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.19.0",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.19.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-08-30T00:00:00",
"ID": "CVE-2021-39116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.13.14",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.19.0",
"version_affected": "<"
}
]
}
},{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.13.14",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.19.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.19.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-72738",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JRASERVER-72738"
}
]
}
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-72738"
}
]
}
}

154
2021/41xxx/CVE-2021-41307.json
View File

@ -1,72 +1,88 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-10-25T00:00:00",
"ID": "CVE-2021-41307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.13.12",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-10-25T00:00:00",
"ID": "CVE-2021-41307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.13.12",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.0",
"version_affected": "<"
}
]
}
},{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.13.12",
"version_affected": "<"
},
{
"version_value": "8.14.0",
"version_affected": ">="
},
{
"version_value": "8.20.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object References (IDOR)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR) vulnerability in the Workload Pie Chart Gadget. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Direct Object References (IDOR)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-72916",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JRASERVER-72916"
}
]
}
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-72916"
}
]
}
}