From b68f91a8a5f2aa72a61bae13db8caa22c0f5d0a1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 5 Feb 2025 13:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/2xxx/CVE-2024-2878.json | 100 +++++++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3976.json | 100 +++++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9097.json | 85 +++++++++++++++++++++++++++-- 3 files changed, 273 insertions(+), 12 deletions(-) diff --git a/2024/2xxx/CVE-2024-2878.json b/2024/2xxx/CVE-2024-2878.json index 40ef55bcaf1..9cac04aaa63 100644 --- a/2024/2xxx/CVE-2024-2878.json +++ b/2024/2xxx/CVE-2024-2878.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2878", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.7", + "version_value": "16.9.7" + }, + { + "version_affected": "<", + "version_name": "16.10", + "version_value": "16.10.5" + }, + { + "version_affected": "<", + "version_name": "16.11", + "version_value": "16.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451918", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/451918" + }, + { + "url": "https://hackerone.com/reports/2416356", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2416356" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/3xxx/CVE-2024-3976.json b/2024/3xxx/CVE-2024-3976.json index c2f26d1077a..334e3e371a4 100644 --- a/2024/3xxx/CVE-2024-3976.json +++ b/2024/3xxx/CVE-2024-3976.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "14.0", + "version_value": "16.9.7" + }, + { + "version_affected": "<", + "version_name": "16.10", + "version_value": "16.10.5" + }, + { + "version_affected": "<", + "version_name": "16.11", + "version_value": "16.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/457140", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/457140" + }, + { + "url": "https://hackerone.com/reports/2470939", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2470939" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [ahacker1](https://hackerone.com/ahacker1) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9097.json b/2024/9xxx/CVE-2024-9097.json index 69b1bfa1736..982fb6b7240 100644 --- a/2024/9xxx/CVE-2024-9097.json +++ b/2024/9xxx/CVE-2024-9097.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@manageengine.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ManageEngine Endpoint Central versions before\u00a011.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ManageEngine", + "product": { + "product_data": [ + { + "product_name": "Endpoint Central", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "11.3.2440.09" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/desktop-central/cve-2024-9097.html", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/desktop-central/cve-2024-9097.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Vishnu Das from Temenos" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] }