diff --git a/2023/6xxx/CVE-2023-6388.json b/2023/6xxx/CVE-2023-6388.json index aeaa49184b6..d368e250f2d 100644 --- a/2023/6xxx/CVE-2023-6388.json +++ b/2023/6xxx/CVE-2023-6388.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Suite CRM version 7.14.2 allows making arbitrary HTTP requests through\n\nthe vulnerable server. This is possible because the application is vulnerable\n\nto SSRF.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Suite CRM", + "product": { + "product_data": [ + { + "product_name": "Suite CRM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.14.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/leon/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/leon/" + }, + { + "url": "https://github.com/salesagility/SuiteCRM/", + "refsource": "MISC", + "name": "https://github.com/salesagility/SuiteCRM/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/0xxx/CVE-2024-0849.json b/2024/0xxx/CVE-2024-0849.json index b3537a40500..9bd5afd28f1 100644 --- a/2024/0xxx/CVE-2024-0849.json +++ b/2024/0xxx/CVE-2024-0849.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible\n\nbecause the application is vulnerable to LFR.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Leanote", + "product": { + "product_data": [ + { + "product_name": "Leanote", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/leanote/desktop-app", + "refsource": "MISC", + "name": "https://github.com/leanote/desktop-app" + }, + { + "url": "https://fluidattacks.com/advisories/alesso", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/alesso" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/24xxx/CVE-2024-24810.json b/2024/24xxx/CVE-2024-24810.json index 68b7ac77f4b..026af886956 100644 --- a/2024/24xxx/CVE-2024-24810.json +++ b/2024/24xxx/CVE-2024-24810.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426: Untrusted Search Path", + "cweId": "CWE-426" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wixtoolset", + "product": { + "product_data": [ + { + "product_name": "issues", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 4.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5", + "refsource": "MISC", + "name": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5" + } + ] + }, + "source": { + "advisory": "GHSA-7wh2-wxc7-9ph5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] }