diff --git a/2022/0xxx/CVE-2022-0121.json b/2022/0xxx/CVE-2022-0121.json index 4e0559c86db..9c62e7f1c33 100644 --- a/2022/0xxx/CVE-2022-0121.json +++ b/2022/0xxx/CVE-2022-0121.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0121", - "STATE": "PUBLIC", - "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in hoppscotch/hoppscotch" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "hoppscotch/hoppscotch", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "2.1.1" - } - ] - } - } - ] - }, - "vendor_name": "hoppscotch" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0121", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae7332a68ee", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae7332a68ee" - }, - { - "name": "https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e143ea5bb0c7b309574127cc39d4faa74", - "refsource": "MISC", - "url": "https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e143ea5bb0c7b309574127cc39d4faa74" - } - ] - }, - "source": { - "advisory": "b70a6191-8226-4ac6-b817-cae7332a68ee", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hoppscotch", + "product": { + "product_data": [ + { + "product_name": "hoppscotch/hoppscotch", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae7332a68ee", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae7332a68ee" + }, + { + "url": "https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e143ea5bb0c7b309574127cc39d4faa74", + "refsource": "MISC", + "name": "https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e143ea5bb0c7b309574127cc39d4faa74" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "b70a6191-8226-4ac6-b817-cae7332a68ee", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0174.json b/2022/0xxx/CVE-2022-0174.json index 97b16e2044b..ffc3d223747 100644 --- a/2022/0xxx/CVE-2022-0174.json +++ b/2022/0xxx/CVE-2022-0174.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0174", - "STATE": "PUBLIC", - "TITLE": "Business Logic Errors in dolibarr/dolibarr" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284 Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "dolibarr", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "develop" } ] } } ] - }, - "vendor_name": "dolibarr" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "dolibarr is vulnerable to Business Logic Errors" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-840 Business Logic Errors" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db" + "url": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db" }, { - "name": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32", + "url": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32", "refsource": "MISC", - "url": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32" + "name": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "ed3ed4ce-3968-433c-a350-351c8f8b60db", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0178.json b/2022/0xxx/CVE-2022-0178.json index 62efb7b7868..94c61251978 100644 --- a/2022/0xxx/CVE-2022-0178.json +++ b/2022/0xxx/CVE-2022-0178.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0178", - "STATE": "PUBLIC", - "TITLE": "Improper Access Control in snipe/snipe-it" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "snipe/snipe-it", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "5.3.8" - } - ] - } - } - ] - }, - "vendor_name": "snipe" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "snipe-it is vulnerable to Improper Access Control" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0178", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368" - }, - { - "name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0", - "refsource": "MISC", - "url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0" - } - ] - }, - "source": { - "advisory": "81c6b974-d0b3-410b-a902-8324a55b1368", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "snipe", + "product": { + "product_data": [ + { + "product_name": "snipe/snipe-it", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "5.3.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368" + }, + { + "url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0", + "refsource": "MISC", + "name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "81c6b974-d0b3-410b-a902-8324a55b1368", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0282.json b/2022/0xxx/CVE-2022-0282.json index 7c3dcb62af7..6b57f037938 100644 --- a/2022/0xxx/CVE-2022-0282.json +++ b/2022/0xxx/CVE-2022-0282.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0282", - "STATE": "PUBLIC", - "TITLE": " Code Injection in microweber/microweber" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "microweber", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "1.2.11" } ] } } ] - }, - "vendor_name": "microweber" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Code Injection in Packagist microweber/microweber prior to 1.2.11." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-94 Improper Control of Generation of Code" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd" + "url": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd" }, { - "name": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a", + "url": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a", "refsource": "MISC", - "url": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a" + "name": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "8815b642-bd9b-4737-951b-bde7319faedd", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0338.json b/2022/0xxx/CVE-2022-0338.json index 873ef3ae2e4..0a259b8dd29 100644 --- a/2022/0xxx/CVE-2022-0338.json +++ b/2022/0xxx/CVE-2022-0338.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0338", - "STATE": "PUBLIC", - "TITLE": "Improper Privilege Management in delgan/loguru" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "delgan/loguru", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "0.5.3" - } - ] - } - } - ] - }, - "vendor_name": "delgan" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Privilege Management in Conda loguru prior to 0.5.3." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269 Improper Privilege Management" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0338", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0" - }, - { - "name": "https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa", - "refsource": "MISC", - "url": "https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa" - } - ] - }, - "source": { - "advisory": "359bea50-2bc6-426a-b2f9-175d401b1ed0", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Insertion of Sensitive Information into Log File", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "delgan", + "product": { + "product_data": [ + { + "product_name": "delgan/loguru", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "0.5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0" + }, + { + "url": "https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa", + "refsource": "MISC", + "name": "https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "359bea50-2bc6-426a-b2f9-175d401b1ed0", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0355.json b/2022/0xxx/CVE-2022-0355.json index 9dc3af82fb5..fc8fb5a7b46 100644 --- a/2022/0xxx/CVE-2022-0355.json +++ b/2022/0xxx/CVE-2022-0355.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0355", - "STATE": "PUBLIC", - "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in feross/simple-get" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", + "cweId": "CWE-212" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "feross", "product": { "product_data": [ { @@ -17,78 +41,60 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "4.0.1" } ] } } ] - }, - "vendor_name": "feross" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31" + "url": "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31" }, { - "name": "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f", + "url": "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f", "refsource": "MISC", - "url": "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f" + "name": "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f" }, { + "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv", "refsource": "MISC", - "name": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv", - "url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv" + "name": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "42c79c23-6646-46c4-871d-219c0d4b4e31", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0536.json b/2022/0xxx/CVE-2022-0536.json index c67ea578b99..3d3d89ed9f5 100644 --- a/2022/0xxx/CVE-2022-0536.json +++ b/2022/0xxx/CVE-2022-0536.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0536", - "STATE": "PUBLIC", - "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "follow-redirects/follow-redirects", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.14.8" - } - ] - } - } - ] - }, - "vendor_name": "follow-redirects" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "ADJACENT", - "availabilityImpact": "NONE", - "baseScore": 2.6, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0536", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db" - }, - { - "name": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445", - "refsource": "MISC", - "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445" - } - ] - }, - "source": { - "advisory": "7cf2bf90-52da-4d59-8028-a73b132de0db", - "discovery": "EXTERNAL" - } -} + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", + "cweId": "CWE-212" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "follow-redirects", + "product": { + "product_data": [ + { + "product_name": "follow-redirects/follow-redirects", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "1.14.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445", + "refsource": "MISC", + "name": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "7cf2bf90-52da-4d59-8028-a73b132de0db", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + ] + } +} \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0565.json b/2022/0xxx/CVE-2022-0565.json index cd53a837eae..1d8809740fe 100644 --- a/2022/0xxx/CVE-2022-0565.json +++ b/2022/0xxx/CVE-2022-0565.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0565", - "STATE": "PUBLIC", - "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "pimcore/pimcore", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "10.3.1" - } - ] - } - } - ] - }, - "vendor_name": "pimcore" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.6, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0565", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5" - }, - { - "name": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245", - "refsource": "MISC", - "url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245" - } - ] - }, - "source": { - "advisory": "b0b29656-4bbe-41cf-92f6-8579df0b6de5", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pimcore", + "product": { + "product_data": [ + { + "product_name": "pimcore/pimcore", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "10.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5" + }, + { + "url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245", + "refsource": "MISC", + "name": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "b0b29656-4bbe-41cf-92f6-8579df0b6de5", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0569.json b/2022/0xxx/CVE-2022-0569.json index dabdeeddd5b..2e58330277f 100644 --- a/2022/0xxx/CVE-2022-0569.json +++ b/2022/0xxx/CVE-2022-0569.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0569", - "STATE": "PUBLIC", - "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "snipe/snipe-it", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "v5.3.9" - } - ] - } - } - ] - }, - "vendor_name": "snipe" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0569", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b" - }, - { - "name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09", - "refsource": "MISC", - "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09" - } - ] - }, - "source": { - "advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-203 Observable Discrepancy", + "cweId": "CWE-203" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "snipe", + "product": { + "product_data": [ + { + "product_name": "snipe/snipe-it", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "v5.3.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b" + }, + { + "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09", + "refsource": "MISC", + "name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0579.json b/2022/0xxx/CVE-2022-0579.json index 8e41ea9080e..1fc49a61463 100644 --- a/2022/0xxx/CVE-2022-0579.json +++ b/2022/0xxx/CVE-2022-0579.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0579", - "STATE": "PUBLIC", - "TITLE": "Improper Privilege Management in snipe/snipe-it" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "snipe/snipe-it", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "5.3.9" - } - ] - } - } - ] - }, - "vendor_name": "snipe" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269 Improper Privilege Management" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0579", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849" - }, - { - "name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1", - "refsource": "MISC", - "url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1" - } - ] - }, - "source": { - "advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "snipe", + "product": { + "product_data": [ + { + "product_name": "snipe/snipe-it", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "5.3.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849" + }, + { + "url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1", + "refsource": "MISC", + "name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0580.json b/2022/0xxx/CVE-2022-0580.json index c1216303633..3ae8e6a4b94 100644 --- a/2022/0xxx/CVE-2022-0580.json +++ b/2022/0xxx/CVE-2022-0580.json @@ -1,94 +1,100 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0580", - "STATE": "PUBLIC", - "TITLE": "Improper Access Control in librenms/librenms" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "librenms/librenms", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "22.2.0" - } - ] - } - } - ] - }, - "vendor_name": "librenms" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Access Control in Packagist librenms/librenms prior to 22.2.0." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0580", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3" - }, - { - "name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7", - "refsource": "MISC", - "url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7" - }, - { - "name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", - "refsource": "MISC", - "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" - } - ] - }, - "source": { - "advisory": "2494106c-7703-4558-bb1f-1eae59d264e3", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "librenms", + "product": { + "product_data": [ + { + "product_name": "librenms/librenms", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "22.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3" + }, + { + "url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7", + "refsource": "MISC", + "name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7" + }, + { + "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", + "refsource": "MISC", + "name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "2494106c-7703-4558-bb1f-1eae59d264e3", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0588.json b/2022/0xxx/CVE-2022-0588.json index aba134bea65..d577a8b6076 100644 --- a/2022/0xxx/CVE-2022-0588.json +++ b/2022/0xxx/CVE-2022-0588.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-0588", - "STATE": "PUBLIC", - "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in librenms/librenms" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing Authorization in Packagist librenms/librenms prior to 22.2.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "librenms", "product": { "product_data": [ { @@ -17,78 +41,60 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "22.2.0" } ] } } ] - }, - "vendor_name": "librenms" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist librenms/librenms prior to 22.2.0." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7", + "url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7", "refsource": "MISC", - "url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7" + "name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7" }, { - "name": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d" + "url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d" }, { - "name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", + "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html", "refsource": "MISC", - "url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" + "name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "caab3310-0d70-4c8a-8768-956f8dd3326d", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0611.json b/2022/0xxx/CVE-2022-0611.json index e48e6e4ac46..96f2e928fe6 100644 --- a/2022/0xxx/CVE-2022-0611.json +++ b/2022/0xxx/CVE-2022-0611.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0611", - "STATE": "PUBLIC", - "TITLE": "Improper Privilege Management in snipe/snipe-it" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "snipe/snipe-it", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "5.3.11" - } - ] - } - } - ] - }, - "vendor_name": "snipe" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269 Improper Privilege Management" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0611", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b" - }, - { - "name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439", - "refsource": "MISC", - "url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439" - } - ] - }, - "source": { - "advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "snipe", + "product": { + "product_data": [ + { + "product_name": "snipe/snipe-it", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "5.3.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b" + }, + { + "url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439", + "refsource": "MISC", + "name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/0xxx/CVE-2022-0762.json b/2022/0xxx/CVE-2022-0762.json index 224aa8f112d..5eb818c5766 100644 --- a/2022/0xxx/CVE-2022-0762.json +++ b/2022/0xxx/CVE-2022-0762.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-0762", - "STATE": "PUBLIC", - "TITLE": "Business Logic Errors in microweber/microweber" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "microweber/microweber", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.3" - } - ] - } - } - ] - }, - "vendor_name": "microweber" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Business Logic Errors in GitHub repository microweber/microweber prior to 1.3." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-840 Business Logic Errors" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-0762", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48" - }, - { - "name": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3", - "refsource": "MISC", - "url": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3" - } - ] - }, - "source": { - "advisory": "125b5244-5099-485e-bf75-e5f1ed80dd48", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "microweber", + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48" + }, + { + "url": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3", + "refsource": "MISC", + "name": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "125b5244-5099-485e-bf75-e5f1ed80dd48", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1223.json b/2022/1xxx/CVE-2022-1223.json index 9f0853b5b63..c8ca7be7458 100644 --- a/2022/1xxx/CVE-2022-1223.json +++ b/2022/1xxx/CVE-2022-1223.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1223", - "STATE": "PUBLIC", - "TITLE": "Improper Access Control in phpipam/phpipam" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "phpipam", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "1.4.6" } ] } } ] - }, - "vendor_name": "phpipam" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", + "url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953", "refsource": "MISC", - "url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953" + "name": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953" }, { - "name": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab" + "url": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "baec4c23-2466-4b13-b3c0-eaf1d000d4ab", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1252.json b/2022/1xxx/CVE-2022-1252.json index be888e0dcde..a2425b02fd6 100644 --- a/2022/1xxx/CVE-2022-1252.json +++ b/2022/1xxx/CVE-2022-1252.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1252", - "STATE": "PUBLIC", - "TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in gnuboard/gnuboard5" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", + "cweId": "CWE-327" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "gnuboard", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<=", + "version_name": "unspecified", "version_value": "5.5.5" } ] } } ] - }, - "vendor_name": "gnuboard" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb" + "url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb" }, { - "name": "https://0g.vc/posts/insecure-cipher-gnuboard5/", + "url": "https://0g.vc/posts/insecure-cipher-gnuboard5/", "refsource": "MISC", - "url": "https://0g.vc/posts/insecure-cipher-gnuboard5/" + "name": "https://0g.vc/posts/insecure-cipher-gnuboard5/" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + ] } -} +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1316.json b/2022/1xxx/CVE-2022-1316.json index 5327c7253d9..9bdacabe724 100644 --- a/2022/1xxx/CVE-2022-1316.json +++ b/2022/1xxx/CVE-2022-1316.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1316", - "STATE": "PUBLIC", - "TITLE": "ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in zerotier/zerotierone" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732 Improper Access Control", + "cweId": "CWE-732" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "zerotier", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "1.8.8" } ] } } ] - }, - "vendor_name": "zerotier" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022" + "url": "https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022" }, { - "name": "https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9", + "url": "https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9", "refsource": "MISC", - "url": "https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9" + "name": "https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "e7835226-1b20-4546-b256-3f625badb022", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1650.json b/2022/1xxx/CVE-2022-1650.json index 3ab123947e5..46af990cd8f 100644 --- a/2022/1xxx/CVE-2022-1650.json +++ b/2022/1xxx/CVE-2022-1650.json @@ -1,106 +1,125 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-1650", - "STATE": "PUBLIC", - "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in eventsource/eventsource" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "eventsource/eventsource", - "version": { - "version_data": [ - { - "version_affected": ">=", - "version_value": "v2.0.0" - }, - { - "version_affected": "<", - "version_value": "v2.0.2" - }, - { - "version_affected": "<=", - "version_value": "v1.1.0" - }, - { - "version_affected": "!", - "version_value": "v1.1.1" - } - ] - } - } - ] - }, - "vendor_name": "eventsource" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-1650", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2." + "value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n" } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", - "version": "3.0" - } - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" + "value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", + "cweId": "CWE-212" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "eventsource", + "product": { + "product_data": [ + { + "product_name": "eventsource/eventsource", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "unspecified", + "status": "affected", + "version": "v2.0.0", + "versionType": "custom" + }, + { + "lessThan": "v2.0.2", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "lessThanOrEqual": "v1.1.0", + "status": "affected", + "version": "unspecified", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "v1.1.1" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e" - }, - { - "name": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4", + "url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", "refsource": "MISC", - "url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4" + "name": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3235-1] node-eventsource security update", - "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html" + "url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4", + "refsource": "MISC", + "name": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "dc9e467f-be5d-4945-867d-1044d27e9b8e", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1893.json b/2022/1xxx/CVE-2022-1893.json index 2aaeb8d2ca6..106ae0c2656 100644 --- a/2022/1xxx/CVE-2022-1893.json +++ b/2022/1xxx/CVE-2022-1893.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-1893", - "STATE": "PUBLIC", - "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in polonel/trudesk" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "polonel/trudesk", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.2.3" - } - ] - } - } - ] - }, - "vendor_name": "polonel" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 4.6, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-1893", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26" - }, - { - "name": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263", - "refsource": "MISC", - "url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263" - } - ] - }, - "source": { - "advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", + "cweId": "CWE-212" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "polonel", + "product": { + "product_data": [ + { + "product_name": "polonel/trudesk", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26" + }, + { + "url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263", + "refsource": "MISC", + "name": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2054.json b/2022/2xxx/CVE-2022-2054.json index 688842f77ef..4a9017330f9 100644 --- a/2022/2xxx/CVE-2022-2054.json +++ b/2022/2xxx/CVE-2022-2054.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2054", - "STATE": "PUBLIC", - "TITLE": "Command Injection in nuitka/nuitka" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Code Injection in GitHub repository nuitka/nuitka prior to 0.9.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-94" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "nuitka", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "0.9" } ] } } ] - }, - "vendor_name": "nuitka" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Command Injection in GitHub repository nuitka/nuitka prior to 0.9." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7" + "url": "https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7" }, { - "name": "https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad", + "url": "https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad", "refsource": "MISC", - "url": "https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad" + "name": "https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "ea4a842c-c48c-4aae-a599-3305125c63a7", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2732.json b/2022/2xxx/CVE-2022-2732.json index 2c1c6e14678..169d2c4706d 100644 --- a/2022/2xxx/CVE-2022-2732.json +++ b/2022/2xxx/CVE-2022-2732.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2732", - "STATE": "PUBLIC", - "TITLE": "Improper Privilege Management in openemr/openemr" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "openemr", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "7.0.0.1" } ] } } ] - }, - "vendor_name": "openemr" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269 Improper Privilege Management" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6", + "url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6", "refsource": "MISC", - "url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6" + "name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6" }, { - "name": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533" + "url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2818.json b/2022/2xxx/CVE-2022-2818.json index 52fa4265fd1..2a7a0e23a97 100644 --- a/2022/2xxx/CVE-2022-2818.json +++ b/2022/2xxx/CVE-2022-2818.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2818", - "STATE": "PUBLIC", - "TITLE": "Authentication Bypass by Primary Weakness in cockpit-hq/cockpit" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", + "cweId": "CWE-212" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "cockpit-hq", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "2.2.2" } ] } } ] - }, - "vendor_name": "cockpit-hq" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-305 Authentication Bypass by Primary Weakness" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491" + "url": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491" }, { - "name": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4", + "url": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4", "refsource": "MISC", - "url": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4" + "name": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "ee27e5df-516b-4cf4-9f28-346d907b5491", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3225.json b/2022/3xxx/CVE-2022-3225.json index 1346db76cd0..c5dad68e611 100644 --- a/2022/3xxx/CVE-2022-3225.json +++ b/2022/3xxx/CVE-2022-3225.json @@ -1,89 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2022-3225", - "STATE": "PUBLIC", - "TITLE": "Improper Access Control in budibase/budibase" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "budibase/budibase", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.3.20" - } - ] - } - } - ] - }, - "vendor_name": "budibase" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-3225", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.\n\n" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245" - }, - { - "name": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df", - "refsource": "MISC", - "url": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df" - } - ] - }, - "source": { - "advisory": "a13a56b7-04da-4560-b8ec-0d637d12a245", - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-913 Improper Control of Dynamically-Managed Code Resources", + "cweId": "CWE-913" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "budibase", + "product": { + "product_data": [ + { + "product_name": "budibase/budibase", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "1.3.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245" + }, + { + "url": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df", + "refsource": "MISC", + "name": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "a13a56b7-04da-4560-b8ec-0d637d12a245", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + ] + } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3423.json b/2022/3xxx/CVE-2022-3423.json index 743fd48fc1d..42f31379a93 100644 --- a/2022/3xxx/CVE-2022-3423.json +++ b/2022/3xxx/CVE-2022-3423.json @@ -1,14 +1,38 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-3423", - "STATE": "PUBLIC", - "TITLE": "Denial of Service in nocodb/nocodb" + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "nocodb", "product": { "product_data": [ { @@ -17,73 +41,55 @@ "version_data": [ { "version_affected": "<", + "version_name": "unspecified", "version_value": "0.92.0" } ] } } ] - }, - "vendor_name": "nocodb" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 7.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400 Uncontrolled Resource Consumption" - } - ] - } - ] - }, "references": { "reference_data": [ { - "name": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95", + "url": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95", "refsource": "MISC", - "url": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95" + "name": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95" }, { - "name": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631" + "url": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "94639d8e-8301-4432-ab80-e76e1346e631", "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2022.json b/2023/2xxx/CVE-2023-2022.json index b71fe5f07ce..8d70e18a0bf 100644 --- a/2023/2xxx/CVE-2023-2022.json +++ b/2023/2xxx/CVE-2023-2022.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "16.0.8" + }, + { + "version_affected": "<", + "version_name": "16.1.0", + "version_value": "16.1.3" + }, + { + "version_affected": "<", + "version_name": "16.2.0", + "version_value": "16.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407166", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/407166" + }, + { + "url": "https://hackerone.com/reports/1936572", + "refsource": "MISC", + "name": "https://hackerone.com/reports/1936572" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/3xxx/CVE-2023-3401.json b/2023/3xxx/CVE-2023-3401.json index a398ab3a981..316a6a7946f 100644 --- a/2023/3xxx/CVE-2023-3401.json +++ b/2023/3xxx/CVE-2023-3401.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "16.0.8" + }, + { + "version_affected": "<", + "version_name": "16.1.0", + "version_value": "16.1.3" + }, + { + "version_affected": "<", + "version_name": "16.2.0", + "version_value": "16.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416252", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/416252" + }, + { + "url": "https://hackerone.com/reports/2031845", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2031845" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [st4nly0n](https://hackerone.com/st4nly0n) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/3xxx/CVE-2023-3568.json b/2023/3xxx/CVE-2023-3568.json index ba2ac6d206e..936a5dbe44c 100644 --- a/2023/3xxx/CVE-2023-3568.json +++ b/2023/3xxx/CVE-2023-3568.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Input Validation in GitHub repository fossbilling/fossbilling prior to 0.5.4." + "value": "Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n" } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-20 Improper Input Validation", - "cweId": "CWE-20" + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "cweId": "CWE-601" } ] } @@ -32,17 +32,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "fossbilling", + "vendor_name": "alextselegidis", "product": { "product_data": [ { - "product_name": "fossbilling/fossbilling", + "product_name": "alextselegidis/easyappointments", "version": { "version_data": [ { "version_affected": "<", "version_name": "unspecified", - "version_value": "0.5.4" + "version_value": "1.5.0" } ] } @@ -56,36 +56,39 @@ "references": { "reference_data": [ { - "url": "https://huntr.dev/bounties/f3782eb1-049b-4998-aac4-d9798ec1c123", + "url": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8", "refsource": "MISC", - "name": "https://huntr.dev/bounties/f3782eb1-049b-4998-aac4-d9798ec1c123" + "name": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8" }, { - "url": "https://github.com/fossbilling/fossbilling/commit/f6348643d230a13427d8ab9213463dadbb68818f", + "url": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64", "refsource": "MISC", - "name": "https://github.com/fossbilling/fossbilling/commit/f6348643d230a13427d8ab9213463dadbb68818f" + "name": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64" } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { - "advisory": "f3782eb1-049b-4998-aac4-d9798ec1c123", + "advisory": "e8d530db-a6a7-4f79-a95d-b77654cc04f8", "discovery": "EXTERNAL" }, "impact": { "cvss": [ { - "version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "baseScore": 4.8, - "baseSeverity": "MEDIUM" + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3700.json b/2023/3xxx/CVE-2023-3700.json index fe0873bd6d1..bc650b0c3df 100644 --- a/2023/3xxx/CVE-2023-3700.json +++ b/2023/3xxx/CVE-2023-3700.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0." + "value": "Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n" } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-284 Improper Access Control", - "cweId": "CWE-284" + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" } ] } @@ -67,6 +67,9 @@ } ] }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, "source": { "advisory": "e8d530db-a6a7-4f79-a95d-b77654cc04f8", "discovery": "EXTERNAL" @@ -74,18 +77,18 @@ "impact": { "cvss": [ { - "version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "baseScore": 6.3, - "baseSeverity": "MEDIUM" + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/4xxx/CVE-2023-4067.json b/2023/4xxx/CVE-2023-4067.json index 175e4fcc6d0..d66b8648d91 100644 --- a/2023/4xxx/CVE-2023-4067.json +++ b/2023/4xxx/CVE-2023-4067.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "magepeopleteam", + "product": { + "product_data": [ + { + "product_name": "Bus Ticket Booking with Seat Reservation", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2945247%40bus-ticket-booking-with-seat-reservation&new=2945247%40bus-ticket-booking-with-seat-reservation&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2945247%40bus-ticket-booking-with-seat-reservation&new=2945247%40bus-ticket-booking-with-seat-reservation&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Vincenzo Turturro" + }, + { + "lang": "en", + "value": "Gianluca Parisi" + }, + { + "lang": "en", + "value": "Vincenzo Cantatore" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] }