admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-02 09:00:36 +00:00
parent fb3a410313
commit b859aea40c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
29 changed files with 2114 additions and 1692 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2022/0xxx/CVE-2022-0121.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0121",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in hoppscotch/hoppscotch"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hoppscotch",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "hoppscotch"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor"
"url": "https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae7332a68ee",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae7332a68ee"
},
{
"url": "https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e143ea5bb0c7b309574127cc39d4faa74",
"refsource": "MISC",
"name": "https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e143ea5bb0c7b309574127cc39d4faa74"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "b70a6191-8226-4ac6-b817-cae7332a68ee",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae7332a68ee",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b70a6191-8226-4ac6-b817-cae7332a68ee"
},
{
"name": "https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e143ea5bb0c7b309574127cc39d4faa74",
"refsource": "MISC",
"url": "https://github.com/hoppscotch/hoppscotch/commit/86ef1a4e143ea5bb0c7b309574127cc39d4faa74"
}
]
},
"source": {
"advisory": "b70a6191-8226-4ac6-b817-cae7332a68ee",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0174.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0174",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in dolibarr/dolibarr"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1284 Improper Validation of Specified Quantity in Input",
"cweId": "CWE-1284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dolibarr",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "develop"
}
]
}
}
]
},
"vendor_name": "dolibarr"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "dolibarr is vulnerable to Business Logic Errors"
"url": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db"
},
{
"url": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32",
"refsource": "MISC",
"name": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ed3ed4ce-3968-433c-a350-351c8f8b60db",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db"
},
{
"name": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32",
"refsource": "MISC",
"url": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32"
}
]
},
"source": {
"advisory": "ed3ed4ce-3968-433c-a350-351c8f8b60db",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0178.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0178",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in snipe/snipe-it"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "snipe",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "5.3.8"
}
]
}
}
]
},
"vendor_name": "snipe"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "snipe-it is vulnerable to Improper Access Control"
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0",
"refsource": "MISC",
"name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
]
},
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0282.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0282",
"STATE": "PUBLIC",
"TITLE": " Code Injection in microweber/microweber"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "microweber",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.2.11"
}
]
}
}
]
},
"vendor_name": "microweber"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Code Injection in Packagist microweber/microweber prior to 1.2.11."
"url": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd"
},
{
"url": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a",
"refsource": "MISC",
"name": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "8815b642-bd9b-4737-951b-bde7319faedd",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
@ -52,38 +87,9 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8815b642-bd9b-4737-951b-bde7319faedd"
},
{
"name": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/51b5a4e3ef01e587797c0109159a8ad9d2bac77a"
}
]
},
"source": {
"advisory": "8815b642-bd9b-4737-951b-bde7319faedd",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0338.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0338",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in delgan/loguru"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "delgan",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.5.3"
}
]
}
}
]
},
"vendor_name": "delgan"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Conda loguru prior to 0.5.3."
"url": "https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0"
},
{
"url": "https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa",
"refsource": "MISC",
"name": "https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "359bea50-2bc6-426a-b2f9-175d401b1ed0",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0"
},
{
"name": "https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa",
"refsource": "MISC",
"url": "https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa"
}
]
},
"source": {
"advisory": "359bea50-2bc6-426a-b2f9-175d401b1ed0",
"discovery": "EXTERNAL"
}
}

104
2022/0xxx/CVE-2022-0355.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0355",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in feross/simple-get"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"cweId": "CWE-212"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "feross",
"product": {
"product_data": [
{
@ -17,31 +41,47 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "4.0.1"
}
]
}
}
]
},
"vendor_name": "feross"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1."
"url": "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31"
},
{
"url": "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f",
"refsource": "MISC",
"name": "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f"
},
{
"url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "42c79c23-6646-46c4-871d-219c0d4b4e31",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
@ -52,43 +92,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4e31"
},
{
"name": "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f",
"refsource": "MISC",
"url": "https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f"
},
{
"refsource": "MISC",
"name": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv",
"url": "https://github.com/advisories/GHSA-wpg7-2c88-r8xv"
}
]
},
"source": {
"advisory": "42c79c23-6646-46c4-871d-219c0d4b4e31",
"discovery": "EXTERNAL"
}
}

96
2022/0xxx/CVE-2022-0536.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0536",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"cweId": "CWE-212"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "follow-redirects",
"product": {
"product_data": [
{
@ -17,33 +41,44 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.14.8"
}
]
}
}
]
},
"vendor_name": "follow-redirects"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8."
"url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db"
},
{
"url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445",
"refsource": "MISC",
"name": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "7cf2bf90-52da-4d59-8028-a73b132de0db",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db"
},
{
"name": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445",
"refsource": "MISC",
"url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445"
}
]
},
"source": {
"advisory": "7cf2bf90-52da-4d59-8028-a73b132de0db",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0565.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0565",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pimcore",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "10.3.1"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1."
"url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5"
},
{
"url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245",
"refsource": "MISC",
"name": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "b0b29656-4bbe-41cf-92f6-8579df0b6de5",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5"
},
{
"name": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245"
}
]
},
"source": {
"advisory": "b0b29656-4bbe-41cf-92f6-8579df0b6de5",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0569.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0569",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Observable Discrepancy",
"cweId": "CWE-203"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "snipe",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "v5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9."
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
"refsource": "MISC",
"name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,38 +87,9 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
]
},
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0579.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0579",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "snipe",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9."
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1",
"refsource": "MISC",
"name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
]
},
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
}
}

104
2022/0xxx/CVE-2022-0580.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0580",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in librenms/librenms"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
@ -17,31 +41,47 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "22.2.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Improper Access Control in Packagist librenms/librenms prior to 22.2.0."
"url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3"
},
{
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "2494106c-7703-4558-bb1f-1eae59d264e3",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,43 +92,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3"
},
{
"name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"source": {
"advisory": "2494106c-7703-4558-bb1f-1eae59d264e3",
"discovery": "EXTERNAL"
}
}

104
2022/0xxx/CVE-2022-0588.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0588",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in librenms/librenms"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Authorization in Packagist librenms/librenms prior to 22.2.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "librenms",
"product": {
"product_data": [
{
@ -17,31 +41,47 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "22.2.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist librenms/librenms prior to 22.2.0."
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d"
},
{
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "caab3310-0d70-4c8a-8768-956f8dd3326d",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,43 +92,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"name": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d"
},
{
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"source": {
"advisory": "caab3310-0d70-4c8a-8768-956f8dd3326d",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0611.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0611",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "snipe",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11."
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439",
"refsource": "MISC",
"name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
]
},
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
}
}

94
2022/0xxx/CVE-2022-0762.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0762",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in microweber/microweber"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "microweber",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository microweber/microweber prior to 1.3."
"url": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48"
},
{
"url": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3",
"refsource": "MISC",
"name": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "125b5244-5099-485e-bf75-e5f1ed80dd48",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48"
},
{
"name": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3"
}
]
},
"source": {
"advisory": "125b5244-5099-485e-bf75-e5f1ed80dd48",
"discovery": "EXTERNAL"
}
}

94
2022/1xxx/CVE-2022-1223.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1223",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in phpipam/phpipam"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "phpipam",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.4.6"
}
]
}
}
]
},
"vendor_name": "phpipam"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6."
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953",
"refsource": "MISC",
"name": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
},
{
"url": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "baec4c23-2466-4b13-b3c0-eaf1d000d4ab",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/f6a49fd9f93b7d7e0a4fbf1d35338502eed35953"
},
{
"name": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/baec4c23-2466-4b13-b3c0-eaf1d000d4ab"
}
]
},
"source": {
"advisory": "baec4c23-2466-4b13-b3c0-eaf1d000d4ab",
"discovery": "EXTERNAL"
}
}

94
2022/1xxx/CVE-2022-1252.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1252",
"STATE": "PUBLIC",
"TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in gnuboard/gnuboard5"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gnuboard",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "unspecified",
"version_value": "5.5.5"
}
]
}
}
]
},
"vendor_name": "gnuboard"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents"
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/",
"refsource": "MISC",
"name": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,38 +87,9 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb"
},
{
"name": "https://0g.vc/posts/insecure-cipher-gnuboard5/",
"refsource": "MISC",
"url": "https://0g.vc/posts/insecure-cipher-gnuboard5/"
}
]
},
"source": {
"advisory": "c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb",
"discovery": "EXTERNAL"
}
}

94
2022/1xxx/CVE-2022-1316.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1316",
"STATE": "PUBLIC",
"TITLE": "ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in zerotier/zerotierone"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Improper Access Control",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zerotier",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.8.8"
}
]
}
}
]
},
"vendor_name": "zerotier"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation"
"url": "https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022"
},
{
"url": "https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9",
"refsource": "MISC",
"name": "https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "e7835226-1b20-4546-b256-3f625badb022",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022"
},
{
"name": "https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9",
"refsource": "MISC",
"url": "https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9"
}
]
},
"source": {
"advisory": "e7835226-1b20-4546-b256-3f625badb022",
"discovery": "EXTERNAL"
}
}

133
2022/1xxx/CVE-2022-1650.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1650",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in eventsource/eventsource"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"cweId": "CWE-212"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "eventsource",
"product": {
"product_data": [
{
@ -16,44 +40,73 @@
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "v2.0.0"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v2.0.0",
"versionType": "custom"
},
{
"version_affected": "<",
"version_value": "v2.0.2"
"lessThan": "v2.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"version_affected": "<=",
"version_value": "v1.1.0"
"lessThanOrEqual": "v1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"version_affected": "!",
"version_value": "v1.1.1"
"status": "unaffected",
"version": "v1.1.1"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
},
"vendor_name": "eventsource"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2."
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4",
"refsource": "MISC",
"name": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "dc9e467f-be5d-4945-867d-1044d27e9b8e",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -64,43 +117,9 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e"
},
{
"name": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4",
"refsource": "MISC",
"url": "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221211 [SECURITY] [DLA 3235-1] node-eventsource security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html"
}
]
},
"source": {
"advisory": "dc9e467f-be5d-4945-867d-1044d27e9b8e",
"discovery": "EXTERNAL"
}
}

94
2022/1xxx/CVE-2022-1893.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1893",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in polonel/trudesk"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"cweId": "CWE-212"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "polonel",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "polonel"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3."
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263",
"refsource": "MISC",
"name": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a1cfe61b-5248-4a73-9a80-0b764edc9b26"
},
{
"name": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263",
"refsource": "MISC",
"url": "https://github.com/polonel/trudesk/commit/ae904d37eaa38bffebfbfe8e949c0385c63e3263"
}
]
},
"source": {
"advisory": "a1cfe61b-5248-4a73-9a80-0b764edc9b26",
"discovery": "EXTERNAL"
}
}

94
2022/2xxx/CVE-2022-2054.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2054",
"STATE": "PUBLIC",
"TITLE": "Command Injection in nuitka/nuitka"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Injection in GitHub repository nuitka/nuitka prior to 0.9.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nuitka",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.9"
}
]
}
}
]
},
"vendor_name": "nuitka"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Command Injection in GitHub repository nuitka/nuitka prior to 0.9."
"url": "https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7"
},
{
"url": "https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad",
"refsource": "MISC",
"name": "https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ea4a842c-c48c-4aae-a599-3305125c63a7",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
@ -52,38 +87,9 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7"
},
{
"name": "https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad",
"refsource": "MISC",
"url": "https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad"
}
]
},
"source": {
"advisory": "ea4a842c-c48c-4aae-a599-3305125c63a7",
"discovery": "EXTERNAL"
}
}

94
2022/2xxx/CVE-2022-2732.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2732",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in openemr/openemr"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openemr",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "7.0.0.1"
}
]
}
}
]
},
"vendor_name": "openemr"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1."
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6",
"refsource": "MISC",
"name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
},
{
"url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6",
"refsource": "MISC",
"url": "https://github.com/openemr/openemr/commit/2973592bc7b1f4996738a6fd27d1e277e33676b6"
},
{
"name": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8773e0d1-5f1a-4e87-8998-f5ec45f6d533"
}
]
},
"source": {
"advisory": "8773e0d1-5f1a-4e87-8998-f5ec45f6d533",
"discovery": "EXTERNAL"
}
}

94
2022/2xxx/CVE-2022-2818.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2818",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Primary Weakness in cockpit-hq/cockpit"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"cweId": "CWE-212"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cockpit-hq",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2.2.2"
}
]
}
}
]
},
"vendor_name": "cockpit-hq"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2."
"url": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491"
},
{
"url": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4",
"refsource": "MISC",
"name": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ee27e5df-516b-4cf4-9f28-346d907b5491",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
@ -52,38 +87,9 @@
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ee27e5df-516b-4cf4-9f28-346d907b5491"
},
{
"name": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4",
"refsource": "MISC",
"url": "https://github.com/cockpit-hq/cockpit/commit/4bee1b903ee20818f4a8ecb9d974b9536cc54cb4"
}
]
},
"source": {
"advisory": "ee27e5df-516b-4cf4-9f28-346d907b5491",
"discovery": "EXTERNAL"
}
}

94
2022/3xxx/CVE-2022-3225.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3225",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in budibase/budibase"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"cweId": "CWE-913"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "budibase",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "1.3.20"
}
]
}
}
]
},
"vendor_name": "budibase"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20."
"url": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245"
},
{
"url": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df",
"refsource": "MISC",
"name": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "a13a56b7-04da-4560-b8ec-0d637d12a245",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245"
},
{
"name": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df",
"refsource": "MISC",
"url": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df"
}
]
},
"source": {
"advisory": "a13a56b7-04da-4560-b8ec-0d637d12a245",
"discovery": "EXTERNAL"
}
}

94
2022/3xxx/CVE-2022-3423.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3423",
"STATE": "PUBLIC",
"TITLE": "Denial of Service in nocodb/nocodb"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nocodb",
"product": {
"product_data": [
{
@ -17,31 +41,42 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.92.0"
}
]
}
}
]
},
"vendor_name": "nocodb"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0."
"url": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95",
"refsource": "MISC",
"name": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95"
},
{
"url": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "94639d8e-8301-4432-ab80-e76e1346e631",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
@ -52,38 +87,9 @@
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95",
"refsource": "MISC",
"url": "https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95"
},
{
"name": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631"
}
]
},
"source": {
"advisory": "94639d8e-8301-4432-ab80-e76e1346e631",
"discovery": "EXTERNAL"
}
}

100
2023/2xxx/CVE-2023-2022.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "16.0.8"
},
{
"version_affected": "<",
"version_name": "16.1.0",
"version_value": "16.1.3"
},
{
"version_affected": "<",
"version_name": "16.2.0",
"version_value": "16.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407166",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/407166"
},
{
"url": "https://hackerone.com/reports/1936572",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1936572"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

100
2023/3xxx/CVE-2023-3401.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "16.0.8"
},
{
"version_affected": "<",
"version_name": "16.1.0",
"version_value": "16.1.3"
},
{
"version_affected": "<",
"version_name": "16.2.0",
"version_value": "16.2.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416252",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/416252"
},
{
"url": "https://hackerone.com/reports/2031845",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2031845"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [st4nly0n](https://hackerone.com/st4nly0n) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
]
}

41
2023/3xxx/CVE-2023-3568.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation in GitHub repository fossbilling/fossbilling prior to 0.5.4."
"value": "Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n"
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
@ -32,17 +32,17 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "fossbilling",
"vendor_name": "alextselegidis",
"product": {
"product_data": [
{
"product_name": "fossbilling/fossbilling",
"product_name": "alextselegidis/easyappointments",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "0.5.4"
"version_value": "1.5.0"
}
]
}
@ -56,36 +56,39 @@
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/f3782eb1-049b-4998-aac4-d9798ec1c123",
"url": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/f3782eb1-049b-4998-aac4-d9798ec1c123"
"name": "https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/f6348643d230a13427d8ab9213463dadbb68818f",
"url": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64",
"refsource": "MISC",
"name": "https://github.com/fossbilling/fossbilling/commit/f6348643d230a13427d8ab9213463dadbb68818f"
"name": "https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "f3782eb1-049b-4998-aac4-d9798ec1c123",
"advisory": "e8d530db-a6a7-4f79-a95d-b77654cc04f8",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

17
2023/3xxx/CVE-2023-3700.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0."
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n"
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"cweId": "CWE-639"
}
]
}
@ -67,6 +67,9 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "e8d530db-a6a7-4f79-a95d-b77654cc04f8",
"discovery": "EXTERNAL"
@ -74,18 +77,18 @@
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

83
2023/4xxx/CVE-2023-4067.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4067",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "magepeopleteam",
"product": {
"product_data": [
{
"product_name": "Bus Ticket Booking with Seat Reservation",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2945247%40bus-ticket-booking-with-seat-reservation&new=2945247%40bus-ticket-booking-with-seat-reservation&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2945247%40bus-ticket-booking-with-seat-reservation&new=2945247%40bus-ticket-booking-with-seat-reservation&sfp_email=&sfph_mail="
}
]
},
"credits": [
{
"lang": "en",
"value": "Vincenzo Turturro"
},
{
"lang": "en",
"value": "Gianluca Parisi"
},
{
"lang": "en",
"value": "Vincenzo Cantatore"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}