admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2018-13403 CVE-2018-13404 CVE-2018-20232

Browse Source
This commit is contained in:
David Black 2019-02-07 14:34:23 +11:00
parent 4135d5d7ae
commit b8621f447c
3 changed files with 245 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2018/13xxx/CVE-2018-13403.json
View File

@ -1,17 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13403",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-18T00:00:00",
"ID": "CVE-2018-13403",
"STATE": "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_value": "7.6.10",
"version_affected": "<"
},
{
"version_value": "7.7.0",
"version_affected": ">="
},
{
"version_value": "7.12.4",
"version_affected": "<"
},
{
"version_value": "7.13.0",
"version_affected": ">="
},
{
"version_value": "7.13.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68526"
}
]
}

122
2018/13xxx/CVE-2018-13404.json
View File

@ -1,17 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13404",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-18T00:00:00",
"ID": "CVE-2018-13404",
"STATE": "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_value": "7.6.10",
"version_affected": "<"
},
{
"version_value": "7.7.0",
"version_affected": ">="
},
{
"version_value": "7.7.5",
"version_affected": "<"
},
{
"version_value": "7.8.0",
"version_affected": ">="
},
{
"version_value": "7.8.5",
"version_affected": "<"
},
{
"version_value": "7.9.0",
"version_affected": ">="
},
{
"version_value": "7.9.3",
"version_affected": "<"
},
{
"version_value": "7.10.0",
"version_affected": ">="
},
{
"version_value": "7.10.3",
"version_affected": "<"
},
{
"version_value": "7.11.0",
"version_affected": ">="
},
{
"version_value": "7.11.3",
"version_affected": "<"
},
{
"version_value": "7.12.0",
"version_affected": ">="
},
{
"version_value": "7.12.3",
"version_affected": "<"
},
{
"version_value": "7.13.0",
"version_affected": ">="
},
{
"version_value": "7.13.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68527"
}
]
}

74
2018/20xxx/CVE-2018-20232.json
View File

@ -1,17 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20232",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-25T00:00:00",
"ID": "CVE-2018-20232",
"STATE": "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_value": "7.6.11",
"version_affected": "<"
},
{
"version_value": "7.7.0",
"version_affected": ">"
},
{
"version_value": "7.13.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-68614"
}
]
}