From bae88dd4cf8f10fee8575694749deb461b2fd058 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 28 May 2025 21:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13484.json | 152 +++++++++++++++++++++++++++++++++ 2025/27xxx/CVE-2025-27702.json | 60 ++++++++++++- 2025/27xxx/CVE-2025-27703.json | 60 ++++++++++++- 2025/35xxx/CVE-2025-35939.json | 12 ++- 4 files changed, 275 insertions(+), 9 deletions(-) diff --git a/2024/13xxx/CVE-2024-13484.json b/2024/13xxx/CVE-2024-13484.json index 6c45f5371e0..47bfc93084a 100644 --- a/2024/13xxx/CVE-2024-13484.json +++ b/2024/13xxx/CVE-2024-13484.json @@ -35,6 +35,153 @@ "vendor_name": "Red Hat", "product": { "product_data": [ + { + "product_name": "Red Hat OpenShift GitOps 1.14", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "v1.14.4-1", + "lessThan": "*", + "versionType": "rpm", + "status": "unaffected" + } + ], + "defaultStatus": "affected" + } + } + ] + } + }, { "product_name": "Red Hat OpenShift GitOps 1.15", "version": { @@ -195,6 +342,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2025:7753" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:8274", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2025:8274" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-13484", "refsource": "MISC", diff --git a/2025/27xxx/CVE-2025-27702.json b/2025/27xxx/CVE-2025-27702.json index d09e973aefc..9d8209a4e24 100644 --- a/2025/27xxx/CVE-2025-27702.json +++ b/2025/27xxx/CVE-2025-27702.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securityresponse@absolute.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE-2025-27702 is a vulnerability in the management console of Absolute \nSecure Access prior to version 13.54. Attackers with administrative \naccess to the console and who have been assigned a certain set of \npermissions can bypass those permissions to improperly modify settings. \nThe attack complexity is low, there are no preexisting attack \nrequirements; the privileges required are high, and there is no user \ninteraction required. There is no impact to system confidentiality or \navailability, impact to system integrity is high." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Absolute Security", + "product": { + "product_data": [ + { + "product_name": "Secure Access", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "13.54" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.absolute.com/platform/vulnerability-archive/cve-2025-27702", + "refsource": "MISC", + "name": "https://www.absolute.com/platform/vulnerability-archive/cve-2025-27702" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27703.json b/2025/27xxx/CVE-2025-27703.json index ab9d8741b57..5f44eb5edc1 100644 --- a/2025/27xxx/CVE-2025-27703.json +++ b/2025/27xxx/CVE-2025-27703.json @@ -1,18 +1,70 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securityresponse@absolute.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE-2025-27703 is a privilege escalation vulnerability in the management\n console of Absolute Secure Access prior to version 13.54. Attackers \nwith administrative access to a specific subset of privileged features \nin the console can elevate their permissions to access additional \nfeatures in the console. The attack complexity is low, there are no \npreexisting attack requirements; the privileges required are high, and \nthere is no user interaction required. The impact to system \nconfidentiality is low, the impact to system integrity is high and the \nimpact to system availability is low." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Absolute Security", + "product": { + "product_data": [ + { + "product_name": "Secure Access", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "13.54" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.absolute.com/platform/vulnerability-archive/cve-2025-27703", + "refsource": "MISC", + "name": "https://www.absolute.com/platform/vulnerability-archive/cve-2025-27703" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2025/35xxx/CVE-2025-35939.json b/2025/35xxx/CVE-2025-35939.json index b8929f84e17..360f977f4cc 100644 --- a/2025/35xxx/CVE-2025-35939.json +++ b/2025/35xxx/CVE-2025-35939.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at `/var/lib/php/sessions`. Such session files are named `sess_[session_value]`, where `[session_value]` is provided to the client in a `Set-Cookie` response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue." + "value": "Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue." } ] }, @@ -92,6 +92,16 @@ "url": "https://github.com/craftcms/cms/releases/tag/5.7.5", "refsource": "MISC", "name": "https://github.com/craftcms/cms/releases/tag/5.7.5" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2025-35939", + "refsource": "MISC", + "name": "https://www.cve.org/CVERecord?id=CVE-2025-35939" + }, + { + "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json" } ] },