admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-12 08:01:44 +00:00
parent 2be3dae28b
commit bd51ae3aee
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 106 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2022/1xxx/CVE-2022-1680.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

166
2022/1xxx/CVE-2022-1681.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1681",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "requarks/wiki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.5.281"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1681",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "requarks/wiki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.5.281"
}
]
}
}
]
},
"vendor_name": "requarks"
}
}
]
},
"vendor_name": "requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"name": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c",
"refsource": "MISC",
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
]
},
"source": {
"advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"name": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c",
"refsource": "MISC",
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
]
},
"source": {
"advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
"discovery": "EXTERNAL"
}
}

9
2022/29xxx/CVE-2022-29885.json
View File

@ -58,7 +58,7 @@
"description_data": [
{
"lang": "eng",
"value": "The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. "
"value": "The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks."
}
]
},
@ -85,12 +85,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv",
"name": "https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}