From c0733a3fcf7f01106caffceb4edf851925138272 Mon Sep 17 00:00:00 2001 From: Jonathan Moroney Date: Tue, 22 Jun 2021 10:44:17 -0700 Subject: [PATCH] Add CVE-2021-32644 for GHSA-vqpj-xgw2-r54q --- 2021/32xxx/CVE-2021-32644.json | 82 +++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/2021/32xxx/CVE-2021-32644.json b/2021/32xxx/CVE-2021-32644.json index 3a5e4dd815c..24826b33c36 100644 --- a/2021/32xxx/CVE-2021-32644.json +++ b/2021/32xxx/CVE-2021-32644.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting in Random.php" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ampache", + "version": { + "version_data": [ + { + "version_value": ">= 4.0.0, < 4.4.3" + } + ] + } + } + ] + }, + "vendor_name": "ampache" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ampache/ampache/security/advisories/GHSA-vqpj-xgw2-r54q", + "refsource": "CONFIRM", + "url": "https://github.com/ampache/ampache/security/advisories/GHSA-vqpj-xgw2-r54q" + }, + { + "name": "https://github.com/ampache/ampache/commit/c9453841e1b517a1660c3da1efd1fe5d623c93a5", + "refsource": "MISC", + "url": "https://github.com/ampache/ampache/commit/c9453841e1b517a1660c3da1efd1fe5d623c93a5" + } + ] + }, + "source": { + "advisory": "GHSA-vqpj-xgw2-r54q", + "discovery": "UNKNOWN" } } \ No newline at end of file