From c0752119d211ba9cc4130861133263ff912c4102 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 27 Jun 2023 15:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/4xxx/CVE-2017-4947.json | 109 ++++++++++++++++-------------- 2021/37xxx/CVE-2021-37404.json | 119 ++++++++++++++++----------------- 2023/2xxx/CVE-2023-2818.json | 79 ++++++++++++++++++++-- 2023/35xxx/CVE-2023-35998.json | 79 ++++++++++++++++++++-- 2023/36xxx/CVE-2023-36000.json | 79 ++++++++++++++++++++-- 2023/36xxx/CVE-2023-36002.json | 79 ++++++++++++++++++++-- 2023/3xxx/CVE-2023-3405.json | 108 ++++++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3431.json | 92 +++++++++++++++++++++++++ 2023/3xxx/CVE-2023-3432.json | 92 +++++++++++++++++++++++++ 9 files changed, 705 insertions(+), 131 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3431.json create mode 100644 2023/3xxx/CVE-2023-3432.json diff --git a/2017/4xxx/CVE-2017-4947.json b/2017/4xxx/CVE-2017-4947.json index 69b0935f269..373b1ed3df8 100644 --- a/2017/4xxx/CVE-2017-4947.json +++ b/2017/4xxx/CVE-2017-4947.json @@ -1,51 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "security@vmware.com", - "DATE_PUBLIC": "2018-01-26T00:00:00", "ID": "CVE-2017-4947", + "ASSIGNER": "security@vmware.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "vRealize Automation", - "version": { - "version_data": [ - { - "version_value": "7.3 and 7.2" - } - ] - } - }, - { - "product_name": "vSphere Integrated Containers", - "version": { - "version_data": [ - { - "version_value": "1.x before 1.3" - } - ] - } - } - ] - }, - "vendor_name": "VMware" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance." + "value": "VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.\n\n" } ] }, @@ -61,28 +27,69 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "vRealize Automation", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.3 and 7.2" + } + ] + } + }, + { + "product_name": "vSphere Integrated Containers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.x before 1.3" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "name": "102852", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/102852" + "url": "http://www.securityfocus.com/bid/102852", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/102852" }, { - "name": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html", - "refsource": "CONFIRM", - "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html" + "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html" }, { - "name": "1040289", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1040289" + "url": "http://www.securitytracker.com/id/1040289", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1040289" }, { - "name": "1040290", - "refsource": "SECTRACK", - "url": "http://www.securitytracker.com/id/1040290" + "url": "http://www.securitytracker.com/id/1040290", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1040290" } ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37404.json b/2021/37xxx/CVE-2021-37404.json index 592a18f4455..5a67aa3e2f6 100644 --- a/2021/37xxx/CVE-2021-37404.json +++ b/2021/37xxx/CVE-2021-37404.json @@ -1,51 +1,12 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@apache.org", - "ID": "CVE-2021-37404", - "STATE": "PUBLIC", - "TITLE": "Heap buffer overflow in libhdfs native library" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Apache Hadoop", - "version": { - "version_data": [ - { - "version_value": "2.9.0 to 2.10.1" - }, - { - "version_value": "3.0.0 to 3.1.4" - }, - { - "version_value": " 3.2.0 to 3.2.2" - }, - { - "version_value": "3.3.0 to 3.3.1" - } - ] - } - } - ] - }, - "vendor_name": "Apache Software Foundation" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "This issue was discovered by Igor Chervatyuk." - } - ], - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-37404", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { @@ -54,41 +15,79 @@ } ] }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": [ - { - "other": "important" - } - ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-131 Incorrect Calculation of Buffer Size" + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.9.0 to 2.10.1" + }, + { + "version_affected": "=", + "version_value": "3.0.0 to 3.1.4" + }, + { + "version_affected": "=", + "version_value": " 3.2.0 to 3.2.2" + }, + { + "version_affected": "=", + "version_value": "3.3.0 to 3.3.1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo", + "refsource": "MISC", "name": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220715-0007/", - "url": "https://security.netapp.com/advisory/ntap-20220715-0007/" + "url": "https://security.netapp.com/advisory/ntap-20220715-0007/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20220715-0007/" } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, "source": { "discovery": "UNKNOWN" - } + }, + "credits": [ + { + "lang": "en", + "value": "This issue was discovered by Igor Chervatyuk." + } + ] } \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2818.json b/2023/2xxx/CVE-2023-2818.json index d162b676c77..d85f7d7945e 100644 --- a/2023/2xxx/CVE-2023-2818.json +++ b/2023/2xxx/CVE-2023-2818.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2818", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@proofpoint.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-281 Improper Preservation of Permissions", + "cweId": "CWE-281" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Proofpoint", + "product": { + "product_data": [ + { + "product_name": "Insider Threat Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "7.14.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005", + "refsource": "MISC", + "name": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/35xxx/CVE-2023-35998.json b/2023/35xxx/CVE-2023-35998.json index d63d8998dbe..bfce377ed26 100644 --- a/2023/35xxx/CVE-2023-35998.json +++ b/2023/35xxx/CVE-2023-35998.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@proofpoint.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Proofpoint", + "product": { + "product_data": [ + { + "product_name": "Insider Threat Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "7.14.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005", + "refsource": "MISC", + "name": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36000.json b/2023/36xxx/CVE-2023-36000.json index c871f9aaddc..af61f7af161 100644 --- a/2023/36xxx/CVE-2023-36000.json +++ b/2023/36xxx/CVE-2023-36000.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@proofpoint.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Proofpoint", + "product": { + "product_data": [ + { + "product_name": "Insider Threat Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "7.14.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005", + "refsource": "MISC", + "name": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36002.json b/2023/36xxx/CVE-2023-36002.json index 7d7bcab702a..5eb09a4d911 100644 --- a/2023/36xxx/CVE-2023-36002.json +++ b/2023/36xxx/CVE-2023-36002.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@proofpoint.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Proofpoint", + "product": { + "product_data": [ + { + "product_name": "Insider Threat Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "7.14.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005", + "refsource": "MISC", + "name": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3405.json b/2023/3xxx/CVE-2023-3405.json index ff09a677551..f900e8dcea4 100644 --- a/2023/3xxx/CVE-2023-3405.json +++ b/2023/3xxx/CVE-2023-3405.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@m-files.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-248 Uncaught Exception", + "cweId": "CWE-248" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "M-Files", + "product": { + "product_data": [ + { + "product_name": "M-Files Server", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "23.6.12695.3", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "status": "unaffected", + "version": "23.2.12340.11" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405", + "refsource": "MISC", + "name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "167238" + ], + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to patched version" + } + ], + "value": "Update to patched version" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3431.json b/2023/3xxx/CVE-2023-3431.json new file mode 100644 index 00000000000..7f325abc520 --- /dev/null +++ b/2023/3xxx/CVE-2023-3431.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3431", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "plantuml", + "product": { + "product_data": [ + { + "product_name": "plantuml/plantuml", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "1.2023.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c" + }, + { + "url": "https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e", + "refsource": "MISC", + "name": "https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e" + } + ] + }, + "source": { + "advisory": "fa741f95-b53c-4ed7-b157-e32c5145164c", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3432.json b/2023/3xxx/CVE-2023-3432.json new file mode 100644 index 00000000000..016da6fce1e --- /dev/null +++ b/2023/3xxx/CVE-2023-3432.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3432", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "plantuml", + "product": { + "product_data": [ + { + "product_name": "plantuml/plantuml", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "1.2023.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51" + }, + { + "url": "https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797", + "refsource": "MISC", + "name": "https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797" + } + ] + }, + "source": { + "advisory": "8ac3316f-431c-468d-87e4-3dafff2ecf51", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 7.2, + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file