admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-08-27 22:01:34 +00:00
parent 5ae1a38781
commit c08a9d28fd
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 228 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
2020/10xxx/CVE-2020-10518.json
View File

@ -1,91 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10518",
"STATE": "PUBLIC",
"TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.19",
"version_value": "2.19.21"
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10518",
"STATE": "PUBLIC",
"TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.19",
"version_value": "2.19.21"
},
{
"version_affected": "<",
"version_name": "2.20",
"version_value": "2.20.15"
},
{
"version_affected": "<",
"version_name": "2.21",
"version_value": "2.21.6"
}
]
}
}
]
},
{
"version_affected": "<",
"version_name": "2.20",
"version_value": "2.20.15"
},
{
"version_affected": "<",
"version_name": "2.21",
"version_value": "2.21.6"
}
]
"vendor_name": "GitHub"
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "William Bowling"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
},
"credit": [
{
"lang": "eng",
"value": "CWE-77: Command Injection - Generic"
}
"value": "William Bowling"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"refsource": "CONFIRM",
"url": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"refsource": "CONFIRM",
"url": "https://enterprise.github.com/releases/2.21.6/notes"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.19.21/notes",
"name": "https://enterprise.github.com/releases/2.19.21/notes"
},
{
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.20.15/notes",
"name": "https://enterprise.github.com/releases/2.20.15/notes"
},
{
"refsource": "MISC",
"url": "https://enterprise.github.com/releases/2.21.6/notes",
"name": "https://enterprise.github.com/releases/2.21.6/notes"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

59
2020/24xxx/CVE-2020-24714.json
View File

@ -1,18 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://scalyr-static.s3.amazonaws.com/technical-details/index.html",
"refsource": "MISC",
"name": "https://scalyr-static.s3.amazonaws.com/technical-details/index.html"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

59
2020/24xxx/CVE-2020-24715.json
View File

@ -1,18 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24715",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://scalyr-static.s3.amazonaws.com/technical-details/index.html",
"refsource": "MISC",
"name": "https://scalyr-static.s3.amazonaws.com/technical-details/index.html"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

18
2020/24xxx/CVE-2020-24721.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2020/24xxx/CVE-2020-24722.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24722",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}