From c170350eb3e49290e53fe2349ce9a8a6319676bc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 8 Nov 2023 00:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/47xxx/CVE-2023-47167.json | 18 ++++++ 2023/47xxx/CVE-2023-47209.json | 18 ++++++ 2023/6xxx/CVE-2023-6001.json | 96 +++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6002.json | 100 +++++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6004.json | 18 ++++++ 5 files changed, 242 insertions(+), 8 deletions(-) create mode 100644 2023/47xxx/CVE-2023-47167.json create mode 100644 2023/47xxx/CVE-2023-47209.json create mode 100644 2023/6xxx/CVE-2023-6004.json diff --git a/2023/47xxx/CVE-2023-47167.json b/2023/47xxx/CVE-2023-47167.json new file mode 100644 index 00000000000..f4c9a9e42d1 --- /dev/null +++ b/2023/47xxx/CVE-2023-47167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/47xxx/CVE-2023-47209.json b/2023/47xxx/CVE-2023-47209.json new file mode 100644 index 00000000000..56f34fe6aab --- /dev/null +++ b/2023/47xxx/CVE-2023-47209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-47209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6001.json b/2023/6xxx/CVE-2023-6001.json index 5ddb780f555..97b00a3c04f 100644 --- a/2023/6xxx/CVE-2023-6001.json +++ b/2023/6xxx/CVE-2023-6001.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6001", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@yugabyte.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prometheus metrics are available without\nauthentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YugabyteDB", + "product": { + "product_data": [ + { + "product_name": "YugabyteDB Anywhere", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.18.3.0", + "status": "affected", + "version": "2.0.0.0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "2.18.4.0" + }, + { + "status": "unaffected", + "version": "2.20.0.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.yugabyte.com/", + "refsource": "MISC", + "name": "https://www.yugabyte.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6002.json b/2023/6xxx/CVE-2023-6002.json index 3e0f537a480..cf520002269 100644 --- a/2023/6xxx/CVE-2023-6002.json +++ b/2023/6xxx/CVE-2023-6002.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@yugabyte.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "YugabyteDB is vulnerable to cross site scripting (XSS) via log injection.\u00a0Writing invalidated user input to log files can allow an attacker to forge log entries or inject malicious content into the logs.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-117: Improper Output Neutralization for Logs", + "cweId": "CWE-117" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "YugabyteDB", + "product": { + "product_data": [ + { + "product_name": "YugabyteDB", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.14.13.0, 2.16.7.0, 2.18.3.0", + "status": "affected", + "version": "2.0.0.0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "2.14.14.0" + }, + { + "status": "unaffected", + "version": "2.16.8.0" + }, + { + "status": "unaffected", + "version": "2.18.4.0" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.yugabyte.com/", + "refsource": "MISC", + "name": "https://www.yugabyte.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6004.json b/2023/6xxx/CVE-2023-6004.json new file mode 100644 index 00000000000..edfc609e35e --- /dev/null +++ b/2023/6xxx/CVE-2023-6004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file