ZDI assigns the following 2022 CVEs:

M 2022/41xxx/CVE-2022-41141.json M 2022/41xxx/CVE-2022-41142.json
2025-06-10 02:04:31 +00:00 · 2023-01-26 12:49:53 -06:00 · 2023-01-26 12:49:53 -06:00 · c1f569d18a
commit c1f569d18a
parent a0bc092c0d
2 changed files with 136 additions and 32 deletions
--- a/2022/41xxx/CVE-2022-41141.json
+++ b/2022/41xxx/CVE-2022-41141.json
@ -1,18 +1,70 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41141",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
+  "CVE_data_meta": {
+    "ASSIGNER": "zdi-disclosures@trendmicro.com",
+    "ID": "CVE-2022-41141",
+    "STATE": "PUBLIC"
+  },
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Windscribe",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_value": "2.3 Build 16"
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          "vendor_name": "Windscribe"
+        }
+      ]
    }
-}
+  },
+  "credit": "Xavier DANEST",
+  "data_format": "MITRE",
+  "data_type": "CVE",
+  "data_version": "4.0",
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859."
+      }
+    ]
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "CWE-427: Uncontrolled Search Path Element"
+          }
+        ]
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1300/"
+      },
+      {
+        "url": "https://windscribe.com/changelog/windows"
+      }
+    ]
+  },
+  "impact": {
+    "cvss": {
+      "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+      "version": "3.0"
+    }
+  }
+}
--- a/2022/41xxx/CVE-2022-41142.json
+++ b/2022/41xxx/CVE-2022-41142.json
@ -1,18 +1,70 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41142",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
+  "CVE_data_meta": {
+    "ASSIGNER": "zdi-disclosures@trendmicro.com",
+    "ID": "CVE-2022-41142",
+    "STATE": "PUBLIC"
+  },
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Centreon",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_value": "22.04.2"
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          "vendor_name": "Centreon"
+        }
+      ]
    }
-}
+  },
+  "credit": "Anonymous",
+  "data_format": "MITRE",
+  "data_type": "CVE",
+  "data_version": "4.0",
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304."
+      }
+    ]
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
+          }
+        ]
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1326/"
+      },
+      {
+        "url": "https://github.com/centreon/centreon/security/policy"
+      }
+    ]
+  },
+  "impact": {
+    "cvss": {
+      "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+      "version": "3.0"
+    }
+  }
+}