"-Synchronized-Data."

2025-05-07 11:06:39 +00:00 · 2021-03-16 22:00:50 +00:00 · 2021-03-16 22:00:50 +00:00 · c2b6315be6
commit c2b6315be6
parent 0a01209f77
6 changed files with 129 additions and 31 deletions
--- a/2019/3xxx/CVE-2019-3853.json
+++ b/2019/3xxx/CVE-2019-3853.json
@ -1,17 +1,17 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3853",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3853",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "REJECT"
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
            }
        ]
    }
--- a/2019/3xxx/CVE-2019-3897.json
+++ b/2019/3xxx/CVE-2019-3897.json
@ -1,17 +1,61 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3897",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3897",
+        "ASSIGNER": "secalert@redhat.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "redhat-certification",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "As shipped with Red Hat Certification 6 and 7"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-552"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1593768",
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593768"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue."
            }
        ]
    }
--- a/2019/3xxx/CVE-2019-3898.json
+++ b/2019/3xxx/CVE-2019-3898.json
@ -1,17 +1,17 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3898",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3898",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "REJECT"
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
            }
        ]
    }
--- a/2019/3xxx/CVE-2019-3903.json
+++ b/2019/3xxx/CVE-2019-3903.json
@ -1,17 +1,17 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3903",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3903",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "REJECT"
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
            }
        ]
    }
--- a/2020/26xxx/CVE-2020-26238.json
+++ b/2020/26xxx/CVE-2020-26238.json
@ -83,6 +83,16 @@
                "name": "https://github.com/jmrozanec/cron-utils/commit/4cf373f7352f5d95f0bf6512af8af326b31c835e",
                "refsource": "MISC",
                "url": "https://github.com/jmrozanec/cron-utils/commit/4cf373f7352f5d95f0bf6512af8af326b31c835e"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[hive-issues] 20210316 [jira] [Assigned] (HIVE-24890) Upgrade to cron-utils 9.1.3 due to CVE-2020-26238",
+                "url": "https://lists.apache.org/thread.html/r96937fc9c82f3201b59311c067e97bce71123944f93102169a95bf5c@%3Cissues.hive.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[hive-dev] 20210316 [jira] [Created] (HIVE-24890) Upgrade to cron-utils 9.1.3 due to CVE-2020-26238",
+                "url": "https://lists.apache.org/thread.html/r5f601d15292e3302ad0ae0e89527029546945b1cd5837af7e838d354@%3Cdev.hive.apache.org%3E"
            }
        ]
    },
--- a/2021/3xxx/CVE-2021-3344.json
+++ b/2021/3xxx/CVE-2021-3344.json
@ -4,14 +4,58 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2021-3344",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "secalert@redhat.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "openshift/builder",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "before github.com/openshift/builder v0.0.0-20210125201112-7901cb396121"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-522"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1921450",
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921450"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside the build context are automatically mounted into the container image under construction. An OpenShift user, able to execute code during build time inside this container can re-use the credentials to overwrite arbitrary container images in internal registries and/or escalate their privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This affects github.com/openshift/builder v0.0.0-20210125201112-7901cb396121 and before."
            }
        ]
    }