From c601bff6027e2eba65371858cd9756e7cf49f3da Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Mon, 11 Jan 2021 09:36:29 +0000 Subject: [PATCH] Add four CVE from 2020 that were in the Mitre RBP list --- 2020/11xxx/CVE-2020-11995.json | 72 +++++++++++++++++++++++++++---- 2020/13xxx/CVE-2020-13922.json | 73 ++++++++++++++++++++++++++++---- 2020/17xxx/CVE-2020-17508.json | 77 ++++++++++++++++++++++++++++++---- 2020/17xxx/CVE-2020-17509.json | 77 ++++++++++++++++++++++++++++++---- 4 files changed, 271 insertions(+), 28 deletions(-) diff --git a/2020/11xxx/CVE-2020-11995.json b/2020/11xxx/CVE-2020-11995.json index 3705894715b..3eba672bcb2 100644 --- a/2020/11xxx/CVE-2020-11995.json +++ b/2020/11xxx/CVE-2020-11995.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2020-11995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache Dubbo default deserialization protocol Hessian2 cause CRE" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Dubbo", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Apache Dubbo", + "version_value": "2.6.9" + }, + { + "version_affected": "<", + "version_name": "Apache Dubbo", + "version_value": "2.7.8" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": {}, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://lists.apache.org/thread.html/r5b2df4ef479209dc4ced457b3d58a887763b60b9354c3dc148b2eb5b%40%3Cdev.dubbo.apache.org%3E" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/13xxx/CVE-2020-13922.json b/2020/13xxx/CVE-2020-13922.json index fb6ed586905..d35a28fa6b8 100644 --- a/2020/13xxx/CVE-2020-13922.json +++ b/2020/13xxx/CVE-2020-13922.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2020-13922", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache DolphinScheduler (incubating) Permission vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache DolphinScheduler", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Apache DolphinScheduler", + "version_value": "1.3.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered by xuxiang of DtDream security" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": {}, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/announce@apache.org/msg06076.html" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/17xxx/CVE-2020-17508.json b/2020/17xxx/CVE-2020-17508.json index 55f27a82a14..160a9466d73 100644 --- a/2020/17xxx/CVE-2020-17508.json +++ b/2020/17xxx/CVE-2020-17508.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2020-17508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache Traffic Server ESI plugin has a memory disclosure vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Apache Traffic Server", + "version_value": "6.2.3" + }, + { + "version_affected": "<", + "version_name": "Apache Traffic Server", + "version_value": "7.1.12" + }, + { + "version_affected": "<", + "version_name": "Apache Traffic Server", + "version_value": "8.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability. If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later.\n" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": {}, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/17xxx/CVE-2020-17509.json b/2020/17xxx/CVE-2020-17509.json index 0b954578e8d..a3b72cc65a7 100644 --- a/2020/17xxx/CVE-2020-17509.json +++ b/2020/17xxx/CVE-2020-17509.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2020-17509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "Apache Traffic Server", + "version_value": "6.2.3" + }, + { + "version_affected": "<", + "version_name": "Apache Traffic Server", + "version_value": "7.1.11" + }, + { + "version_affected": "<", + "version_name": "Apache Traffic Server", + "version_value": "8.0.8" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Traffic Server negative cache option is vulnerable to a cache poisoning attack affecting versions 6.0.0 through 6.2.3, 7.0.0 through 7.1.10, and 8.0.0 through 8.0.7. If you have this option enabled, please upgrade or disable this feature.\n" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": {}, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cache poisoning attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +}