admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-12-13 08:00:32 +00:00
parent a7b78f990b
commit c624f8bc74
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
17 changed files with 239 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
2023/46xxx/CVE-2023-46675.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46675",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@elastic.co",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Account credentials for the kibana_system user, API Keys, and credentials of Kibana end-users, Elastic Security package policy objects which can contain private keys, bearer token, and sessions of 3rd-party integrations and finally Authorization headers, client secrets, local file paths, and stack traces. The issue may occur in any Kibana instance running an affected version that could potentially receive an unexpected error when communicating to Elasticsearch causing it to include sensitive data into Kibana error logs. It could also occur under specific circumstances when debug level logging is enabled in Kibana. Note: It was found that the fix for ESA-2023-25 in Kibana 8.11.1 for a similar issue was incomplete.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.13.0",
"version_value": "7.17.16"
},
{
"version_affected": "<",
"version_name": "8.0.0",
"version_value": "8.11.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182/2"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

2
2023/47xxx/CVE-2023-47262.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Abbott ID NOW before 7.1, settings can be modified via physical access to an internal serial port."
"value": "The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit."
}
]
},

4
2023/4xxx/CVE-2023-4910.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Use of Web Browser Cache Containing Sensitive Information",
"cweId": "CWE-525"
"value": "Exposure of Resource to Wrong Sphere",
"cweId": "CWE-668"
}
]
}

4
2023/4xxx/CVE-2023-4956.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information",
"cweId": "CWE-451"
"value": "Improper Restriction of Rendered UI Layers or Frames",
"cweId": "CWE-1021"
}
]
}

4
2023/5xxx/CVE-2023-5090.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Check or Handling of Exceptional Conditions",
"cweId": "CWE-703"
"value": "Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
}

4
2023/5xxx/CVE-2023-5824.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "Improper Handling of Exceptional Conditions",
"cweId": "CWE-755"
}
]
}

4
2023/5xxx/CVE-2023-5871.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption",
"cweId": "CWE-400"
"value": "Lack of Administrator Control over Security",
"cweId": "CWE-671"
}
]
}

4
2023/6xxx/CVE-2023-6238.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}

4
2023/6xxx/CVE-2023-6394.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Incorrect Behavior Order",
"cweId": "CWE-696"
"value": "Missing Authorization",
"cweId": "CWE-862"
}
]
}

18
2023/6xxx/CVE-2023-6755.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6756.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6757.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6758.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6758",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6759.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6760.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6760",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6761.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6761",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6762.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6762",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}