diff --git a/2023/28xxx/CVE-2023-28826.json b/2023/28xxx/CVE-2023-28826.json index 07a568fcb73..50b4271300f 100644 --- a/2023/28xxx/CVE-2023-28826.json +++ b/2023/28xxx/CVE-2023-28826.json @@ -95,11 +95,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23201.json b/2024/23xxx/CVE-2024-23201.json index c5174f2024e..af749bd9a89 100644 --- a/2024/23xxx/CVE-2024-23201.json +++ b/2024/23xxx/CVE-2024-23201.json @@ -144,11 +144,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23216.json b/2024/23xxx/CVE-2024-23216.json index 8e8c5eb35ad..996dc738cca 100644 --- a/2024/23xxx/CVE-2024-23216.json +++ b/2024/23xxx/CVE-2024-23216.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23218.json b/2024/23xxx/CVE-2024-23218.json index d00b3a3d244..30fbebff2b2 100644 --- a/2024/23xxx/CVE-2024-23218.json +++ b/2024/23xxx/CVE-2024-23218.json @@ -149,11 +149,6 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/22", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/22" - }, - { - "url": "http://seclists.org/fulldisclosure/2024/Mar/23", - "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2024/Mar/23" } ] } diff --git a/2024/23xxx/CVE-2024-23227.json b/2024/23xxx/CVE-2024-23227.json index 8d7029466a3..97739600418 100644 --- a/2024/23xxx/CVE-2024-23227.json +++ b/2024/23xxx/CVE-2024-23227.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23230.json b/2024/23xxx/CVE-2024-23230.json index 1f2ebac251d..2c59fc5b7bd 100644 --- a/2024/23xxx/CVE-2024-23230.json +++ b/2024/23xxx/CVE-2024-23230.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23245.json b/2024/23xxx/CVE-2024-23245.json index 0050883cd1f..f2cf8750d7d 100644 --- a/2024/23xxx/CVE-2024-23245.json +++ b/2024/23xxx/CVE-2024-23245.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23247.json b/2024/23xxx/CVE-2024-23247.json index 4b7c4ad5b7b..59c41f6ff6e 100644 --- a/2024/23xxx/CVE-2024-23247.json +++ b/2024/23xxx/CVE-2024-23247.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23257.json b/2024/23xxx/CVE-2024-23257.json index e1dffb333da..bbec9d9eaec 100644 --- a/2024/23xxx/CVE-2024-23257.json +++ b/2024/23xxx/CVE-2024-23257.json @@ -107,6 +107,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23264.json b/2024/23xxx/CVE-2024-23264.json index 27e024998fc..283b0dc8a33 100644 --- a/2024/23xxx/CVE-2024-23264.json +++ b/2024/23xxx/CVE-2024-23264.json @@ -134,6 +134,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/25", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23266.json b/2024/23xxx/CVE-2024-23266.json index eca13f08220..92ff58e6a55 100644 --- a/2024/23xxx/CVE-2024-23266.json +++ b/2024/23xxx/CVE-2024-23266.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23267.json b/2024/23xxx/CVE-2024-23267.json index b5e092e6506..56e57194a13 100644 --- a/2024/23xxx/CVE-2024-23267.json +++ b/2024/23xxx/CVE-2024-23267.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23268.json b/2024/23xxx/CVE-2024-23268.json index 9a2f4d109f9..38c435adfa4 100644 --- a/2024/23xxx/CVE-2024-23268.json +++ b/2024/23xxx/CVE-2024-23268.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23269.json b/2024/23xxx/CVE-2024-23269.json index faf13edfafb..c60b2647bbf 100644 --- a/2024/23xxx/CVE-2024-23269.json +++ b/2024/23xxx/CVE-2024-23269.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23270.json b/2024/23xxx/CVE-2024-23270.json index 2b3541fdc3c..3971a1e8853 100644 --- a/2024/23xxx/CVE-2024-23270.json +++ b/2024/23xxx/CVE-2024-23270.json @@ -112,6 +112,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/25", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/25" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23272.json b/2024/23xxx/CVE-2024-23272.json index 06bc355b506..fcd2d81c4a5 100644 --- a/2024/23xxx/CVE-2024-23272.json +++ b/2024/23xxx/CVE-2024-23272.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23274.json b/2024/23xxx/CVE-2024-23274.json index 0c18e608b0e..c1e600ffd63 100644 --- a/2024/23xxx/CVE-2024-23274.json +++ b/2024/23xxx/CVE-2024-23274.json @@ -73,6 +73,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/23xxx/CVE-2024-23283.json b/2024/23xxx/CVE-2024-23283.json index d57da3c2a76..f3ae0c69184 100644 --- a/2024/23xxx/CVE-2024-23283.json +++ b/2024/23xxx/CVE-2024-23283.json @@ -90,6 +90,11 @@ "url": "http://seclists.org/fulldisclosure/2024/Mar/21", "refsource": "MISC", "name": "http://seclists.org/fulldisclosure/2024/Mar/21" + }, + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/22", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2024/Mar/22" } ] } diff --git a/2024/24xxx/CVE-2024-24975.json b/2024/24xxx/CVE-2024-24975.json index 99726492a64..34e4fefe01b 100644 --- a/2024/24xxx/CVE-2024-24975.json +++ b/2024/24xxx/CVE-2024-24975.json @@ -1,124 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-24975", - "ASSIGNER": "responsibledisclosure@mattermost.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to\u00a0limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a\u00a0very large code block and crash the mobile app.\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption", - "cweId": "CWE-400" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Mattermost", - "product": { - "product_data": [ - { - "product_name": "Mattermost Mobile", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "unaffected", - "version": "2.13.0" - }, - { - "lessThanOrEqual": "2.12.0", - "status": "affected", - "version": "0", - "versionType": "semver" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://mattermost.com/security-updates", - "refsource": "MISC", - "name": "https://mattermost.com/security-updates" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "MMSA-2023-00277", - "defect": [ - "https://mattermost.atlassian.net/browse/MM-55257" - ], - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "

Update Mattermost Mobile Apps to versions 2.13.0 or higher.

" - } - ], - "value": "Update Mattermost Mobile Apps to versions 2.13.0 or higher.\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "Gian Klug (coderion)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3.5, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/28xxx/CVE-2024-28053.json b/2024/28xxx/CVE-2024-28053.json index 4501adcad39..a9c292546b8 100644 --- a/2024/28xxx/CVE-2024-28053.json +++ b/2024/28xxx/CVE-2024-28053.json @@ -1,128 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-28053", - "ASSIGNER": "responsibledisclosure@mattermost.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit\u00a0the size of the payload that can be read and parsed allowing an attacker to send a\u00a0very large email payload and crash the server.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption", - "cweId": "CWE-400" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Mattermost", - "product": { - "product_data": [ - { - "product_name": "Mattermost", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "lessThanOrEqual": "8.1.9", - "status": "affected", - "version": "8.1.0", - "versionType": "semver" - }, - { - "status": "unaffected", - "version": "9.5.0" - }, - { - "status": "unaffected", - "version": "8.1.10" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://mattermost.com/security-updates", - "refsource": "MISC", - "name": "https://mattermost.com/security-updates" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "MMSA-2023-00287", - "defect": [ - "https://mattermost.atlassian.net/browse/MM-55968" - ], - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "

Update Mattermost Server to versions 9.5.0, 8.1.10 or higher.

" - } - ], - "value": "Update Mattermost Server to versions 9.5.0, 8.1.10 or higher.\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": ". (themarkib0x0)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3.1, - "baseSeverity": "LOW", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/29xxx/CVE-2024-29009.json b/2024/29xxx/CVE-2024-29009.json index d82f50ff44e..779716aa6eb 100644 --- a/2024/29xxx/CVE-2024-29009.json +++ b/2024/29xxx/CVE-2024-29009.json @@ -1,67 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-29009", - "ASSIGNER": "vultures@jpcert.or.jp", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "** UNSUPPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-site request forgery (CSRF)" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Ari Susanto", - "product": { - "product_data": [ - { - "product_name": "easy-popup-show", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "all versions" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://wordpress.org/plugins/easy-popup-show/", - "refsource": "MISC", - "name": "https://wordpress.org/plugins/easy-popup-show/" - }, - { - "url": "https://jvn.jp/en/jp/JVN86206017/", - "refsource": "MISC", - "name": "https://jvn.jp/en/jp/JVN86206017/" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2247.json b/2024/2xxx/CVE-2024-2247.json index b5ca0571cf9..bbf9ca4db48 100644 --- a/2024/2xxx/CVE-2024-2247.json +++ b/2024/2xxx/CVE-2024-2247.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism." + "value": "JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism." } ] }, diff --git a/2024/2xxx/CVE-2024-2400.json b/2024/2xxx/CVE-2024-2400.json index e843e42ad02..b0e8b67964e 100644 --- a/2024/2xxx/CVE-2024-2400.json +++ b/2024/2xxx/CVE-2024-2400.json @@ -63,6 +63,11 @@ "url": "https://issues.chromium.org/issues/327696052", "refsource": "MISC", "name": "https://issues.chromium.org/issues/327696052" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/" } ] } diff --git a/2024/2xxx/CVE-2024-2437.json b/2024/2xxx/CVE-2024-2437.json index 297b7e3b3c1..86dce63ef57 100644 --- a/2024/2xxx/CVE-2024-2437.json +++ b/2024/2xxx/CVE-2024-2437.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-41728. Reason: This candidate is a reservation duplicate of CVE-2023-41728. Notes: All CVE users should reference CVE-2023-41728 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/2xxx/CVE-2024-2438.json b/2024/2xxx/CVE-2024-2438.json index 45acf9a2d75..dc2b9facc6a 100644 --- a/2024/2xxx/CVE-2024-2438.json +++ b/2024/2xxx/CVE-2024-2438.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-47851. Reason: This candidate is a reservation duplicate of CVE-2023-47851. Notes: All CVE users should reference CVE-2023-47851 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2024/2xxx/CVE-2024-2445.json b/2024/2xxx/CVE-2024-2445.json index 1bb48b01f0a..a6a0bfecb06 100644 --- a/2024/2xxx/CVE-2024-2445.json +++ b/2024/2xxx/CVE-2024-2445.json @@ -1,158 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2445", - "ASSIGNER": "responsibledisclosure@mattermost.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", - "cweId": "CWE-74" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Mattermost", - "product": { - "product_data": [ - { - "product_name": "Mattermost", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "lessThanOrEqual": "9.4.2", - "status": "affected", - "version": "9.4.0", - "versionType": "semver" - }, - { - "lessThanOrEqual": "9.3.1", - "status": "affected", - "version": "9.3.0", - "versionType": "semver" - }, - { - "lessThanOrEqual": "9.2.5", - "status": "affected", - "version": "9.2.0", - "versionType": "semver" - }, - { - "lessThanOrEqual": "8.1.9", - "status": "affected", - "version": "8.1.0", - "versionType": "semver" - }, - { - "status": "unaffected", - "version": "9.5.0" - }, - { - "status": "unaffected", - "version": "9.4.3" - }, - { - "status": "unaffected", - "version": "9.3.2" - }, - { - "status": "unaffected", - "version": "9.2.6" - }, - { - "status": "unaffected", - "version": "8.1.10" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://mattermost.com/security-updates", - "refsource": "MISC", - "name": "https://mattermost.com/security-updates" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "MMSA-2023-00260", - "defect": [ - "https://mattermost.atlassian.net/browse/MM-54921" - ], - "discovery": "INTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "Update Mattermost to versions 8.1.0, 9.3.2, 9.4.3, 9.5.0 or higher." - } - ], - "value": "Update Mattermost to versions 8.1.0, 9.3.2, 9.4.3, 9.5.0 or higher." - } - ], - "credits": [ - { - "lang": "en", - "value": "Juho Nurminen" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/2xxx/CVE-2024-2446.json b/2024/2xxx/CVE-2024-2446.json index 5242ada1219..d1e07e9493e 100644 --- a/2024/2xxx/CVE-2024-2446.json +++ b/2024/2xxx/CVE-2024-2446.json @@ -1,158 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2446", - "ASSIGNER": "responsibledisclosure@mattermost.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages.\n\n" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption", - "cweId": "CWE-400" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Mattermost", - "product": { - "product_data": [ - { - "product_name": "Mattermost", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "lessThanOrEqual": "9.4.2", - "status": "affected", - "version": "9.4.0", - "versionType": "semver" - }, - { - "lessThanOrEqual": "9.3.1", - "status": "affected", - "version": "9.3.0", - "versionType": "semver" - }, - { - "lessThanOrEqual": "9.2.5", - "status": "affected", - "version": "9.2.0", - "versionType": "semver" - }, - { - "lessThanOrEqual": "8.1.9", - "status": "affected", - "version": "8.1.0", - "versionType": "semver" - }, - { - "status": "unaffected", - "version": "9.5.0" - }, - { - "status": "unaffected", - "version": "9.4.3" - }, - { - "status": "unaffected", - "version": "9.3.2" - }, - { - "status": "unaffected", - "version": "9.2.6" - }, - { - "status": "unaffected", - "version": "8.1.10" - } - ], - "defaultStatus": "unaffected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://mattermost.com/security-updates", - "refsource": "MISC", - "name": "https://mattermost.com/security-updates" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "advisory": "MMSA-2024-00296", - "defect": [ - "https://mattermost.atlassian.net/browse/MM-56372" - ], - "discovery": "EXTERNAL" - }, - "solution": [ - { - "lang": "en", - "supportingMedia": [ - { - "base64": false, - "type": "text/html", - "value": "

Update Mattermost Server to versions 9.5, 9.4.3, 9.3.2, 9.2.6, 8.1.10 or higher.

" - } - ], - "value": "Update Mattermost Server to versions 9.5, 9.4.3, 9.3.2, 9.2.6, 8.1.10 or higher.\n\n" - } - ], - "credits": [ - { - "lang": "en", - "value": "vultza (vultza)" - } - ], - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }