mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
7cab3fdd6d
commit
ce76750c74
@ -76,6 +76,14 @@
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Joshua Lictan"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
|
@ -76,6 +76,14 @@
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Joshua Lictan"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
|
@ -76,6 +76,14 @@
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Joshua Lictan"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
|
@ -76,6 +76,14 @@
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Joshua Lictan"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "nochizplz (VulDB User)"
|
||||
|
@ -1,17 +1,148 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-1887",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.\u00a0\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control",
|
||||
"cweId": "CWE-284"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Mattermost",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mattermost",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"lessThanOrEqual": "8.1.8",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "9.2.4",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "9.3.0",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.4.0"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.3.1"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.2.5"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "8.1.9"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://mattermost.com/security-updates",
|
||||
"refsource": "MISC",
|
||||
"name": "https://mattermost.com/security-updates"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "MMSA-2023-00221",
|
||||
"defect": [
|
||||
"https://mattermost.atlassian.net/browse/MM-53278"
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<p>Update Mattermost Server to versions 9.4,0, 9.3.1, 9.2.5, 8.1.9 or higher.</p>"
|
||||
}
|
||||
],
|
||||
"value": "Update Mattermost Server to versions 9.4,0, 9.3.1, 9.2.5, 8.1.9 or higher.\n\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "n/a"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,158 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-1888",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Mattermost fails to check the\u00a0\"invite_guest\" permission when inviting\u00a0guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control",
|
||||
"cweId": "CWE-284"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Mattermost",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mattermost",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"lessThanOrEqual": "9.4.1",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "9.3.0",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "9.2.4",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "8.1.8",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.5.0"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.4.2"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.3.1"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.2.5"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "8.1.9"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://mattermost.com/security-updates",
|
||||
"refsource": "MISC",
|
||||
"name": "https://mattermost.com/security-updates"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "MMSA-2023-00285",
|
||||
"defect": [
|
||||
"https://mattermost.atlassian.net/browse/MM-55607"
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<p>Update Mattermost Server to versions 9.5.0, 9.4.2, 9.3.1, 9.2.5, 8.1.9 or higher.</p>"
|
||||
}
|
||||
],
|
||||
"value": "Update Mattermost Server to versions 9.5.0, 9.4.2, 9.3.1, 9.2.5, 8.1.9 or higher.\n\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Eva Sarafianou"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -141,6 +141,11 @@
|
||||
"url": "https://support.apple.com/en-us/HT214070",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.apple.com/en-us/HT214070"
|
||||
},
|
||||
{
|
||||
"url": "https://support.apple.com/kb/HT214070",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.apple.com/kb/HT214070"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,138 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-23488",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the \u201cAllow users to view archived channels\u201d option is disabled.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control",
|
||||
"cweId": "CWE-284"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Mattermost",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mattermost",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"lessThanOrEqual": "8.1.8",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "9.4.1",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.5.0"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.4.2"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "8.1.9"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://mattermost.com/security-updates",
|
||||
"refsource": "MISC",
|
||||
"name": "https://mattermost.com/security-updates"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "MMSA-2023-00292",
|
||||
"defect": [
|
||||
"https://mattermost.atlassian.net/browse/MM-56173"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<p>Update Mattermost Server to versions 9.5.0, 9.4.2, 8.1.9 or higher.</p>"
|
||||
}
|
||||
],
|
||||
"value": "Update Mattermost Server to versions 9.5.0, 9.4.2, 8.1.9 or higher.\n\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "BhaRat (hackit_bharat)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 3.1,
|
||||
"baseSeverity": "LOW",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,158 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-23493",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Mattermost fails to properly authorize the requests fetching\u00a0team associated AD/LDAP groups, allowing a user to fetch details of\u00a0AD/LDAP groups of a team that they are not a member of.\u00a0\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Mattermost",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mattermost",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"lessThanOrEqual": "9.4.1",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "9.3.0",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "9.2.5",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "8.1.8",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.5.0"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.4.2"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.3.1"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.2.5"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "8.1.9"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://mattermost.com/security-updates",
|
||||
"refsource": "MISC",
|
||||
"name": "https://mattermost.com/security-updates"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "MMSA-2023-00284",
|
||||
"defect": [
|
||||
"https://mattermost.atlassian.net/browse/MM-55216"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<p>Update Mattermost Server to versions 9.5.0, 9.4.2, 9.3.1, 9.2.5, 8.1.9 or higher.</p>"
|
||||
}
|
||||
],
|
||||
"value": "Update Mattermost Server to versions 9.5.0, 9.4.2, 9.3.1, 9.2.5, 8.1.9 or higher.\n\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "vultza (vultza)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,148 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-24988",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send\u00a0multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-400: Uncontrolled Resource Consumption",
|
||||
"cweId": "CWE-400"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Mattermost",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mattermost",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"lessThanOrEqual": "9.2.4",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "8.1.8",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "9.3.0",
|
||||
"status": "affected",
|
||||
"version": "0",
|
||||
"versionType": "semver"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.4.0"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.3.1"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "9.2.5"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "8.1.9"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://mattermost.com/security-updates",
|
||||
"refsource": "MISC",
|
||||
"name": "https://mattermost.com/security-updates"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"advisory": "MMSA-2023-00281",
|
||||
"defect": [
|
||||
"https://mattermost.atlassian.net/browse/MM-55467"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<p>Update Mattermost Server to versions 9.4.0, 9.3.1, 9.2.5, 8.1.9 or higher.</p>"
|
||||
}
|
||||
],
|
||||
"value": "Update Mattermost Server to versions 9.4.0, 9.3.1, 9.2.5, 8.1.9 or higher.\n\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Gian Klug (coderion)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
18
2024/28xxx/CVE-2024-28005.json
Normal file
18
2024/28xxx/CVE-2024-28005.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28005",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28006.json
Normal file
18
2024/28xxx/CVE-2024-28006.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28006",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28007.json
Normal file
18
2024/28xxx/CVE-2024-28007.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28007",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28008.json
Normal file
18
2024/28xxx/CVE-2024-28008.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28008",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28009.json
Normal file
18
2024/28xxx/CVE-2024-28009.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28009",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28010.json
Normal file
18
2024/28xxx/CVE-2024-28010.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28010",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28011.json
Normal file
18
2024/28xxx/CVE-2024-28011.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28011",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28012.json
Normal file
18
2024/28xxx/CVE-2024-28012.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28012",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28013.json
Normal file
18
2024/28xxx/CVE-2024-28013.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28013",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28014.json
Normal file
18
2024/28xxx/CVE-2024-28014.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28014",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28015.json
Normal file
18
2024/28xxx/CVE-2024-28015.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28015",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28016.json
Normal file
18
2024/28xxx/CVE-2024-28016.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28016",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28017.json
Normal file
18
2024/28xxx/CVE-2024-28017.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28017",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28018.json
Normal file
18
2024/28xxx/CVE-2024-28018.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28018",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/28xxx/CVE-2024-28019.json
Normal file
18
2024/28xxx/CVE-2024-28019.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-28019",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
18
2024/2xxx/CVE-2024-2002.json
Normal file
18
2024/2xxx/CVE-2024-2002.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-2002",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user