From ce9c840019d555f7c80b6d5713e3e4a04db73a13 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 3 Jun 2019 14:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11580.json | 47 +++------ 2019/3xxx/CVE-2019-3397.json | 169 ++++++++++++++------------------- 2019/3xxx/CVE-2019-3802.json | 91 +++++++++++++++++- 3 files changed, 175 insertions(+), 132 deletions(-) diff --git a/2019/11xxx/CVE-2019-11580.json b/2019/11xxx/CVE-2019-11580.json index a76ecdf7617..6bd25f6f9cc 100644 --- a/2019/11xxx/CVE-2019-11580.json +++ b/2019/11xxx/CVE-2019-11580.json @@ -9,6 +9,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "Atlassian", "product": { "product_data": [ { @@ -16,51 +17,25 @@ "version": { "version_data": [ { - "version_affected": ">=", - "version_value": "2.1.0" + "version_value": "from 2.1.0 to before 3.0.5" }, { - "version_affected": "<", - "version_value": "3.0.5" + "version_value": "from 3.1.0 to before 3.1.6" }, { - "version_affected": ">=", - "version_value": "3.1.0" + "version_value": "from 3.2.0 to before 3.2.8" }, { - "version_affected": "<", - "version_value": "3.1.6" + "version_value": "from 3.3.0 to before 3.3.5" }, { - "version_affected": ">=", - "version_value": "3.2.0" - }, - { - "version_affected": "<", - "version_value": "3.2.8" - }, - { - "version_affected": ">=", - "version_value": "3.3.0" - }, - { - "version_affected": "<", - "version_value": "3.3.5" - }, - { - "version_affected": ">=", - "version_value": "3.4.0" - }, - { - "version_affected": "<", - "version_value": "3.4.4" + "version_value": "from 3.4.0 to before 3.4.4" } ] } } ] - }, - "vendor_name": "Atlassian" + } } ] } @@ -72,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability." + "value": "Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability." } ] }, @@ -91,8 +66,10 @@ "references": { "reference_data": [ { - "url": "https://jira.atlassian.com/browse/CWD-5388" + "url": "https://jira.atlassian.com/browse/CWD-5388", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/CWD-5388" } ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3397.json b/2019/3xxx/CVE-2019-3397.json index 016e7d33d81..3287da48bb4 100644 --- a/2019/3xxx/CVE-2019-3397.json +++ b/2019/3xxx/CVE-2019-3397.json @@ -1,98 +1,75 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-05-22T10:00:00", - "ID": "CVE-2019-3397", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Bitbucket Server", - "version": { - "version_data": [ - { - "version_value": "5.13.0", - "version_affected": ">=" - }, - { - "version_value": "5.13.6", - "version_affected": "<" - }, - { - "version_value": "5.14.0", - "version_affected": ">=" - }, - { - "version_value": "5.14.4", - "version_affected": "<" - }, - { - "version_value": "5.15.0", - "version_affected": ">=" - }, - { - "version_value": "5.15.3", - "version_affected": "<" - }, - { - "version_value": "6.0.0", - "version_affected": ">=" - }, - { - "version_value": "6.0.3", - "version_affected": "<" - }, - { - "version_value": "6.1.0", - "version_affected": ">=" - }, - { - "version_value": "6.1.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Path Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-05-22T10:00:00", + "ID": "CVE-2019-3397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Atlassian", + "product": { + "product_data": [ + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "from 5.13.0 to before 5.13.6" + }, + { + "version_value": "from 5.14.0 to before 5.14.4" + }, + { + "version_value": "from 5.15.0 to before 5.15.3" + }, + { + "version_value": "from 6.0.0 to before 6.0.3" + }, + { + "version_value": "from 6.1.0 to before 6.1.2" + } + ] + } + } + ] + } + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/BSERV-11706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-11706", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/BSERV-11706" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3802.json b/2019/3xxx/CVE-2019-3802.json index bd3251768c8..80184ad0578 100644 --- a/2019/3xxx/CVE-2019-3802.json +++ b/2019/3xxx/CVE-2019-3802.json @@ -1 +1,90 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-05-13T00:00:00.000Z","ID":"CVE-2019-3802","STATE":"PUBLIC","TITLE":"Additional information exposure with Spring Data JPA example matcher"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Data JPA","version":{"version_data":[{"affected":"<","version_name":"2.1","version_value":"2.1.8.RELEASE"},{"affected":"<","version_name":"1.11","version_value":"1.11.22.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher\nUsing ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. "}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-155: Improper Neutralization of Wildcards or Matching Symbols"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3802","name":"https://pivotal.io/security/cve-2019-3802"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.5,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","version":"3.0"}}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-05-13T00:00:00.000Z", + "ID": "CVE-2019-3802", + "STATE": "PUBLIC", + "TITLE": "Additional information exposure with Spring Data JPA example matcher" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Data JPA", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.1", + "version_value": "2.1.8.RELEASE" + }, + { + "affected": "<", + "version_name": "1.11", + "version_value": "1.11.22.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3802", + "name": "https://pivotal.io/security/cve-2019-3802" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + } +} \ No newline at end of file