admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-03 14:00:54 +00:00
parent 71759683e8
commit ce9c840019
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 175 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
2019/11xxx/CVE-2019-11580.json
View File

@ -9,6 +9,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Atlassian",
"product": {
"product_data": [
{
@ -16,51 +17,25 @@
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "2.1.0"
"version_value": "from 2.1.0 to before 3.0.5"
},
{
"version_affected": "<",
"version_value": "3.0.5"
"version_value": "from 3.1.0 to before 3.1.6"
},
{
"version_affected": ">=",
"version_value": "3.1.0"
"version_value": "from 3.2.0 to before 3.2.8"
},
{
"version_affected": "<",
"version_value": "3.1.6"
"version_value": "from 3.3.0 to before 3.3.5"
},
{
"version_affected": ">=",
"version_value": "3.2.0"
},
{
"version_affected": "<",
"version_value": "3.2.8"
},
{
"version_affected": ">=",
"version_value": "3.3.0"
},
{
"version_affected": "<",
"version_value": "3.3.5"
},
{
"version_affected": ">=",
"version_value": "3.4.0"
},
{
"version_affected": "<",
"version_value": "3.4.4"
"version_value": "from 3.4.0 to before 3.4.4"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
}
]
}
@ -72,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability."
"value": "Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability."
}
]
},
@ -91,7 +66,9 @@
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CWD-5388"
"url": "https://jira.atlassian.com/browse/CWD-5388",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CWD-5388"
}
]
}

47
2019/3xxx/CVE-2019-3397.json
View File

@ -9,58 +9,33 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Atlassian",
"product": {
"product_data": [
{
"product_name": "Bitbucket Server",
"product_name": "Bitbucket Data Center",
"version": {
"version_data": [
{
"version_value": "5.13.0",
"version_affected": ">="
"version_value": "from 5.13.0 to before 5.13.6"
},
{
"version_value": "5.13.6",
"version_affected": "<"
"version_value": "from 5.14.0 to before 5.14.4"
},
{
"version_value": "5.14.0",
"version_affected": ">="
"version_value": "from 5.15.0 to before 5.15.3"
},
{
"version_value": "5.14.4",
"version_affected": "<"
"version_value": "from 6.0.0 to before 6.0.3"
},
{
"version_value": "5.15.0",
"version_affected": ">="
},
{
"version_value": "5.15.3",
"version_affected": "<"
},
{
"version_value": "6.0.0",
"version_affected": ">="
},
{
"version_value": "6.0.3",
"version_affected": "<"
},
{
"version_value": "6.1.0",
"version_affected": ">="
},
{
"version_value": "6.1.2",
"version_affected": "<"
"version_value": "from 6.1.0 to before 6.1.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
}
]
}
@ -72,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool."
"value": "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool."
}
]
},
@ -91,7 +66,9 @@
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/BSERV-11706"
"url": "https://jira.atlassian.com/browse/BSERV-11706",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/BSERV-11706"
}
]
}

91
2019/3xxx/CVE-2019-3802.json
View File

@ -1 +1,90 @@
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-05-13T00:00:00.000Z","ID":"CVE-2019-3802","STATE":"PUBLIC","TITLE":"Additional information exposure with Spring Data JPA example matcher"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spring Data JPA","version":{"version_data":[{"affected":"<","version_name":"2.1","version_value":"2.1.8.RELEASE"},{"affected":"<","version_name":"1.11","version_value":"1.11.22.RELEASE"}]}}]},"vendor_name":"Spring"}]}},"description":{"description_data":[{"lang":"eng","value":"This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher\nUsing ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. "}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-155: Improper Neutralization of Wildcards or Matching Symbols"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3802","name":"https://pivotal.io/security/cve-2019-3802"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.5,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","version":"3.0"}}}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-05-13T00:00:00.000Z",
"ID": "CVE-2019-3802",
"STATE": "PUBLIC",
"TITLE": "Additional information exposure with Spring Data JPA example matcher"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Data JPA",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.1",
"version_value": "2.1.8.RELEASE"
},
{
"affected": "<",
"version_name": "1.11",
"version_value": "1.11.22.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3802",
"name": "https://pivotal.io/security/cve-2019-3802"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
}