admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-05 22:00:38 +00:00
parent 8f68496b38
commit cf2df13dcd
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 559 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
2023/36xxx/CVE-2023-36809.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36809",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kiwitcms",
"product": {
"product_data": [
{
"product_name": "Kiwi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 12.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw",
"refsource": "MISC",
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-jpgw-2r9m-8qfw"
},
{
"url": "https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/511489dd-ba38-4806-9029-b28ab2830aa8/"
},
{
"url": "https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/c6eeb346-fa99-4d41-bc40-b68f8d689223/"
},
{
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/",
"refsource": "MISC",
"name": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/07/04/kiwi-tcms-125/"
},
{
"url": "https://www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c",
"refsource": "MISC",
"name": "https://www.github.com/kiwitcms/kiwi/commit/195ea53eaaf360c19227c864cc0fe58910032c3c"
},
{
"url": "https://www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d",
"refsource": "MISC",
"name": "https://www.github.com/kiwitcms/kiwi/commit/ffb00450be52fe11a82a2507632c2328cae4ec9d"
}
]
},
"source": {
"advisory": "GHSA-jpgw-2r9m-8qfw",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

86
2023/36xxx/CVE-2023-36813.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kanboard",
"product": {
"product_data": [
{
"product_name": "kanboard",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.2.31"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx",
"refsource": "MISC",
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx"
},
{
"url": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a",
"refsource": "MISC",
"name": "https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a"
},
{
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31",
"refsource": "MISC",
"name": "https://github.com/kanboard/kanboard/releases/tag/v1.2.31"
}
]
},
"source": {
"advisory": "GHSA-9gvq-78jp-jxcx",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

91
2023/36xxx/CVE-2023-36821.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36821",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. After downloading a plugin, it's installed by calling `npm install` in the installation directory of the plugin. Because the plugin is not validated against the official list of plugins or installed with `npm install --ignore-scripts`, a maliciously crafted plugin taking advantage of npm scripts can gain remote code execution. Version 1.22.1 contains a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "louislam",
"product": {
"product_data": [
{
"product_name": "uptime-kuma",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-7grx-f945-mj96",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-7grx-f945-mj96"
},
{
"url": "https://github.com/louislam/uptime-kuma/pull/3346",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/pull/3346"
},
{
"url": "https://github.com/louislam/uptime-kuma/blob/8c60e902e1c76ecbbd1b0423b07ce615341cb850/server/plugins-manager.js#L210-L216",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/blob/8c60e902e1c76ecbbd1b0423b07ce615341cb850/server/plugins-manager.js#L210-L216"
},
{
"url": "https://github.com/louislam/uptime-kuma/releases/tag/1.22.1",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/releases/tag/1.22.1"
}
]
},
"source": {
"advisory": "GHSA-7grx-f945-mj96",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

91
2023/36xxx/CVE-2023-36822.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36822",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it's removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "louislam",
"product": {
"product_data": [
{
"product_name": "uptime-kuma",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.22.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-vr8x-74pm-6vj7",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-vr8x-74pm-6vj7"
},
{
"url": "https://github.com/louislam/uptime-kuma/pull/3346",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/pull/3346"
},
{
"url": "https://github.com/louislam/uptime-kuma/blob/de74efb2e6601dcbcfed32cddefc4078a80fcb0b/server/plugins-manager.js#L75-L80",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/blob/de74efb2e6601dcbcfed32cddefc4078a80fcb0b/server/plugins-manager.js#L75-L80"
},
{
"url": "https://github.com/louislam/uptime-kuma/releases/tag/1.22.1",
"refsource": "MISC",
"name": "https://github.com/louislam/uptime-kuma/releases/tag/1.22.1"
}
]
},
"source": {
"advisory": "GHSA-vr8x-74pm-6vj7",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

86
2023/36xxx/CVE-2023-36827.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36827",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version `2.15.1`, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. The vulnerability is patched in fides `2.15.1`.\n\nIf the Fides webserver API is not directly accessible to attackers and is instead deployed behind a reverse proxy as recommended in Ethyca's security best practice documentation, and the reverse proxy is an AWS application load balancer, the vulnerability can't be exploited by these attackers. An AWS application load balancer will reject this attack with a 400 error. Additionally, any secrets supplied to the container using environment variables rather than a `fides.toml` configuration file are not affected by this vulnerability.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ethyca",
"product": {
"product_data": [
{
"product_name": "fides",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.15.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-r25m-cr6v-p9hq",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/security/advisories/GHSA-r25m-cr6v-p9hq"
},
{
"url": "https://github.com/ethyca/fides/commit/f526d9ffb176006d701493c9d0eff6b4884e811f",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/commit/f526d9ffb176006d701493c9d0eff6b4884e811f"
},
{
"url": "https://github.com/ethyca/fides/releases/tag/2.15.1",
"refsource": "MISC",
"name": "https://github.com/ethyca/fides/releases/tag/2.15.1"
}
]
},
"source": {
"advisory": "GHSA-r25m-cr6v-p9hq",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

101
2023/36xxx/CVE-2023-36828.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36828",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "statamic",
"product": {
"product_data": [
{
"product_name": "cms",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.10.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/statamic/cms/security/advisories/GHSA-6r5g-cq4q-327g",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/security/advisories/GHSA-6r5g-cq4q-327g"
},
{
"url": "https://github.com/statamic/cms/pull/8408",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/pull/8408"
},
{
"url": "https://github.com/statamic/cms/commit/c714893ad92de6e5ede17b501003441af505b30d",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/commit/c714893ad92de6e5ede17b501003441af505b30d"
},
{
"url": "https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php#L15",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Http/Controllers/CP/Fieldtypes/FilesFieldtypeController.php#L15"
},
{
"url": "https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Tags/Svg.php#L36-L40",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/blob/f806b6b007ddcf066082eef175653c5beaa96d60/src/Tags/Svg.php#L36-L40"
},
{
"url": "https://github.com/statamic/cms/releases/tag/v4.10.0",
"refsource": "MISC",
"name": "https://github.com/statamic/cms/releases/tag/v4.10.0"
}
]
},
"source": {
"advisory": "GHSA-6r5g-cq4q-327g",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

18
2023/3xxx/CVE-2023-3518.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}