diff --git a/2024/29xxx/CVE-2024-29504.json b/2024/29xxx/CVE-2024-29504.json index 7cc1a8e178e..faf4442d2c5 100644 --- a/2024/29xxx/CVE-2024-29504.json +++ b/2024/29xxx/CVE-2024-29504.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-29504", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-29504", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/summernote/summernote/pull/3782", + "refsource": "MISC", + "name": "https://github.com/summernote/summernote/pull/3782" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/phoenix118go/a9192281efcfa518daa709ab7638712b", + "url": "https://gist.github.com/phoenix118go/a9192281efcfa518daa709ab7638712b" } ] } diff --git a/2024/31xxx/CVE-2024-31995.json b/2024/31xxx/CVE-2024-31995.json index 6561245c118..1fefe58b9c1 100644 --- a/2024/31xxx/CVE-2024-31995.json +++ b/2024/31xxx/CVE-2024-31995.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613: Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "digitalbazaar", + "product": { + "product_data": [ + { + "product_name": "zcap", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 9.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/digitalbazaar/zcap/security/advisories/GHSA-hp8h-7x69-4wmv", + "refsource": "MISC", + "name": "https://github.com/digitalbazaar/zcap/security/advisories/GHSA-hp8h-7x69-4wmv" + }, + { + "url": "https://github.com/digitalbazaar/zcap/pull/82", + "refsource": "MISC", + "name": "https://github.com/digitalbazaar/zcap/pull/82" + }, + { + "url": "https://github.com/digitalbazaar/zcap/commit/261eea040109b6e25159c88d8ed49d3c37f8fcfe", + "refsource": "MISC", + "name": "https://github.com/digitalbazaar/zcap/commit/261eea040109b6e25159c88d8ed49d3c37f8fcfe" + }, + { + "url": "https://github.com/digitalbazaar/zcap/commit/55f8549c80124b85dfb0f3dcf83f2c63f42532e5", + "refsource": "MISC", + "name": "https://github.com/digitalbazaar/zcap/commit/55f8549c80124b85dfb0f3dcf83f2c63f42532e5" + } + ] + }, + "source": { + "advisory": "GHSA-hp8h-7x69-4wmv", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31997.json b/2024/31xxx/CVE-2024-31997.json index 61458aa6ef7..1a46041d575 100644 --- a/2024/31xxx/CVE-2024-31997.json +++ b/2024/31xxx/CVE-2024-31997.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xwiki", + "product": { + "product_data": [ + { + "product_name": "xwiki-platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 14.10.19" + }, + { + "version_affected": "=", + "version_value": ">= 15.0-rc-1, < 15.5.4" + }, + { + "version_affected": "=", + "version_value": ">= 15.6-rc-1, < 15.9-rc-1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c2gg-4gq4-jv5j", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c2gg-4gq4-jv5j" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/171e7c7d0e56deaa7b3678657ae26ef95379b1ea", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/commit/171e7c7d0e56deaa7b3678657ae26ef95379b1ea" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/1b2574eb966457ca4ef34e557376b8751d1be90d", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/commit/1b2574eb966457ca4ef34e557376b8751d1be90d" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/56748e154a9011f0d6239bec0823eaaeab6ec3f7", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/commit/56748e154a9011f0d6239bec0823eaaeab6ec3f7" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-21335", + "refsource": "MISC", + "name": "https://jira.xwiki.org/browse/XWIKI-21335" + } + ] + }, + "source": { + "advisory": "GHSA-c2gg-4gq4-jv5j", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/31xxx/CVE-2024-31999.json b/2024/31xxx/CVE-2024-31999.json index 78b05a4de4b..e1dc60f33fc 100644 --- a/2024/31xxx/CVE-2024-31999.json +++ b/2024/31xxx/CVE-2024-31999.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31999", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user). The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever. Version 7.3.0 contains a patch for the issue. As a workaround, one may include a \"last update\" field in the session, and treat \"old sessions\" as expired." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613: Insufficient Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "fastify", + "product": { + "product_data": [ + { + "product_name": "fastify-secure-session", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 7.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fastify/fastify-secure-session/security/advisories/GHSA-9wwp-q7wq-jx35", + "refsource": "MISC", + "name": "https://github.com/fastify/fastify-secure-session/security/advisories/GHSA-9wwp-q7wq-jx35" + }, + { + "url": "https://github.com/fastify/fastify-secure-session/commit/56d66642ecc633cff0606927601e81cdac361370", + "refsource": "MISC", + "name": "https://github.com/fastify/fastify-secure-session/commit/56d66642ecc633cff0606927601e81cdac361370" + } + ] + }, + "source": { + "advisory": "GHSA-9wwp-q7wq-jx35", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3645.json b/2024/3xxx/CVE-2024-3645.json new file mode 100644 index 00000000000..c15079e65fb --- /dev/null +++ b/2024/3xxx/CVE-2024-3645.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3645", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3646.json b/2024/3xxx/CVE-2024-3646.json new file mode 100644 index 00000000000..32c04665e7b --- /dev/null +++ b/2024/3xxx/CVE-2024-3646.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3646", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3647.json b/2024/3xxx/CVE-2024-3647.json new file mode 100644 index 00000000000..eea9e0188bc --- /dev/null +++ b/2024/3xxx/CVE-2024-3647.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3647", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/3xxx/CVE-2024-3648.json b/2024/3xxx/CVE-2024-3648.json new file mode 100644 index 00000000000..696a130ee52 --- /dev/null +++ b/2024/3xxx/CVE-2024-3648.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-3648", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file