From cf88c410fe7d35f376c9d1bf15a7dd7536bc6584 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 13 Jun 2023 22:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/38xxx/CVE-2022-38014.json | 94 ++++++++++++----------- 2022/41xxx/CVE-2022-41066.json | 2 +- 2022/41xxx/CVE-2022-41085.json | 87 +++++++++++---------- 2022/41xxx/CVE-2022-41119.json | 134 +++++++++++++++------------------ 2023/24xxx/CVE-2023-24469.json | 60 ++++++++++++++- 2023/31xxx/CVE-2023-31142.json | 80 +++++++++++++++++++- 2023/32xxx/CVE-2023-32061.json | 80 +++++++++++++++++++- 2023/32xxx/CVE-2023-32301.json | 80 +++++++++++++++++++- 2023/34xxx/CVE-2023-34250.json | 80 +++++++++++++++++++- 9 files changed, 515 insertions(+), 182 deletions(-) diff --git a/2022/38xxx/CVE-2022-38014.json b/2022/38xxx/CVE-2022-38014.json index 85270319dfc..0efe75d2bd8 100644 --- a/2022/38xxx/CVE-2022-38014.json +++ b/2022/38xxx/CVE-2022-38014.json @@ -1,50 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-38014", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Windows Subsystem for Linux (WSL2)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Azure EFLOW", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability." + "value": "Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability" } ] }, @@ -60,21 +27,60 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Windows Subsystem for Linux (WSL2)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.0.0.0", + "version_value": "5.15.62.1" + } + ] + } + }, + { + "product_name": "Azure EFLOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.4.0.0", + "version_value": "1.4.2.12122 LTS" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38014", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38014", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38014" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38014" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.0", - "temporalScore": "6.1", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41066.json b/2022/41xxx/CVE-2022-41066.json index 725ed5d1211..499024e9607 100644 --- a/2022/41xxx/CVE-2022-41066.json +++ b/2022/41xxx/CVE-2022-41066.json @@ -40,7 +40,7 @@ "version_data": [ { "version_affected": "<", - "version_name": "0", + "version_name": "1.0", "version_value": "49345" } ] diff --git a/2022/41xxx/CVE-2022-41085.json b/2022/41xxx/CVE-2022-41085.json index 3f0ee2a203f..2b68ace453e 100644 --- a/2022/41xxx/CVE-2022-41085.json +++ b/2022/41xxx/CVE-2022-41085.json @@ -1,50 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-41085", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Azure CycleCloud 8", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Azure CycleCloud 7", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Azure CycleCloud Elevation of Privilege Vulnerability." + "value": "Azure CycleCloud Elevation of Privilege Vulnerability" } ] }, @@ -60,21 +27,53 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Azure CycleCloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "8.0", + "version_value": "8.3.0" + }, + { + "version_affected": "<", + "version_name": "7.0", + "version_value": "7.9.11" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41085", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41085", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41085" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41085" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.5", - "temporalScore": "6.5", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41119.json b/2022/41xxx/CVE-2022-41119.json index 016cf2a3198..7c15ebf7757 100644 --- a/2022/41xxx/CVE-2022-41119.json +++ b/2022/41xxx/CVE-2022-41119.json @@ -1,80 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2022-41119", + "ASSIGNER": "secure@microsoft.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Microsoft Visual Studio 2022 version 17.2", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2022 version 17.3", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - }, - { - "product_name": "Microsoft Visual Studio 2022 version 17.0", - "version": { - "version_data": [ - { - "version_value": "" - } - ] - } - } - ] - }, - "vendor_name": "Microsoft" - } - ] - } - }, "description": { "description_data": [ { "lang": "eng", - "value": "Visual Studio Remote Code Execution Vulnerability." + "value": "Visual Studio Remote Code Execution Vulnerability" } ] }, @@ -90,21 +27,70 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft", + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "17.2.0", + "version_value": "17.2.10" + }, + { + "version_affected": "<", + "version_name": "15.9.0", + "version_value": "15.9.51" + }, + { + "version_affected": "<", + "version_name": "17.0.0", + "version_value": "17.3.7" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.11.0", + "version_value": "16.11.21" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { - "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41119", + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119", "refsource": "MISC", - "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41119" + "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119" } ] }, "impact": { - "cvss": { - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "baseScore": "7.8", - "temporalScore": "6.8", - "version": "3.1" - } + "cvss": [ + { + "version": "3.1", + "baseSeverity": "HIGH", + "baseScore": 7.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" + } + ] } } \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24469.json b/2023/24xxx/CVE-2023-24469.json index 5f7ad332ce5..a396f03b753 100644 --- a/2023/24xxx/CVE-2023-24469.json +++ b/2023/24xxx/CVE-2023-24469.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24469", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@opentext.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ArcSight Logger", + "version": { + "version_data": [ + { + "version_value": "versions prior to 7.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential Cross-Site Scripting (CVE-2023-24469) in ArcSight Logger versions prior to 7.3.0" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://portal.microfocus.com/s/article/KM000018224?language=en_US", + "url": "https://portal.microfocus.com/s/article/KM000018224?language=en_US" + }, + { + "refsource": "MISC", + "name": "https://www.microfocus.com/support/downloads/,", + "url": "https://www.microfocus.com/support/downloads/," + }, + { + "refsource": "MISC", + "name": "https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes/", + "url": "https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0" } ] } diff --git a/2023/31xxx/CVE-2023-31142.json b/2023/31xxx/CVE-2023-31142.json index fe9261b9819..3877ad24066 100644 --- a/2023/31xxx/CVE-2023-31142.json +++ b/2023/31xxx/CVE-2023-31142.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31142", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.0.4" + }, + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-286w-97m2-78x2" + } + ] + }, + "source": { + "advisory": "GHSA-286w-97m2-78x2", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 2, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32061.json b/2023/32xxx/CVE-2023-32061.json index e0cb6fdaec5..19fe6d84ceb 100644 --- a/2023/32xxx/CVE-2023-32061.json +++ b/2023/32xxx/CVE-2023-32061.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.0.4" + }, + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-prx4-49m8-874g" + } + ] + }, + "source": { + "advisory": "GHSA-prx4-49m8-874g", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32301.json b/2023/32xxx/CVE-2023-32301.json index 59274047064..d0203a9e56b 100644 --- a/2023/32xxx/CVE-2023-32301.json +++ b/2023/32xxx/CVE-2023-32301.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32301", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-116: Improper Encoding or Escaping of Output", + "cweId": "CWE-116" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.0.4" + }, + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-p2jx-m2j5-hqh4" + } + ] + }, + "source": { + "advisory": "GHSA-p2jx-m2j5-hqh4", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34250.json b/2023/34xxx/CVE-2023-34250.json index c057bbfac96..5086ff83609 100644 --- a/2023/34xxx/CVE-2023-34250.json +++ b/2023/34xxx/CVE-2023-34250.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34250", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "discourse", + "product": { + "product_data": [ + { + "product_name": "discourse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.0.4" + }, + { + "version_affected": "=", + "version_value": ">= 3.1.0.beta1, < 3.1.0.beta5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg", + "refsource": "MISC", + "name": "https://github.com/discourse/discourse/security/advisories/GHSA-q8m5-wmjr-3ppg" + } + ] + }, + "source": { + "advisory": "GHSA-q8m5-wmjr-3ppg", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" } ] }