From d08b2bf2545c55cb103f6176fdc95d5f69819249 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Feb 2023 22:02:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/3xxx/CVE-2022-3193.json | 48 +++++++++++++++++++----------------- 2022/3xxx/CVE-2022-3238.json | 48 +++++++++++++++++++----------------- 2022/3xxx/CVE-2022-3259.json | 40 +++++------------------------- 2022/3xxx/CVE-2022-3260.json | 48 +++++++++++++++++++----------------- 2022/3xxx/CVE-2022-3262.json | 48 +++++++++++++++++++----------------- 2022/3xxx/CVE-2022-3644.json | 48 +++++++++++++++++++----------------- 2022/3xxx/CVE-2022-3650.json | 48 +++++++++++++++++++----------------- 7 files changed, 156 insertions(+), 172 deletions(-) diff --git a/2022/3xxx/CVE-2022-3193.json b/2022/3xxx/CVE-2022-3193.json index fe0a3d2c494..8c44d9deb90 100644 --- a/2022/3xxx/CVE-2022-3193.json +++ b/2022/3xxx/CVE-2022-3193.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3193", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter \"error_description\" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "ovirt-engine 4.3" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126353", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2126353", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126353" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter \"error_description\" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2126353" } ] } diff --git a/2022/3xxx/CVE-2022-3238.json b/2022/3xxx/CVE-2022-3238.json index 76f038cba2b..7bc7839d066 100644 --- a/2022/3xxx/CVE-2022-3238.json +++ b/2022/3xxx/CVE-2022-3238.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3238", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free flaw was found in the Linux kernel\u2019s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-459", + "cweId": "CWE-459" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "Linux kernel 6.1-rc2" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-459" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127927", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2127927", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127927" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A double-free flaw was found in the Linux kernel\u2019s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2127927" } ] } diff --git a/2022/3xxx/CVE-2022-3259.json b/2022/3xxx/CVE-2022-3259.json index f1e61fcb588..0297ea60b13 100644 --- a/2022/3xxx/CVE-2022-3259.json +++ b/2022/3xxx/CVE-2022-3259.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "CVE-2022-3259 OpenShift: Missing HTTP Strict Transport Security" + "value": "Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks." } ] }, @@ -21,7 +21,7 @@ "description": [ { "lang": "eng", - "value": "Improper Initialization", + "value": "CWE-665", "cweId": "CWE-665" } ] @@ -32,16 +32,16 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Red Hat", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "Red Hat OpenShift Container Platform 4.12", + "product_name": "OpenShift", "version": { "version_data": [ { - "version_value": "0:4.12.0-202301042257.p0.g77bec7a.assembly.stream.el8", - "version_affected": "!" + "version_affected": "=", + "version_value": "4.9.0" } ] } @@ -54,39 +54,11 @@ }, "references": { "reference_data": [ - { - "url": "https://access.redhat.com/errata/RHSA-2022:7398", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2022:7398" - }, - { - "url": "https://access.redhat.com/security/cve/CVE-2022-3259", - "refsource": "MISC", - "name": "https://access.redhat.com/security/cve/CVE-2022-3259" - }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103220", "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2103220" } ] - }, - "impact": { - "cvss": [ - { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version": "3.1" - } - ] } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3260.json b/2022/3xxx/CVE-2022-3260.json index de8767c4b79..6e57e532a6f 100644 --- a/2022/3xxx/CVE-2022-3260.json +++ b/2022/3xxx/CVE-2022-3260.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3260", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1021", + "cweId": "CWE-1021" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "4.9" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-1021" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106780", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2106780", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106780" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2106780" } ] } diff --git a/2022/3xxx/CVE-2022-3262.json b/2022/3xxx/CVE-2022-3262.json index f62bffc05a2..578e7fc3617 100644 --- a/2022/3xxx/CVE-2022-3262.json +++ b/2022/3xxx/CVE-2022-3262.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3262", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in Openshift. A pod with a DNSPolicy of \"ClusterFirst\" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-453", + "cweId": "CWE-453" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "4.9" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-453" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128858", "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2128858", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128858" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was found in Openshift. A pod with a DNSPolicy of \"ClusterFirst\" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability." + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2128858" } ] } diff --git a/2022/3xxx/CVE-2022-3644.json b/2022/3xxx/CVE-2022-3644.json index f7f00561313..4285b2db4ab 100644 --- a/2022/3xxx/CVE-2022-3644.json +++ b/2022/3xxx/CVE-2022-3644.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3644", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256", + "cweId": "CWE-256" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "0.15" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-256" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234", "refsource": "MISC", - "name": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234", - "url": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only." + "name": "https://github.com/pulp/pulp_ansible/blob/main/pulp_ansible/app/models.py#L234" } ] } diff --git a/2022/3xxx/CVE-2022-3650.json b/2022/3xxx/CVE-2022-3650.json index 03d5de1a7ca..6ce09fdb970 100644 --- a/2022/3xxx/CVE-2022-3650.json +++ b/2022/3xxx/CVE-2022-3650.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3650", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-842", + "cweId": "CWE-842" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,6 +40,7 @@ "version": { "version_data": [ { + "version_affected": "=", "version_value": "unknown" } ] @@ -30,32 +52,12 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-842" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://seclists.org/oss-sec/2022/q4/41", "refsource": "MISC", - "name": "https://seclists.org/oss-sec/2022/q4/41", - "url": "https://seclists.org/oss-sec/2022/q4/41" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information." + "name": "https://seclists.org/oss-sec/2022/q4/41" } ] }