From d34ea9badfbff6ff118b972f25fc734f342ab1f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 26 Oct 2020 14:01:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13332.json | 90 ++-------------------------------- 2020/25xxx/CVE-2020-25470.json | 56 ++++++++++++++++++--- 2020/27xxx/CVE-2020-27693.json | 18 +++++++ 2020/27xxx/CVE-2020-27694.json | 18 +++++++ 2020/27xxx/CVE-2020-27695.json | 18 +++++++ 2020/27xxx/CVE-2020-27696.json | 18 +++++++ 2020/27xxx/CVE-2020-27697.json | 18 +++++++ 7 files changed, 144 insertions(+), 92 deletions(-) create mode 100644 2020/27xxx/CVE-2020-27693.json create mode 100644 2020/27xxx/CVE-2020-27694.json create mode 100644 2020/27xxx/CVE-2020-27695.json create mode 100644 2020/27xxx/CVE-2020-27696.json create mode 100644 2020/27xxx/CVE-2020-27697.json diff --git a/2020/13xxx/CVE-2020-13332.json b/2020/13xxx/CVE-2020-13332.json index ef91b76292d..967735acced 100644 --- a/2020/13xxx/CVE-2020-13332.json +++ b/2020/13xxx/CVE-2020-13332.json @@ -4,97 +4,15 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13332", - "ASSIGNER": "cve@gitlab.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "GitLab", - "product": { - "product_data": [ - { - "product_name": "GitLab", - "version": { - "version_data": [ - { - "version_value": ">=8.11.0-rc6, <13.2.10" - }, - { - "version_value": ">=13.3.0, <13.3.7" - }, - { - "version_value": ">=13.4.0, <13.4.2" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper authorization in GitLab" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/33103", - "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/33103", - "refsource": "MISC" - }, - { - "name": "https://hackerone.com/reports/694932", - "url": "https://hackerone.com/reports/694932", - "refsource": "MISC" - }, - { - "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13332.json", - "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13332.json", - "refsource": "CONFIRM" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper access expiration date validation in GitLab version >=8.11.0-rc6+ allows user to have access to projects with expiration." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] - }, - "impact": { - "cvss": { - "vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "version": "3.1", - "baseScore": 7.5, - "baseSeverity": "HIGH" - } - }, - "credit": [ - { - "lang": "eng", - "value": "Thanks [henonoah](https://hackerone.com/henonoah) for reporting this vulnerability through our HackerOne bug bounty program" - } - ] + } } \ No newline at end of file diff --git a/2020/25xxx/CVE-2020-25470.json b/2020/25xxx/CVE-2020-25470.json index a1795580a66..6ce5dd4e379 100644 --- a/2020/25xxx/CVE-2020-25470.json +++ b/2020/25xxx/CVE-2020-25470.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25470", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25470", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/AntSwordProject/antSword/issues/256", + "refsource": "MISC", + "name": "https://github.com/AntSwordProject/antSword/issues/256" } ] } diff --git a/2020/27xxx/CVE-2020-27693.json b/2020/27xxx/CVE-2020-27693.json new file mode 100644 index 00000000000..3677e90acb6 --- /dev/null +++ b/2020/27xxx/CVE-2020-27693.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27693", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27694.json b/2020/27xxx/CVE-2020-27694.json new file mode 100644 index 00000000000..05bcebcd6a7 --- /dev/null +++ b/2020/27xxx/CVE-2020-27694.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27694", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27695.json b/2020/27xxx/CVE-2020-27695.json new file mode 100644 index 00000000000..131e834f711 --- /dev/null +++ b/2020/27xxx/CVE-2020-27695.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27695", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27696.json b/2020/27xxx/CVE-2020-27696.json new file mode 100644 index 00000000000..51872c1517a --- /dev/null +++ b/2020/27xxx/CVE-2020-27696.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27696", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27697.json b/2020/27xxx/CVE-2020-27697.json new file mode 100644 index 00000000000..1a64587dc54 --- /dev/null +++ b/2020/27xxx/CVE-2020-27697.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-27697", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file