Auto-merge PR#1361

2025-08-04 08:44:25 +00:00 · 2021-04-15 17:20:15 -04:00 · 2021-04-15 17:20:15 -04:00 · dbb79e2edd
commit dbb79e2edd
parent 63667687f2 b396909c93
1 changed files with 76 additions and 6 deletions
--- a/2021/29xxx/CVE-2021-29450.json
+++ b/2021/29xxx/CVE-2021-29450.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-29450",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "WordPress Authenticated disclosure of password-protected posts and pages"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "wordpress-develop",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 4.70,< 5.7.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "WordPress"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.5,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "{\"CWE-200\":\"Exposure of Sensitive Information to an Unauthorized Actor\"}"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq"
+            },
+            {
+                "name": "https://wordpress.org/news/category/security/",
+                "refsource": "MISC",
+                "url": "https://wordpress.org/news/category/security/"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-pmmh-2f36-wvhq",
+        "discovery": "UNKNOWN"
    }
 }