admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-04-01 21:01:35 +00:00
parent 7c88fd3e32
commit dbb9daa1fe
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
17 changed files with 768 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2019/11xxx/CVE-2019-11254.json
View File

@ -128,12 +128,14 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/89535" "url": "https://github.com/kubernetes/kubernetes/issues/89535",
"name": "https://github.com/kubernetes/kubernetes/issues/89535"
}, },
{ {
"refsource": "MLIST", "refsource": "MISC",
"url": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ" "url": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ",
"name": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ"
} }
] ]
}, },
@ -143,4 +145,4 @@
], ],
"discovery": "INTERNAL" "discovery": "INTERNAL"
} }
} }

5
2019/19xxx/CVE-2019-19330.json
View File

@ -86,6 +86,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4212-1", "name": "USN-4212-1",
"url": "https://usn.ubuntu.com/4212-1/" "url": "https://usn.ubuntu.com/4212-1/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202004-01",
"url": "https://security.gentoo.org/glsa/202004-01"
} }
] ]
} }

48
2019/9xxx/CVE-2019-9163.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9163", "ID": "CVE-2019-9163",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.marchnetworks.com/cve-2019-9163/",
"url": "https://www.marchnetworks.com/cve-2019-9163/"
} }
] ]
} }

5
2020/10xxx/CVE-2020-10188.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216", "url": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216" "name": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-11ea78ff8e",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLU6FL24BSQQEB2SJC26NLJ2MANQDA7M/"
} }
] ]
} }

60
2020/10xxx/CVE-2020-10598.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10598", "ID": "CVE-2020-10598",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Becton, Dickinson and Company (BD)",
"product": {
"product_data": [
{
"product_name": "Pyxis MedStation ES System",
"version": {
"version_data": [
{
"version_value": "v1.6.1"
}
]
}
},
{
"product_name": "Pyxis Anesthesia (PAS) ES System",
"version": {
"version_data": [
{
"version_value": "v1.6.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PROTECTION MECHANISM FAILURE CWE-693"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-091-01",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-091-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially crafted inputs could allow the user to escape the restricted environment, resulting in access to sensitive data."
} }
] ]
} }

56
2020/10xxx/CVE-2020-10948.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-10948",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-10948",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/fireeye/Vulnerability-Disclosures/tree/master/FEYE-2020-0004",
"refsource": "MISC",
"name": "https://github.com/fireeye/Vulnerability-Disclosures/tree/master/FEYE-2020-0004"
} }
] ]
} }

18
2020/11xxx/CVE-2020-11462.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11462",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

72
2020/11xxx/CVE-2020-11463.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to get full access to all emails sent or received by the system including password reset emails, making it possible to reset any user's password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/",
"refsource": "MISC",
"name": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09"
}
]
}
}

86
2020/11xxx/CVE-2020-11464.json Normal file
View File

@ -0,0 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/",
"refsource": "MISC",
"name": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

86
2020/11xxx/CVE-2020-11465.json Normal file
View File

@ -0,0 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak current applications' configurations, including applications used as user sources (used for authentication). This enables an attacker to forge valid authentication models that resembles any user on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/",
"refsource": "MISC",
"name": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

86
2020/11xxx/CVE-2020-11466.json Normal file
View File

@ -0,0 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/",
"refsource": "MISC",
"name": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:H/I:L/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

86
2020/11xxx/CVE-2020-11467.json Normal file
View File

@ -0,0 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/",
"refsource": "MISC",
"name": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update"
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09",
"refsource": "MISC",
"name": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.0"
}
}
}

18
2020/11xxx/CVE-2020-11468.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

50
2020/1xxx/CVE-2020-1954.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1954", "ID": "CVE-2020-1954",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@apache.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache",
"product": {
"product_data": [
{
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_value": "affects all versions prior to 3.3.6 and 3.2.13"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2019 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
} }
] ]
} }

5
2020/6xxx/CVE-2020-6061.json
View File

@ -58,6 +58,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2020-305c173af8", "name": "FEDORA-2020-305c173af8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-6efa0fc869",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/"
} }
] ]
}, },

5
2020/6xxx/CVE-2020-6062.json
View File

@ -58,6 +58,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2020-305c173af8", "name": "FEDORA-2020-305c173af8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2020-6efa0fc869",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/"
} }
] ]
}, },

95
2020/8xxx/CVE-2020-8966.json
View File

@ -1,18 +1,101 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2020-03-31T11:30:00.000Z",
"ID": "CVE-2020-8966", "ID": "CVE-2020-8966",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tiki-Wiki Groupware",
"product": {
"product_data": [
{
"product_name": "Tiki-Wiki CMS",
"version": {
"version_data": [
{
"version_value": "through 20.0"
}
]
}
}
]
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Pablo Sebasti\u00e1n Arias Rodr\u00edguez, Rub\u00e9n Barber\u00e0 P\u00e9rez, Jorge Alberto Palma Reyes from S2Grupo at CSIRT-CV (Valencia CSIRT) with special thanks to the CSIRT-CV team "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page."
} }
] ]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software"
},
{
"name": "https://sourceforge.net/p/tikiwiki/code/75455",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/tikiwiki/code/75455"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to version 21.0"
}
],
"source": {
"advisory": "INCIBE-2020-0134",
"discovery": "EXTERNAL"
} }
} }