From dc3cbfaf1f3c105231a36e134e00e2a3e41ccbce Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 5 Feb 2025 11:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/49xxx/CVE-2024-49352.json | 78 +++++++++++++++++++++++-- 2024/5xxx/CVE-2024-5528.json | 100 +++++++++++++++++++++++++++++++-- 2024/6xxx/CVE-2024-6356.json | 100 +++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9631.json | 100 +++++++++++++++++++++++++++++++-- 4 files changed, 362 insertions(+), 16 deletions(-) diff --git a/2024/49xxx/CVE-2024-49352.json b/2024/49xxx/CVE-2024-49352.json index ee5cefb24df..a13fc77d4e4 100644 --- a/2024/49xxx/CVE-2024-49352.json +++ b/2024/49xxx/CVE-2024-49352.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Cognos Analytics\u00a011.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7181480", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7181480" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/5xxx/CVE-2024-5528.json b/2024/5xxx/CVE-2024-5528.json index 49f288987f0..890af76a972 100644 --- a/2024/5xxx/CVE-2024-5528.json +++ b/2024/5xxx/CVE-2024-5528.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5528", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1023: Incomplete Comparison with Missing Factors", + "cweId": "CWE-1023" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.0", + "version_value": "16.11.6" + }, + { + "version_affected": "<", + "version_name": "17.0", + "version_value": "17.0.4" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/464558", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/464558" + }, + { + "url": "https://hackerone.com/reports/2523654", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2523654" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.11.6, 17.0.4, 17.1.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [fdeleite](https://hackerone.com/fdeleite) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" } ] } diff --git a/2024/6xxx/CVE-2024-6356.json b/2024/6xxx/CVE-2024-6356.json index 4c50de181a3..dd659e24a49 100644 --- a/2024/6xxx/CVE-2024-6356.json +++ b/2024/6xxx/CVE-2024-6356.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-6356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-286: Incorrect User Management", + "cweId": "CWE-286" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.0", + "version_value": "17.0.6" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1.4" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/469108", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/469108" + }, + { + "url": "https://hackerone.com/reports/2575051", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2575051" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 17.2.2, 17.1.4, 17.0.6 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/9xxx/CVE-2024-9631.json b/2024/9xxx/CVE-2024-9631.json index 7a2ac0b7945..0df51f843f7 100644 --- a/2024/9xxx/CVE-2024-9631.json +++ b/2024/9xxx/CVE-2024-9631.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-407: Inefficient Algorithmic Complexity", + "cweId": "CWE-407" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "13.6", + "version_value": "17.2.9" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3.5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/480867", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/480867" + }, + { + "url": "https://hackerone.com/reports/2650086", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2650086" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 17.2.9, 17.3.5, 17.4.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] }