admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-29 10:00:34 +00:00
parent 1aa64bcb39
commit dd35466989
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 431 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2023/45xxx/CVE-2023-45932.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2023-45932",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

4
2023/46xxx/CVE-2023-46050.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2023-46050",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

5
2023/48xxx/CVE-2023-48795.json
View File

@ -611,6 +611,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2024-a53b24023d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2024-3fd1bc9276",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
}
]
}

105
2024/0xxx/CVE-2024-0212.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0212",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@cloudflare.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cloudflare",
"product": {
"product_data": [
{
"product_name": "Cloudflare-WordPress",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.12.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.12.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2",
"refsource": "MISC",
"name": "https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2"
},
{
"url": "https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3",
"refsource": "MISC",
"name": "https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "lucius0101 (HackerOne Researcher)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}

113
2024/23xxx/CVE-2024-23790.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23790",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@otrs.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "8.0.x",
"version_value": "8.0.37"
},
{
"version_affected": "<=",
"version_name": "2023",
"version_value": "2023.1.1"
},
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.48"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/",
"refsource": "MISC",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2024-01/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "OSA-2024-01",
"defect": [
"Ticket#2023083042000825",
"Issue#1306"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div>Update to OTRS Patch 2024.1.1</div><div>Update to OTRS 7.0.49 (Long Term Support Users)<br></div><div><br></div><br>"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

107
2024/23xxx/CVE-2024-23791.json
View File

@ -1,17 +1,116 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23791",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@otrs.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Insertion of Sensitive Information into Log File",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.48"
},
{
"version_affected": "<=",
"version_name": "8.0.x",
"version_value": "8.0.37"
},
{
"version_affected": "<=",
"version_name": "2023.x",
"version_value": "2023.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/",
"refsource": "MISC",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2024-02/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "OSA-2024-02",
"defect": [
"Issue#1224",
"Ticket#2021091742001128"
],
"discovery": "USER"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div>Update to OTRS Patch 2024.1.1</div><div>Update to OTRS 7.0.49 (Long Term Support Users)</div><br>"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

113
2024/23xxx/CVE-2024-23792.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23792",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@otrs.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When adding attachments to ticket comments, \nanother user can add attachments as well impersonating the orginal user. The attack requires a \nlogged-in other user to know the UUID. While the legitimate user \ncompletes the comment, the malicious user can add more files to the \ncomment.\n\nThis issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OTRS AG",
"product": {
"product_data": [
{
"product_name": "OTRS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.x",
"version_value": "7.0.48"
},
{
"version_affected": "<=",
"version_name": "8.0.x",
"version_value": "8.0.37"
},
{
"version_affected": "<=",
"version_name": "2023.x",
"version_value": "2023.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/",
"refsource": "MISC",
"name": "https://otrs.com/release-notes/otrs-security-advisory-2024-03/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "OSA-2024-03",
"defect": [
"Issue#1392",
"Ticket#2023083042000825"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div>Update to OTRS Patch 2024.1.1</div><div>Update to OTRS 7.0.49 (Long Term Support Users)</div>"
}
],
"value": "Update to OTRS Patch 2024.1.1\n\nUpdate to OTRS 7.0.49 (Long Term Support Users)\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Matthias P\u00fcschel for reporting these vulnerability."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}