admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3231

Browse Source 
Auto-merge PR#3231
This commit is contained in:
CVE Team 2020-02-12 09:10:13 -05:00 committed by GitHub
commit e3757606c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 302 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2019/20xxx/CVE-2019-20098.json
View File

@ -1,18 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2020-02-03T00:00:00",
"ID": "CVE-2019-20098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.7.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-70605"
},
{
"url": "https://www.tenable.com/security/research/tra-2020-05"
}
]
}
}
}

62
2019/20xxx/CVE-2019-20099.json
View File

@ -1,18 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2020-02-03T00:00:00",
"ID": "CVE-2019-20099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.7.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-70606"
},
{
"url": "https://www.tenable.com/security/research/tra-2020-05"
}
]
}
}
}

107
2019/20xxx/CVE-2019-20100.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-20100",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2020-02-03T00:00:00",
"ID": "CVE-2019-20100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Links",
"version": {
"version_data": [
{
"version_value": "5.4.21",
"version_affected": "<"
},
{
"version_value": "6.0.0",
"version_affected": ">="
},
{
"version_value": "6.0.12",
"version_affected": "<"
},
{
"version_value": "6.1.0",
"version_affected": ">="
},
{
"version_value": "6.1.2",
"version_affected": "<"
},
{
"version_value": "7.0.0",
"version_affected": ">="
},
{
"version_value": "7.0.2",
"version_affected": "<"
},
{
"version_value": "7.1.0",
"version_affected": ">="
},
{
"version_value": "7.1.3",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.7.0",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ecosystem.atlassian.net/browse/APL-1390"
},
{
"url": "https://jira.atlassian.com/browse/JRASERVER-70607"
},
{
"url": "https://www.tenable.com/security/research/tra-2020-06"
}
]
}
}
}

163
2019/20xxx/CVE-2019-20406.json
View File

@ -1,72 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-02-05T00:00:00",
"ID": "CVE-2019-20406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Confluence Data Center",
"version": {
"version_data": [
{
"version_value": "7.0.5",
"version_affected": "<"
},
{
"version_value": "7.1.0",
"version_affected": ">="
},
{
"version_value": "7.1.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-02-05T00:00:00",
"ID": "CVE-2019-20406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Confluence Server",
"version": {
"version_data": [
{
"version_value": "7.0.5",
"version_affected": "<"
},
{
"version_value": "7.1.0",
"version_affected": ">="
},
{
"version_value": "7.1.1",
"version_affected": "<"
}
]
}
}
]
},
"product": {
"product_data": [
{
"product_name": "Confluence Data Center",
"version": {
"version_data": [
{
"version_value": "7.0.5",
"version_affected": "<"
},
{
"version_value": "7.1.0",
"version_affected": ">="
},
{
"version_value": "7.1.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-59428",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-59428"
}
]
}
}
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-59428",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/CONFSERVER-59428"
}
]
}
}