Auto-merge PR#4386

2025-05-08 03:27:03 +00:00 · 2020-07-22 13:35:19 -04:00 · 2020-07-22 13:35:19 -04:00 · e3b1a6d0a8
commit e3b1a6d0a8
parent bbaeb08d3b 78e116219d
1 changed files with 76 additions and 6 deletions
--- a/2020/15xxx/CVE-2020-15124.json
+++ b/2020/15xxx/CVE-2020-15124.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-15124",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Path traversal in Goobi viewer Core"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "goobi-viewer-core",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 4.8.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "intranda"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive information.\n\nThe vulnerability has been fixed in version 4.8.3"
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 9.6,
+            "baseSeverity": "CRITICAL",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/intranda/goobi-viewer-core/security/advisories/GHSA-7gwq-xqw3-cr63",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/intranda/goobi-viewer-core/security/advisories/GHSA-7gwq-xqw3-cr63"
+            },
+            {
+                "name": "https://github.com/intranda/goobi-viewer-core/commit/44ceb8e2e7e888391e8a941127171d6366770df3",
+                "refsource": "MISC",
+                "url": "https://github.com/intranda/goobi-viewer-core/commit/44ceb8e2e7e888391e8a941127171d6366770df3"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-7gwq-xqw3-cr63",
+        "discovery": "UNKNOWN"
    }
 }