diff --git a/2021/41xxx/CVE-2021-41259.json b/2021/41xxx/CVE-2021-41259.json index 20fdfb6a045..902534f2328 100644 --- a/2021/41xxx/CVE-2021-41259.json +++ b/2021/41xxx/CVE-2021-41259.json @@ -1,10 +1,10 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41259", - "ASSIGNER": "security-advisories@github.com", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, "description": { diff --git a/2023/1xxx/CVE-2023-1918.json b/2023/1xxx/CVE-2023-1918.json index 70b62a82c4d..50f62d4e22a 100644 --- a/2023/1xxx/CVE-2023-1918.json +++ b/2023/1xxx/CVE-2023-1918.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c?source=cve", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1919.json b/2023/1xxx/CVE-2023-1919.json index a427b5976f9..be1b123c313 100644 --- a/2023/1xxx/CVE-2023-1919.json +++ b/2023/1xxx/CVE-2023-1919.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/024f4058-065b-48b4-a08a-d9732d4375cd?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/024f4058-065b-48b4-a08a-d9732d4375cd?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1920.json b/2023/1xxx/CVE-2023-1920.json index 520ed82db4a..e076fbda57f 100644 --- a/2023/1xxx/CVE-2023-1920.json +++ b/2023/1xxx/CVE-2023-1920.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e90994-3b5c-4ae6-a27f-890a9101b440?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e90994-3b5c-4ae6-a27f-890a9101b440?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1921.json b/2023/1xxx/CVE-2023-1921.json index c84b10b7ef0..37742bc6bbd 100644 --- a/2023/1xxx/CVE-2023-1921.json +++ b/2023/1xxx/CVE-2023-1921.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17c7c61d-c110-448e-ad8a-bc1c00393524?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17c7c61d-c110-448e-ad8a-bc1c00393524?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1922.json b/2023/1xxx/CVE-2023-1922.json index c782f2a3dd7..6809feeae43 100644 --- a/2023/1xxx/CVE-2023-1922.json +++ b/2023/1xxx/CVE-2023-1922.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1743b26-861e-4a61-80de-b8cc82308228?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1743b26-861e-4a61-80de-b8cc82308228?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1923.json b/2023/1xxx/CVE-2023-1923.json index b12cea8c389..8f4849c325d 100644 --- a/2023/1xxx/CVE-2023-1923.json +++ b/2023/1xxx/CVE-2023-1923.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1924.json b/2023/1xxx/CVE-2023-1924.json index 383bc5146a4..50093080570 100644 --- a/2023/1xxx/CVE-2023-1924.json +++ b/2023/1xxx/CVE-2023-1924.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a87f610a-c1ef-4365-bd74-569989587d41?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a87f610a-c1ef-4365-bd74-569989587d41?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1925.json b/2023/1xxx/CVE-2023-1925.json index 9e66b828b42..5b4fb061be2 100644 --- a/2023/1xxx/CVE-2023-1925.json +++ b/2023/1xxx/CVE-2023-1925.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/096257a4-6ee9-41e1-8a59-4ffcd309f83c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/096257a4-6ee9-41e1-8a59-4ffcd309f83c?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1926.json b/2023/1xxx/CVE-2023-1926.json index 4a5a4758a7e..b41d2cf2dfa 100644 --- a/2023/1xxx/CVE-2023-1926.json +++ b/2023/1xxx/CVE-2023-1926.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b793a4cb-3130-428e-9b61-8ce29fcdaf70?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b793a4cb-3130-428e-9b61-8ce29fcdaf70?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1927.json b/2023/1xxx/CVE-2023-1927.json index 0daa06253df..f30d490b989 100644 --- a/2023/1xxx/CVE-2023-1927.json +++ b/2023/1xxx/CVE-2023-1927.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1928.json b/2023/1xxx/CVE-2023-1928.json index bec29e3645c..3410dfaf4b4 100644 --- a/2023/1xxx/CVE-2023-1928.json +++ b/2023/1xxx/CVE-2023-1928.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-862 Missing Authorization" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56a90042-a6c0-4487-811b-ced23c97f9f4?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56a90042-a6c0-4487-811b-ced23c97f9f4?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1929.json b/2023/1xxx/CVE-2023-1929.json index 27194bd051d..1cb1b9b616b 100644 --- a/2023/1xxx/CVE-2023-1929.json +++ b/2023/1xxx/CVE-2023-1929.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-862 Missing Authorization" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e567aec-07e5-494a-936d-93b40d3e3043?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e567aec-07e5-494a-936d-93b40d3e3043?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1930.json b/2023/1xxx/CVE-2023-1930.json index eacb92ca067..4f2ebbbd82e 100644 --- a/2023/1xxx/CVE-2023-1930.json +++ b/2023/1xxx/CVE-2023-1930.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-862 Missing Authorization" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1931.json b/2023/1xxx/CVE-2023-1931.json index 50283f7d423..817cea03561 100644 --- a/2023/1xxx/CVE-2023-1931.json +++ b/2023/1xxx/CVE-2023-1931.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "[PUSHED PREMATURELY] Information temporarily redacted until it should be made public." + "value": "The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion." } ] }, @@ -21,8 +21,7 @@ "description": [ { "lang": "eng", - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "cweId": "CWE-352" + "value": "CWE-862 Missing Authorization" } ] } @@ -32,16 +31,17 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Redacted Software", + "vendor_name": "emrevona", "product": { "product_data": [ { - "product_name": "Redacted Product Name", + "product_name": "WP Fastest Cache", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "0.0" + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" } ] } @@ -55,33 +55,30 @@ "references": { "reference_data": [ { - "url": "https://wordfence.com", + "url": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1", "refsource": "MISC", - "name": "https://wordfence.com" + "name": "https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=cve" } ] }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], "impact": { "cvss": [ { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/28xxx/CVE-2023-28706.json b/2023/28xxx/CVE-2023-28706.json index 3c1bfa1b7b5..8842b4c4c2a 100644 --- a/2023/28xxx/CVE-2023-28706.json +++ b/2023/28xxx/CVE-2023-28706.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow Hive Provider", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/apache/airflow/pull/30212", + "refsource": "MISC", + "name": "https://github.com/apache/airflow/pull/30212" + }, + { + "url": "https://lists.apache.org/thread/dl20xxd51xvlx0zzc0wzgxfjwgtbbxo3", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/dl20xxd51xvlx0zzc0wzgxfjwgtbbxo3" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "sw0rd1ight of Caiji Sec Team and 4ra1n of Chaitin Tech" + } + ] } \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28707.json b/2023/28xxx/CVE-2023-28707.json index ce016a67b4c..34e50ea8b3b 100644 --- a/2023/28xxx/CVE-2023-28707.json +++ b/2023/28xxx/CVE-2023-28707.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow Drill Provider", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/apache/airflow/pull/30215", + "refsource": "MISC", + "name": "https://github.com/apache/airflow/pull/30215" + }, + { + "url": "https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Kai Zhao of 3H Secruity Team" + } + ] } \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28710.json b/2023/28xxx/CVE-2023-28710.json index 1a4dbbb06b3..a0caa208b87 100644 --- a/2023/28xxx/CVE-2023-28710.json +++ b/2023/28xxx/CVE-2023-28710.json @@ -1,18 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow Spark Provider", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/apache/airflow/pull/30223", + "refsource": "MISC", + "name": "https://github.com/apache/airflow/pull/30223" + }, + { + "url": "https://lists.apache.org/thread/lb9w9114ow00h2nkn8bjm106v5x1p1d2", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/lb9w9114ow00h2nkn8bjm106v5x1p1d2" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Xie Jianming of Nsfocus" + } + ] } \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28781.json b/2023/28xxx/CVE-2023-28781.json index bcfa8b2f33f..94030cc35a6 100644 --- a/2023/28xxx/CVE-2023-28781.json +++ b/2023/28xxx/CVE-2023-28781.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cimatti Consulting", + "product": { + "product_data": [ + { + "product_name": "WordPress Contact Forms by Cimatti", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.5.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.5.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-forms/wordpress-contact-forms-by-cimatti-plugin-1-5-4-unauth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/contact-forms/wordpress-contact-forms-by-cimatti-plugin-1-5-4-unauth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.5.5 or a higher version." + } + ], + "value": "Update to\u00a01.5.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "thiennv (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/28xxx/CVE-2023-28789.json b/2023/28xxx/CVE-2023-28789.json index e914e4f4513..d12afdc9b63 100644 --- a/2023/28xxx/CVE-2023-28789.json +++ b/2023/28xxx/CVE-2023-28789.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cimatti Consulting", + "product": { + "product_data": [ + { + "product_name": "WordPress Contact Forms by Cimatti", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.5.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.5.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-forms/wordpress-contact-forms-by-cimatti-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/contact-forms/wordpress-contact-forms-by-cimatti-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.5.5 or a higher version." + } + ], + "value": "Update to\u00a01.5.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "thiennv (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/28xxx/CVE-2023-28792.json b/2023/28xxx/CVE-2023-28792.json index b904403dc77..1374c441e56 100644 --- a/2023/28xxx/CVE-2023-28792.json +++ b/2023/28xxx/CVE-2023-28792.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "I Thirteen Web Solution", + "product": { + "product_data": [ + { + "product_name": "Continuous Image Carousel With Lightbox", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.16", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.15", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/continuous-image-carousel-with-lightbox/wordpress-continuous-image-carousel-with-lightbox-plugin-1-0-15-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/continuous-image-carousel-with-lightbox/wordpress-continuous-image-carousel-with-lightbox-plugin-1-0-15-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.16 or a higher version." + } + ], + "value": "Update to\u00a01.0.16 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "thiennv (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29170.json b/2023/29xxx/CVE-2023-29170.json index 5d51b36f4fd..6a83f669596 100644 --- a/2023/29xxx/CVE-2023-29170.json +++ b/2023/29xxx/CVE-2023-29170.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29170", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PI Websolution", + "product": { + "product_data": [ + { + "product_name": "Product Enquiry for WooCommerce, WooCommerce product catalog", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.2.13", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.2.12", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/enquiry-quotation-for-woocommerce/wordpress-product-enquiry-for-woocommerce-plugin-2-2-12-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/enquiry-quotation-for-woocommerce/wordpress-product-enquiry-for-woocommerce-plugin-2-2-12-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.2.13 or a higher version." + } + ], + "value": "Update to\u00a02.2.13 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "MyungJu Kim (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29171.json b/2023/29xxx/CVE-2023-29171.json index f780eea65ed..b53671a493e 100644 --- a/2023/29xxx/CVE-2023-29171.json +++ b/2023/29xxx/CVE-2023-29171.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29171", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Magic Post Thumbnail", + "product": { + "product_data": [ + { + "product_name": "Magic Post Thumbnail", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.1.11", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.1.10", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/magic-post-thumbnail/wordpress-magic-post-thumbnail-plugin-4-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/magic-post-thumbnail/wordpress-magic-post-thumbnail-plugin-4-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.1.11 or a higher version." + } + ], + "value": "Update to\u00a04.1.11 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "minhtuanact (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29172.json b/2023/29xxx/CVE-2023-29172.json index 2dc05ac38e9..7b3becefeea 100644 --- a/2023/29xxx/CVE-2023-29172.json +++ b/2023/29xxx/CVE-2023-29172.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PropertyHive", + "product": { + "product_data": [ + { + "product_name": "PropertyHive", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.5.47", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.5.46", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-1-5-46-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-1-5-46-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.5.47 or a higher version." + } + ], + "value": "Update to\u00a01.5.47 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "minhtuanact (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29388.json b/2023/29xxx/CVE-2023-29388.json index df386359790..54938b85181 100644 --- a/2023/29xxx/CVE-2023-29388.json +++ b/2023/29xxx/CVE-2023-29388.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "impleCode", + "product": { + "product_data": [ + { + "product_name": "Product Catalog Simple", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.7.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.6.17", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/post-type-x/wordpress-product-catalog-simple-plugin-1-6-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/post-type-x/wordpress-product-catalog-simple-plugin-1-6-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.7.0 or a higher version." + } + ], + "value": "Update to\u00a01.7.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "minhtuanact (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] }