Updates CWE as per NVD audit

2025-08-04 08:44:25 +00:00 · 2022-08-01 14:31:50 +02:00 · 2022-08-01 14:31:50 +02:00 · eb2aa2b1c0
commit eb2aa2b1c0
parent 8da47f1bec
9 changed files with 37 additions and 13 deletions
--- a/2021/24xxx/CVE-2021-24347.json
+++ b/2021/24xxx/CVE-2021-24347.json
@ -66,7 +66,7 @@
            {
                "description": [
                    {
-                        "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
+                        "value": "CWE-178 Improper Handling of Case Sensitivity",
                        "lang": "eng"
                    }
                ]
@ -82,4 +82,4 @@
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}
--- a/2021/24xxx/CVE-2021-24349.json
+++ b/2021/24xxx/CVE-2021-24349.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24728.json
+++ b/2021/24xxx/CVE-2021-24728.json
@ -66,7 +66,7 @@
            {
                "description": [
                    {
-                        "value": "CWE-79 Cross-site Scripting (XSS)",
+                        "value": "CWE-89 SQL Injection",
                        "lang": "eng"
                    }
                ]
@ -82,4 +82,4 @@
    "source": {
        "discovery": "UNKNOWN"
    }
-}
+}
--- a/2021/24xxx/CVE-2021-24739.json
+++ b/2021/24xxx/CVE-2021-24739.json
@ -56,7 +56,7 @@
      {
        "description": [
          {
-            "value": "CWE-285 Improper Authorization",
+            "value": "CWE-639 Authorization Bypass Through User-Controlled Key",
            "lang": "eng"
          }
        ]
--- a/2021/24xxx/CVE-2021-24822.json
+++ b/2021/24xxx/CVE-2021-24822.json
@ -60,6 +60,14 @@
            "lang": "eng"
          }
        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
+            "lang": "eng"
+          }
+        ]
      }
    ]
  },
--- a/2021/24xxx/CVE-2021-24836.json
+++ b/2021/24xxx/CVE-2021-24836.json
@ -56,7 +56,15 @@
      {
        "description": [
          {
-            "value": "CWE-863 Incorrect Authorization",
+            "value": "CWE-862 Missing Authorization",
+            "lang": "eng"
+          }
+        ]
+      },
+      {
+        "description": [
+          {
+            "value": "CWE-352 Cross-Site Request Forgery (CSRF)",
            "lang": "eng"
          }
        ]
@ -72,4 +80,4 @@
  "source": {
    "discovery": "EXTERNAL"
  }
-}
+}
--- a/2021/25xxx/CVE-2021-25094.json
+++ b/2021/25xxx/CVE-2021-25094.json
@ -66,7 +66,7 @@
            {
                "description": [
                    {
-                        "value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
+                        "value": "CWE-306 Missing Authentication for Critical Function",
                        "lang": "eng"
                    }
                ]
@ -82,4 +82,4 @@
    "source": {
        "discovery": "EXTERNAL"
    }
-}
+}
--- a/2022/0xxx/CVE-2022-0594.json
+++ b/2022/0xxx/CVE-2022-0594.json
@ -56,7 +56,7 @@
      {
        "description": [
          {
-            "value": "CWE-200 Information Exposure",
+            "value": "CWE-863 Incorrect Authorization",
            "lang": "eng"
          }
        ]
@ -72,4 +72,4 @@
  "source": {
    "discovery": "EXTERNAL"
  }
-}
+}
--- a/2022/2xxx/CVE-2022-2268.json
+++ b/2022/2xxx/CVE-2022-2268.json
@ -56,7 +56,7 @@
      {
        "description": [
          {
-            "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
+            "value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
            "lang": "eng"
          }
        ]
@ -72,4 +72,4 @@
  "source": {
    "discovery": "EXTERNAL"
  }
-}
+}