admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-29 23:00:34 +00:00
parent 1f77b98236
commit eba7bfb71b
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
3 changed files with 201 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
2024/33xxx/CVE-2024-33522.json
View File

@ -1,17 +1,178 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-33522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@tigera.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tigera",
"product": {
"product_data": [
{
"product_name": "Calico",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "v3.26.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "v3.27.3",
"status": "affected",
"version": "v3.27.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v3.28.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Calico Enterprise ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v3.17.4"
},
{
"version_affected": "<",
"version_name": "v3.18.0",
"version_value": "v3.18.2"
},
{
"version_affected": "<",
"version_name": "v3.19.0-1.0",
"version_value": "v3.19.0-2.0"
}
]
}
},
{
"product_name": "Calico Cloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v19.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectcalico/calico/issues/7981",
"refsource": "MISC",
"name": "https://github.com/projectcalico/calico/issues/7981"
},
{
"url": "https://github.com/projectcalico/calico/pull/8447",
"refsource": "MISC",
"name": "https://github.com/projectcalico/calico/pull/8447"
},
{
"url": "https://github.com/projectcalico/calico/pull/8517",
"refsource": "MISC",
"name": "https://github.com/projectcalico/calico/pull/8517"
},
{
"url": "https://www.tigera.io/security-bulletins-tta-2024-001/",
"refsource": "MISC",
"name": "https://www.tigera.io/security-bulletins-tta-2024-001/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Christopher Alonso (Github: @latortuga71)"
},
{
"lang": "en",
"value": "Anthony Tam"
},
{
"lang": "en",
"value": "Behnam Shobiri"
},
{
"lang": "en",
"value": "Pedro Coutinho"
},
{
"lang": "en",
"value": "Matt Dupre"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2024/34xxx/CVE-2024-34042.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-34042",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/4xxx/CVE-2024-4332.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4332",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}