admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-10 00:00:36 +00:00
parent df215bf151
commit ef658ef484
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
27 changed files with 549 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2022/3xxx/CVE-2022-3304.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "106.0.5249.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3370.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "106.0.5249.91",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3373.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chrome security severity: High)"
"value": "Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "106.0.5249.91",
"version_affected": "<"
"version_affected": "="
}
]
}

85
2022/3xxx/CVE-2022-3413.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=14.5, <15.3.5"
},
{
"version_value": ">=15.4, <15.4.4"
},
{
"version_value": ">=15.5, <15.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/374926",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/374926",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

4
2022/3xxx/CVE-2022-3443.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chrome security severity: Low)"
"value": "Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "106.0.5249.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3444.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chrome security severity: Low)"
"value": "Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "106.0.5249.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3652.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3653.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3654.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3655.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Medium)"
"value": "Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3656.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chrome security severity: Medium)"
"value": "Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3657.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chrome security severity: Medium)"
"value": "Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3658.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chrome security severity: Medium)"
"value": "Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3659.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chrome security severity: Medium)"
"value": "Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: Medium)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3660.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chrome security severity: Medium)"
"value": "Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3661.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chrome security severity: Low)"
"value": "Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.62",
"version_affected": "<"
"version_affected": "="
}
]
}

85
2022/3xxx/CVE-2022-3706.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3706",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=7.14, <15.3.5"
},
{
"version_value": ">=15.4, <15.4.4"
},
{
"version_value": ">=15.5, <15.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/365532",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/365532",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.0,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

4
2022/3xxx/CVE-2022-3723.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.87",
"version_affected": "<"
"version_affected": "="
}
]
}

90
2022/3xxx/CVE-2022-3726.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.6, <15.3.5"
},
{
"version_value": ">=15.4, <15.4.4"
},
{
"version_value": ">=15.5, <15.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Protection mechanism failure in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/362509",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/362509",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1563383",
"url": "https://hackerone.com/reports/1563383",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

85
2022/3xxx/CVE-2022-3793.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3793",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.6, <15.3.5"
},
{
"version_value": ">=15.4, <15.4.4"
},
{
"version_value": ">=15.5, <15.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/372120",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/372120",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3793.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3793.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

85
2022/3xxx/CVE-2022-3818.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3818",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "<15.3.5"
},
{
"version_value": ">=15.4, <15.4.4"
},
{
"version_value": ">=15.5, <15.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/358170",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/358170",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

85
2022/3xxx/CVE-2022-3819.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3819",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=15.0, <15.3.5"
},
{
"version_value": ">=15.4, <15.4.4"
},
{
"version_value": ">=15.5, <15.5.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/365847",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/365847",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3819.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3819.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

4
2022/3xxx/CVE-2022-3885.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.106",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3886.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.106",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3887.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.106",
"version_affected": "<"
"version_affected": "="
}
]
}

4
2022/3xxx/CVE-2022-3889.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)"
"value": "Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
@ -40,7 +40,7 @@
"version_data": [
{
"version_value": "107.0.5304.106",
"version_affected": "<"
"version_affected": "="
}
]
}

18
2022/3xxx/CVE-2022-3920.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}