From f4f497fb9a68d0e8a56b48e037b78d26f663c8fd Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Sat, 23 Sep 2023 20:00:33 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2020/21xxx/CVE-2020-21047.json |   5 ++
 2022/3xxx/CVE-2022-3962.json   | 136 ++++++++++++++++++++++++++++++++-
 2 files changed, 137 insertions(+), 4 deletions(-)

diff --git a/2020/21xxx/CVE-2020-21047.json b/2020/21xxx/CVE-2020-21047.json
index bb9a5b710c0..87f8eb95fe4 100644
--- a/2020/21xxx/CVE-2020-21047.json
+++ b/2020/21xxx/CVE-2020-21047.json
@@ -61,6 +61,11 @@
                 "url": "https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=99dc63b10b3878616b85df2dfd2e4e7103e414b8",
                 "refsource": "MISC",
                 "name": "https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=99dc63b10b3878616b85df2dfd2e4e7103e414b8"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20230923 [SECURITY] [DLA 3579-1] elfutils security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html"
             }
         ]
     }
diff --git a/2022/3xxx/CVE-2022-3962.json b/2022/3xxx/CVE-2022-3962.json
index 2bafe5923cc..8fd66c6ddbc 100644
--- a/2022/3xxx/CVE-2022-3962.json
+++ b/2022/3xxx/CVE-2022-3962.json
@@ -1,17 +1,145 @@
 {
+    "data_version": "4.0",
     "data_type": "CVE",
     "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2022-3962",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "secalert@redhat.com",
+        "STATE": "PUBLIC"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
+                        "cweId": "CWE-74"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "service-mesh",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "versions": [
+                                                    {
+                                                        "version": "2.3.1",
+                                                        "status": "unaffected"
+                                                    }
+                                                ]
+                                            }
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                },
+                {
+                    "vendor_name": "Red Hat",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Red Hat OpenShift Service Mesh 2.3 for RHEL 8",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "versions": [
+                                                    {
+                                                        "version": "1.57.5-3",
+                                                        "lessThan": "*",
+                                                        "versionType": "rpm",
+                                                        "status": "unaffected"
+                                                    }
+                                                ],
+                                                "defaultStatus": "affected"
+                                            }
+                                        }
+                                    ]
+                                }
+                            },
+                            {
+                                "product_name": "OpenShift Service Mesh 2.1",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "not down converted",
+                                            "x_cve_json_5_version_data": {
+                                                "defaultStatus": "affected"
+                                            }
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://access.redhat.com/errata/RHSA-2023:0542",
+                "refsource": "MISC",
+                "name": "https://access.redhat.com/errata/RHSA-2023:0542"
+            },
+            {
+                "url": "https://access.redhat.com/security/cve/CVE-2022-3962",
+                "refsource": "MISC",
+                "name": "https://access.redhat.com/security/cve/CVE-2022-3962"
+            },
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148661",
+                "refsource": "MISC",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2148661"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "This issue was discovered by John Mazzitelli (Red Hat)."
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "NONE",
+                "baseScore": 4.3,
+                "baseSeverity": "MEDIUM",
+                "confidentialityImpact": "NONE",
+                "integrityImpact": "LOW",
+                "privilegesRequired": "NONE",
+                "scope": "UNCHANGED",
+                "userInteraction": "REQUIRED",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+                "version": "3.1"
             }
         ]
     }