mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-07 11:06:39 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
dbad099199
commit
f682e21f56
@ -1,17 +1,157 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-29449",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@zabbix.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access. "
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-400 Uncontrolled Resource Consumption",
|
||||
"cweId": "CWE-400"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Zabbix",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Zabbix",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"lessThanOrEqual": "4.4.*",
|
||||
"status": "affected",
|
||||
"version": "4.4.4",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "5.0.32rc1",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "5.0.31",
|
||||
"status": "affected",
|
||||
"version": "5.0.0alpha1",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "5.2.*",
|
||||
"status": "affected",
|
||||
"version": "5.2.0alpha1",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"lessThanOrEqual": "5.4.*",
|
||||
"status": "affected",
|
||||
"version": "5.4.0alpha1",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "6.0.14rc1 (6.0.16 is recommended)",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "6.0.13",
|
||||
"status": "affected",
|
||||
"version": "6.0.0alpha1",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "6.2.8rc1",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "6.2.7",
|
||||
"status": "affected",
|
||||
"version": "6.2.0alpha1",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "6.4.0rc2",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "6.4.0beta6",
|
||||
"status": "affected",
|
||||
"version": "6.4.0alpha1 ",
|
||||
"versionType": "git"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://support.zabbix.com/browse/ZBX-22589",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.zabbix.com/browse/ZBX-22589"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,148 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-29450",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@zabbix.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user \"zabbix\") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-552 Files or Directories Accessible to External Parties",
|
||||
"cweId": "CWE-552"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Zabbix",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Zabbix",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "5.0.32rc1",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "5.0.31",
|
||||
"status": "affected",
|
||||
"version": "5.0",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "6.0.14rc1 (6.0.16 is recommended)",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "6.0.13",
|
||||
"status": "affected",
|
||||
"version": "6.0",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "6.2.8rc1",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "6.2.7",
|
||||
"status": "affected",
|
||||
"version": "6.2",
|
||||
"versionType": "git"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "6.4.0rc2",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "6.4.0rc1",
|
||||
"status": "affected",
|
||||
"version": "6.4",
|
||||
"versionType": "git"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://support.zabbix.com/browse/ZBX-22588",
|
||||
"refsource": "MISC",
|
||||
"name": "https://support.zabbix.com/browse/ZBX-22588"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user