From f7a81583753924968a9b7d91885e851b2e960e59 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Apr 2020 00:01:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11001.json | 2 +- 2020/11xxx/CVE-2020-11003.json | 2 +- 2020/5xxx/CVE-2020-5260.json | 5 +++++ 2020/8xxx/CVE-2020-8428.json | 5 +++++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/2020/11xxx/CVE-2020-11001.json b/2020/11xxx/CVE-2020-11001.json index f0233b3e86b..41b78f3404e 100644 --- a/2020/11xxx/CVE-2020-11001.json +++ b/2020/11xxx/CVE-2020-11001.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision\ncomparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail\nadmin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform\nactions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to\nthe Wagtail admin.\n\nPatched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch)." + "value": "In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch)." } ] }, diff --git a/2020/11xxx/CVE-2020-11003.json b/2020/11xxx/CVE-2020-11003.json index 8bdf93f3aeb..4efd12957c3 100644 --- a/2020/11xxx/CVE-2020-11003.json +++ b/2020/11xxx/CVE-2020-11003.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability.\n\nIf you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website,\nthey could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. \n\nThis has been patched in 2.15.0." + "value": "Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0." } ] }, diff --git a/2020/5xxx/CVE-2020-5260.json b/2020/5xxx/CVE-2020-5260.json index 7ad4c9efbbd..87904e84a3b 100644 --- a/2020/5xxx/CVE-2020-5260.json +++ b/2020/5xxx/CVE-2020-5260.json @@ -110,6 +110,11 @@ "name": "https://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/", "refsource": "MISC", "url": "https://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4657", + "url": "https://www.debian.org/security/2020/dsa-4657" } ] }, diff --git a/2020/8xxx/CVE-2020-8428.json b/2020/8xxx/CVE-2020-8428.json index 0ba7d6f54d1..08cfc0cc254 100644 --- a/2020/8xxx/CVE-2020-8428.json +++ b/2020/8xxx/CVE-2020-8428.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0336", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4320-1", + "url": "https://usn.ubuntu.com/4320-1/" } ] },