From f8c7af637c74ac4f5edaeb4ca612eb8ea61b6bb7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Jun 2023 19:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/30xxx/CVE-2023-30946.json | 80 ++++++++++++++++++++++++++++++++-- 2023/30xxx/CVE-2023-30955.json | 71 ++++++++++++++++++++++++++++-- 2023/33xxx/CVE-2023-33190.json | 76 ++++++++++++++++++++++++++++++-- 2023/36xxx/CVE-2023-36484.json | 61 +++++++++++++++++++++++--- 2023/36xxx/CVE-2023-36488.json | 7 ++- 5 files changed, 276 insertions(+), 19 deletions(-) diff --git a/2023/30xxx/CVE-2023-30946.json b/2023/30xxx/CVE-2023-30946.json index d76a7cde060..78602129437 100644 --- a/2023/30xxx/CVE-2023-30946.json +++ b/2023/30xxx/CVE-2023-30946.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30946", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@palantir.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The product protects a primary channel, but it does not use the same level of protection for an alternate channel.", + "cweId": "CWE-420" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "A product requires authentication, but the product has an alternate path or channel that does not require authentication.", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palantir", + "product": { + "product_data": [ + { + "product_name": "com.palantir.issues:issues", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "2.497.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3", + "refsource": "MISC", + "name": "https://palantir.safebase.us/?tcuUid=4cf0b6e6-564a-467b-83ae-36fec3a491c3" + } + ] + }, + "source": { + "discovery": "EXTERNAL", + "defect": [ + "PLTRSEC-2023-15" + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "baseSeverity": "LOW", + "baseScore": 3.5 } ] } diff --git a/2023/30xxx/CVE-2023-30955.json b/2023/30xxx/CVE-2023-30955.json index 8c542291b68..897fd7a5b2c 100644 --- a/2023/30xxx/CVE-2023-30955.json +++ b/2023/30xxx/CVE-2023-30955.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve-coordination@palantir.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.", + "cweId": "CWE-602" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palantir", + "product": { + "product_data": [ + { + "product_name": "com.palantir.workspace:workspace", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "*", + "version_value": "7.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://palantir.safebase.us/?tcuUid=0c3f6c33-4eb0-48b5-ab87-fe48c46a4170", + "refsource": "MISC", + "name": "https://palantir.safebase.us/?tcuUid=0c3f6c33-4eb0-48b5-ab87-fe48c46a4170" + } + ] + }, + "source": { + "discovery": "EXTERNAL", + "defect": [ + "PLTRSEC-2023-23" + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "baseScore": 4.3 } ] } diff --git a/2023/33xxx/CVE-2023-33190.json b/2023/33xxx/CVE-2023-33190.json index 925a8d9d296..c42c758ffe5 100644 --- a/2023/33xxx/CVE-2023-33190.json +++ b/2023/33xxx/CVE-2023-33190.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-33190", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.0 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "labring", + "product": { + "product_data": [ + { + "product_name": "sealos", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 4.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/labring/sealos/security/advisories/GHSA-74j8-w7f9-pp62", + "refsource": "MISC", + "name": "https://github.com/labring/sealos/security/advisories/GHSA-74j8-w7f9-pp62" + } + ] + }, + "source": { + "advisory": "GHSA-74j8-w7f9-pp62", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36484.json b/2023/36xxx/CVE-2023-36484.json index 97cf859ae55..a7162ccfb3d 100644 --- a/2023/36xxx/CVE-2023-36484.json +++ b/2023/36xxx/CVE-2023-36484.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-36484", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-36484", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141710&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI", + "url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141710&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI" + }, + { + "refsource": "MISC", + "name": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141711&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI", + "url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141711&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI" } ] } diff --git a/2023/36xxx/CVE-2023-36488.json b/2023/36xxx/CVE-2023-36488.json index f24001e9411..3d6c8c0a7a7 100644 --- a/2023/36xxx/CVE-2023-36488.json +++ b/2023/36xxx/CVE-2023-36488.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ILIAS 7.21 allows stored Cross Site Scripting (XSS)." + "value": "ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS)." } ] }, @@ -56,6 +56,11 @@ "url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141704&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI", "refsource": "MISC", "name": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141704&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI" + }, + { + "refsource": "MISC", + "name": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141710&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI", + "url": "https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141710&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI" } ] }