diff --git a/2020/11xxx/CVE-2020-11493.json b/2020/11xxx/CVE-2020-11493.json new file mode 100644 index 00000000000..64fc4f51fc1 --- /dev/null +++ b/2020/11xxx/CVE-2020-11493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7617.json b/2020/7xxx/CVE-2020-7617.json index 1a64d7507d1..fa3d6aae91a 100644 --- a/2020/7xxx/CVE-2020-7617.json +++ b/2020/7xxx/CVE-2020-7617.json @@ -86,12 +86,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://github.com/rawiroaisen/node-ini-parser/blob/master/index.js#L14" + "refsource": "MISC", + "url": "https://github.com/rawiroaisen/node-ini-parser/blob/master/index.js#L14", + "name": "https://github.com/rawiroaisen/node-ini-parser/blob/master/index.js#L14" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-INIPARSER-564122" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-INIPARSER-564122", + "name": "https://snyk.io/vuln/SNYK-JS-INIPARSER-564122" } ] }, diff --git a/2020/7xxx/CVE-2020-7942.json b/2020/7xxx/CVE-2020-7942.json index 1390b44a866..4772f0aa127 100644 --- a/2020/7xxx/CVE-2020-7942.json +++ b/2020/7xxx/CVE-2020-7942.json @@ -19,7 +19,35 @@ "version": { "version_data": [ { - "version_value": "6.13.0" + "version_value": "5.5.x prior to 5.5.19" + }, + { + "version_value": "Fixed in 5.5.19" + }, + { + "version_value": "6.x prior to 6.13.0" + }, + { + "version_value": "Fixed in 6.13.0" + } + ] + } + }, + { + "product_name": "Puppet Agent", + "version": { + "version_data": [ + { + "version_value": "5.5.x prior to 5.5.19" + }, + { + "version_value": "Fixed in 5.5.19" + }, + { + "version_value": "6.x prior to 6.13.0" + }, + { + "version_value": "Fixed in 6.13.0" } ] } @@ -55,7 +83,7 @@ "description_data": [ { "lang": "eng", - "value": "Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior." + "value": "Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19" } ] } diff --git a/2020/8xxx/CVE-2020-8835.json b/2020/8xxx/CVE-2020-8835.json index 6f03c79b8dd..6a0525b84bd 100644 --- a/2020/8xxx/CVE-2020-8835.json +++ b/2020/8xxx/CVE-2020-8835.json @@ -101,28 +101,34 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results" + "refsource": "MISC", + "url": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results", + "name": "https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results" }, { - "refsource": "CONFIRM", - "url": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/" + "refsource": "MISC", + "url": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/", + "name": "https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/" }, { - "refsource": "CONFIRM", - "url": "https://www.openwall.com/lists/oss-security/2020/03/30/3" + "refsource": "MISC", + "url": "https://www.openwall.com/lists/oss-security/2020/03/30/3", + "name": "https://www.openwall.com/lists/oss-security/2020/03/30/3" }, { - "refsource": "UBUNTU", - "url": "https://usn.ubuntu.com/usn/usn-4313-1" + "refsource": "MISC", + "url": "https://usn.ubuntu.com/usn/usn-4313-1", + "name": "https://usn.ubuntu.com/usn/usn-4313-1" }, { - "refsource": "CONFIRM", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef" }, { - "refsource": "CONFIRM", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef" } ] }, @@ -141,4 +147,4 @@ "value": "Mitigation for this vulnerability is available by setting the kernel.unprivileged_bpf_disabled sysctl to 1:\n\n $ sudo sysctl kernel.unprivileged_bpf_disabled=1\n $ echo kernel.unprivileged_bpf_disabled=1 | sudo tee /etc/sysctl.d/90-CVE-2020-8835.conf\n\nThis issue is also mitigated on systems that use secure boot with the kernel lockdown feature which blocks BPF program loading." } ] -} +} \ No newline at end of file