mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
Add CVE-2022-32174
This commit is contained in:
Daniel Elkabes
parent
c9c82d8d96
commit
fbcf0c3d21
@ -1,18 +1,83 @@
|
|||||||
{
|
{
|
||||||
"data_type": "CVE",
|
|
||||||
"data_format": "MITRE",
|
|
||||||
"data_version": "4.0",
|
|
||||||
"CVE_data_meta" : {
|
"CVE_data_meta" : {
|
||||||
|
"ASSIGNER" : "vulnerabilitylab@mend.io",
|
||||||
"ID" : "CVE-2022-32174",
|
"ID" : "CVE-2022-32174",
|
||||||
"ASSIGNER": "cve@mitre.org",
|
"STATE" : "PUBLIC",
|
||||||
"STATE": "RESERVED"
|
"DATE_PUBLIC" : "Oct 6, 2022, 12:00:00 AM",
|
||||||
|
"TITLE" : "Gogs - XSS"
|
||||||
},
|
},
|
||||||
"description": {
|
"affects" : {
|
||||||
"description_data": [
|
"vendor" : {
|
||||||
{
|
"vendor_data" : [ {
|
||||||
|
"vendor_name" : "gogs",
|
||||||
|
"product" : {
|
||||||
|
"product_data" : [ {
|
||||||
|
"product_name" : "gogs",
|
||||||
|
"version" : {
|
||||||
|
"version_data" : [ {
|
||||||
|
"version_value" : "v0.6.5",
|
||||||
|
"version_affected" : ">="
|
||||||
|
}, {
|
||||||
|
"version_value" : "v0.12.10",
|
||||||
|
"version_affected" : "<="
|
||||||
|
} ]
|
||||||
|
}
|
||||||
|
} ]
|
||||||
|
}
|
||||||
|
} ]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"credit" : [ {
|
||||||
"lang" : "eng",
|
"lang" : "eng",
|
||||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value" : "Mend Vulnerability Research Team (MVR)"
|
||||||
|
} ],
|
||||||
|
"data_format" : "MITRE",
|
||||||
|
"data_type" : "CVE",
|
||||||
|
"data_version" : "4.0",
|
||||||
|
"description" : {
|
||||||
|
"description_data" : [ {
|
||||||
|
"lang" : "eng",
|
||||||
|
"value" : "In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. "
|
||||||
|
} ]
|
||||||
|
},
|
||||||
|
"generator" : {
|
||||||
|
"engine" : "Vulnogram 0.0.9"
|
||||||
|
},
|
||||||
|
"impact" : {
|
||||||
|
"cvss" : {
|
||||||
|
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
|
||||||
|
"attackComplexity" : "LOW",
|
||||||
|
"attackVector" : "NETWORK",
|
||||||
|
"availabilityImpact" : "HIGH",
|
||||||
|
"confidentialityImpact" : "HIGH",
|
||||||
|
"integrityImpact" : "HIGH",
|
||||||
|
"privilegesRequired" : "LOW",
|
||||||
|
"scope" : "CHANGED",
|
||||||
|
"userInteraction" : "REQUIRED",
|
||||||
|
"version" : 3.1,
|
||||||
|
"baseScore" : 9.0,
|
||||||
|
"baseSeverity" : "CRITICAL"
|
||||||
}
|
}
|
||||||
]
|
},
|
||||||
|
"references" : {
|
||||||
|
"reference_data" : [ {
|
||||||
|
"refsource" : "MISC",
|
||||||
|
"url" : "https://www.mend.io/vulnerability-database/CVE-2022-32174"
|
||||||
|
}, {
|
||||||
|
"refsource" : "CONFIRM",
|
||||||
|
"url" : "https://github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L263"
|
||||||
|
} ]
|
||||||
|
},
|
||||||
|
"problemtype" : {
|
||||||
|
"problemtype_data" : [ {
|
||||||
|
"description" : [ {
|
||||||
|
"lang" : "eng",
|
||||||
|
"value" : "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
|
||||||
|
} ]
|
||||||
|
} ]
|
||||||
|
},
|
||||||
|
"source" : {
|
||||||
|
"advisory" : "https://www.mend.io/vulnerability-database/",
|
||||||
|
"discovery" : "UNKNOWN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user