diff --git a/2023/41xxx/CVE-2023-41034.json b/2023/41xxx/CVE-2023-41034.json index 3716cbc000e..c2d710990cf 100644 --- a/2023/41xxx/CVE-2023-41034.json +++ b/2023/41xxx/CVE-2023-41034.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41034", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g. if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml schema, upgrading is not mandatory. This issue has been fixed in versions 1.5.0 and 2.0.0-M13. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "eclipse-leshan", + "product": { + "product_data": [ + { + "product_name": "leshan", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 1.5.0" + }, + { + "version_affected": "=", + "version_value": ">= 2.0.0-M1, < 2.0.0-M13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/eclipse-leshan/leshan/security/advisories/GHSA-wc9j-gc65-3cm7", + "refsource": "MISC", + "name": "https://github.com/eclipse-leshan/leshan/security/advisories/GHSA-wc9j-gc65-3cm7" + }, + { + "url": "https://github.com/eclipse-leshan/leshan/commit/29577d2879ba8e7674c3b216a7f01193fc7ae013", + "refsource": "MISC", + "name": "https://github.com/eclipse-leshan/leshan/commit/29577d2879ba8e7674c3b216a7f01193fc7ae013" + }, + { + "url": "https://github.com/eclipse-leshan/leshan/commit/4d3e63ac271a817f81fba3e3229c519af7a3049c", + "refsource": "MISC", + "name": "https://github.com/eclipse-leshan/leshan/commit/4d3e63ac271a817f81fba3e3229c519af7a3049c" + }, + { + "url": "https://github.com/eclipse-leshan/leshan/wiki/Adding-new-objects#the-lwm2m-model", + "refsource": "MISC", + "name": "https://github.com/eclipse-leshan/leshan/wiki/Adding-new-objects#the-lwm2m-model" + }, + { + "url": "https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing", + "refsource": "MISC", + "name": "https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing" + } + ] + }, + "source": { + "advisory": "GHSA-wc9j-gc65-3cm7", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41044.json b/2023/41xxx/CVE-2023-41044.json index 46a82f505e2..fc6ab814721 100644 --- a/2023/41xxx/CVE-2023-41044.json +++ b/2023/41xxx/CVE-2023-41044.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role credentials to download or delete files in sibling directories of the support bundle directory. The default `data_dir` in operating system packages (DEB, RPM) is set to `/var/lib/graylog-server`. The data directory for the Support Bundle feature is always `/support-bundle`. Due to the partial path traversal vulnerability, an attacker with valid Admin role credentials can read or delete files in directories that start with a `/var/lib/graylog-server/support-bundle` directory name. The vulnerability would allow the download or deletion of files in the following example directories: `/var/lib/graylog-server/support-bundle-test` and `/var/lib/graylog-server/support-bundlesdirectory`. For the Graylog Docker images, the `data_dir` is set to `/usr/share/graylog/data` by default. This vulnerability is fixed in Graylog version 5.1.3 and later. Users are advised to upgrade. Users unable to upgrade should block all HTTP requests to the following HTTP API endpoints by using a reverse proxy server in front of Graylog. `GET /api/system/debug/support/bundle/download/{filename}` and `DELETE /api/system/debug/support/bundle/{filename}`.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Graylog2", + "product": { + "product_data": [ + { + "product_name": "graylog2-server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 5.1.0, < 5.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-2q4p-f6gf-mqr5", + "refsource": "MISC", + "name": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-2q4p-f6gf-mqr5" + }, + { + "url": "https://github.com/Graylog2/graylog2-server/commit/02b8792e6f4b829f0c1d87fcbf2d58b73458b938", + "refsource": "MISC", + "name": "https://github.com/Graylog2/graylog2-server/commit/02b8792e6f4b829f0c1d87fcbf2d58b73458b938" + }, + { + "url": "https://go2docs.graylog.org/5-1/making_sense_of_your_log_data/cluster_support_bundle.htm", + "refsource": "MISC", + "name": "https://go2docs.graylog.org/5-1/making_sense_of_your_log_data/cluster_support_bundle.htm" + } + ] + }, + "source": { + "advisory": "GHSA-2q4p-f6gf-mqr5", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41045.json b/2023/41xxx/CVE-2023-41045.json index bfc359caae0..db8d170c94e 100644 --- a/2023/41xxx/CVE-2023-41045.json +++ b/2023/41xxx/CVE-2023-41045.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41045", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered how easy is to carry out DNS cache poisoning attacks. In order to prevent cache poisoning with spoofed DNS responses, it is necessary to maximise the uncertainty in the choice of a source port for a DNS query. Although unlikely in many setups, an external attacker could inject forged DNS responses into a Graylog's lookup table cache. In order to prevent this, it is at least recommendable to distribute the DNS queries through a pool of distinct sockets, each of them with a random source port and renew them periodically. This issue has been addressed in versions 5.0.9 and 5.1.3. Users are advised to upgrade. There are no known workarounds for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Graylog2", + "product": { + "product_data": [ + { + "product_name": "graylog2-server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 5.0.9" + }, + { + "version_affected": "=", + "version_value": ">= 5.1.0, < 5.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-g96c-x7rh-99r3", + "refsource": "MISC", + "name": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-g96c-x7rh-99r3" + }, + { + "url": "https://github.com/Graylog2/graylog2-server/commit/466af814523cffae9fbc7e77bab7472988f03c3e", + "refsource": "MISC", + "name": "https://github.com/Graylog2/graylog2-server/commit/466af814523cffae9fbc7e77bab7472988f03c3e" + }, + { + "url": "https://github.com/Graylog2/graylog2-server/commit/a101f4f12180fd3dfa7d3345188a099877a3c327", + "refsource": "MISC", + "name": "https://github.com/Graylog2/graylog2-server/commit/a101f4f12180fd3dfa7d3345188a099877a3c327" + } + ] + }, + "source": { + "advisory": "GHSA-g96c-x7rh-99r3", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41745.json b/2023/41xxx/CVE-2023-41745.json index 5f50c63b480..99e4dfc2a14 100644 --- a/2023/41xxx/CVE-2023-41745.json +++ b/2023/41xxx/CVE-2023-41745.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "30991" + } + ] + } + }, + { + "product_name": "Acronis Cyber Protect 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "35979" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-2008", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-2008" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" } ] } diff --git a/2023/41xxx/CVE-2023-41746.json b/2023/41xxx/CVE-2023-41746.json index 9388adb143b..5fc0040d502 100644 --- a/2023/41xxx/CVE-2023-41746.json +++ b/2023/41xxx/CVE-2023-41746.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cloud Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "6.2.23089.203" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-5810", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-5810" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@putsi (https://hackerone.com/@putsi)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ] } diff --git a/2023/41xxx/CVE-2023-41747.json b/2023/41xxx/CVE-2023-41747.json index 4fdc90ba597..8eef08b9c71 100644 --- a/2023/41xxx/CVE-2023-41747.json +++ b/2023/41xxx/CVE-2023-41747.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cloud Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "6.2.23089.203" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-5811", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-5811" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@putsi (https://hackerone.com/@putsi)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2023/41xxx/CVE-2023-41748.json b/2023/41xxx/CVE-2023-41748.json index 8c58440def0..dfaa6d71f35 100644 --- a/2023/41xxx/CVE-2023-41748.json +++ b/2023/41xxx/CVE-2023-41748.json @@ -1,17 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@acronis.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Acronis", + "product": { + "product_data": [ + { + "product_name": "Acronis Cloud Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "6.2.23089.203" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-5816", + "refsource": "MISC", + "name": "https://security-advisory.acronis.com/advisories/SEC-5816" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "@putsi (https://hackerone.com/@putsi)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.0", + "baseScore": 8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ] } diff --git a/2023/4xxx/CVE-2023-4685.json b/2023/4xxx/CVE-2023-4685.json new file mode 100644 index 00000000000..ea36a32f71d --- /dev/null +++ b/2023/4xxx/CVE-2023-4685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/4xxx/CVE-2023-4686.json b/2023/4xxx/CVE-2023-4686.json new file mode 100644 index 00000000000..da042206416 --- /dev/null +++ b/2023/4xxx/CVE-2023-4686.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-4686", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file