mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
118 lines
4.4 KiB
JSON
118 lines
4.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-41699",
|
|
"ASSIGNER": "security@payara.fish",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.\n\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
|
|
"cweId": "CWE-601"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Payara Platform",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Payara Server, Micro and Embedded",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "5.0.0",
|
|
"version_value": "5.57.0"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "4.1.2.191",
|
|
"version_value": "4.1.2.191.46"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "6.0.0",
|
|
"version_value": "6.8.0"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "6.2023.1",
|
|
"version_value": "6.2023.11"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html",
|
|
"refsource": "MISC",
|
|
"name": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html"
|
|
},
|
|
{
|
|
"url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html",
|
|
"refsource": "MISC",
|
|
"name": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"defect": [
|
|
"CVE-2023-41080"
|
|
],
|
|
"discovery": "INTERNAL"
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Hiroki Sawamura from Fujitsu"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |