admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-422xx/CVE-2023-42222.json

100 lines
2.8 KiB
JSON
Raw Normal View History

Auto-Update: 2023-09-28T04:00:24.373808+00:00
2023-09-28 04:00:27 +00:00
{
"id": "CVE-2023-42222",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T03:15:11.643",
Auto-Update: 2024-02-02T19:00:25.586620+00:00
2024-02-02 19:00:29 +00:00
"lastModified": "2024-02-02T17:15:10.690",
"vulnStatus": "Modified",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
Auto-Update: 2023-09-28T04:00:24.373808+00:00
2023-09-28 04:00:27 +00:00
"descriptions": [
{
"lang": "en",
"value": "WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances."
Auto-Update: 2023-09-29T18:00:25.269975+00:00
2023-09-29 18:00:28 +00:00
},
{
"lang": "es",
"value": "WebCatalog anterior a 49.0 es vulnerable a un control de acceso incorrecto. WebCatalog llama a la funci\u00f3n Electron shell.openExternal sin verificar que la URL sea para un recurso http o https, en algunas circunstancias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webcatalog:webcatalog:*:*:*:*:*:*:*:*",
"versionEndExcluding": "49.0",
"matchCriteriaId": "B016158B-8577-4858-BEF0-403269B34BB4"
}
]
}
]
Auto-Update: 2023-09-28T04:00:24.373808+00:00
2023-09-28 04:00:27 +00:00
}
],
"references": [
Auto-Update: 2024-02-02T19:00:25.586620+00:00
2024-02-02 19:00:29 +00:00
{
"url": "http://packetstormsecurity.com/files/176957/WebCatalog-48.4-Arbitrary-Protocol-Execution-Code-Execution.html",
"source": "cve@mitre.org"
},
Auto-Update: 2023-09-28T04:00:24.373808+00:00
2023-09-28 04:00:27 +00:00
{
"url": "https://github.com/itssixtyn3in/CVE-2023-42222",
Auto-Update: 2023-09-29T18:00:25.269975+00:00
2023-09-29 18:00:28 +00:00
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
Auto-Update: 2023-09-28T04:00:24.373808+00:00
2023-09-28 04:00:27 +00:00
},
{
"url": "https://webcatalog.io/changelog/",
Auto-Update: 2023-09-29T18:00:25.269975+00:00
2023-09-29 18:00:28 +00:00
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
Auto-Update: 2023-09-28T04:00:24.373808+00:00
2023-09-28 04:00:27 +00:00
},
{
"url": "https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content",
Auto-Update: 2023-09-29T18:00:25.269975+00:00
2023-09-29 18:00:28 +00:00
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
Auto-Update: 2023-09-28T04:00:24.373808+00:00
2023-09-28 04:00:27 +00:00
}
]
}
Reference in New Issue Copy Permalink