2023-10-13 14:00:29 +00:00
{
"id" : "CVE-2023-39999" ,
"sourceIdentifier" : "audit@patchstack.com" ,
"published" : "2023-10-13T12:15:09.970" ,
2023-11-21 00:55:21 +00:00
"lastModified" : "2023-11-20T23:15:06.393" ,
2023-10-29 09:06:41 +00:00
"vulnStatus" : "Undergoing Analysis" ,
2023-10-13 14:00:29 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Exposure of Sensitive Information to an Unauthorized Actor in WordPress\u00a0from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38."
2023-10-16 18:00:28 +00:00
} ,
{
"lang" : "es" ,
"value" : "Exposici\u00f3n de Informaci\u00f3n Confidencial a un Actor No Autorizado en WordPress desde 6.3 hasta 6.3.1, desde 6.2 hasta 6.2.2, desde 6.1 hasta 6.13, desde 6.0 hasta 6.0.5, desde 5.9 hasta 5.9.7, desde 5.8 hasta 5.8.7, del 5.7 al 5.7.9, del 5.6 al 5.6.11, del 5.5 al 5.5.12, del 5.4 al 5.4.13, del 5.3 al 5.3.15, del 5.2 al 5.2.18, del 5.1 al 5.1.16, del 5.0 al 5.0.19, del 4.9 al 4.9.23, del 4.8 al 4.8.22, del 4.7 al 4.7.26, del 4.6 al 4.6.26, del 4.5 al 4.5.29, del 4.4 al 4.4.30, del 4.3 al 4.3.31, del 4.2 al 4.2.35, del 4.1 al 4.1.38."
2023-10-13 14:00:29 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-10-16 18:00:28 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 4.3 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 1.4
} ,
2023-10-13 14:00:29 +00:00
{
"source" : "audit@patchstack.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 4.3 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 1.4
}
]
} ,
"weaknesses" : [
{
2023-10-29 09:06:41 +00:00
"source" : "audit@patchstack.com" ,
2023-10-13 14:00:29 +00:00
"type" : "Primary" ,
2023-10-16 18:00:28 +00:00
"description" : [
{
"lang" : "en" ,
2023-10-29 09:06:41 +00:00
"value" : "CWE-200"
2023-10-16 18:00:28 +00:00
}
]
} ,
{
2023-10-29 09:06:41 +00:00
"source" : "nvd@nist.gov" ,
2023-10-16 18:00:28 +00:00
"type" : "Secondary" ,
2023-10-13 14:00:29 +00:00
"description" : [
{
"lang" : "en" ,
2023-10-29 09:06:41 +00:00
"value" : "NVD-CWE-noinfo"
2023-10-13 14:00:29 +00:00
}
]
}
] ,
2023-10-16 18:00:28 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.1" ,
"versionEndIncluding" : "4.1.38" ,
"matchCriteriaId" : "ABB9B812-77A2-48A2-B20C-F93F1927074D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.2" ,
"versionEndIncluding" : "4.2.35" ,
"matchCriteriaId" : "3E1AF690-CF5B-43EC-BFC3-0D3BFBD68026"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.3" ,
"versionEndIncluding" : "4.3.31" ,
"matchCriteriaId" : "C16E8601-4A33-46DD-8ED7-4D0366D627C6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.4" ,
"versionEndIncluding" : "4.4.30" ,
"matchCriteriaId" : "5045F892-3036-4887-9044-9560EC8E4CC4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.5" ,
"versionEndIncluding" : "4.5.29" ,
"matchCriteriaId" : "847B4EEB-CE33-4FE7-BE01-7F26FA214CA7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.6" ,
"versionEndIncluding" : "4.6.26" ,
"matchCriteriaId" : "F10FE77A-E6E4-4F22-ACD9-B5302D330AEC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.7" ,
"versionEndIncluding" : "4.7.26" ,
"matchCriteriaId" : "26FF60CD-3303-4B7E-A341-1336A1B59B02"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.8" ,
"versionEndIncluding" : "4.8.22" ,
"matchCriteriaId" : "0DB9AC76-3041-4B4C-8015-3FB4F997F3D0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.9" ,
"versionEndIncluding" : "4.9.23" ,
"matchCriteriaId" : "C37B8606-CDC9-41AE-A215-8C4CAA181FE2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.0" ,
"versionEndIncluding" : "5.0.19" ,
"matchCriteriaId" : "6F999E7C-2623-456C-BB90-0477F797FEEF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.1" ,
"versionEndIncluding" : "5.1.16" ,
"matchCriteriaId" : "4D3ED9AF-2678-45E9-9D05-87DDB335B3A8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.2" ,
"versionEndIncluding" : "5.2.18" ,
"matchCriteriaId" : "1AC73861-C8F7-4CF3-BD3E-E192B21C6E9A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.3" ,
"versionEndIncluding" : "5.3.15" ,
"matchCriteriaId" : "C2C8561A-B374-43F1-A075-B3C0CAA34790"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.4" ,
"versionEndIncluding" : "5.4.13" ,
"matchCriteriaId" : "D20123C6-5E39-41D4-8231-8E02B78997BC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.5" ,
"versionEndIncluding" : "5.5.12" ,
"matchCriteriaId" : "C69CC301-A008-4BAF-A207-0892673CAEFF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.6" ,
"versionEndIncluding" : "5.6.11" ,
"matchCriteriaId" : "3A83D406-52C7-4655-9048-9393A3D23DA4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.7" ,
"versionEndIncluding" : "5.7.9" ,
"matchCriteriaId" : "6797639F-F04C-4BFA-B37B-98E9D23D8E33"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.8" ,
"versionEndIncluding" : "5.8.7" ,
"matchCriteriaId" : "8CD23244-9849-453C-A206-4563997EF5EE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.9" ,
"versionEndIncluding" : "5.9.7" ,
"matchCriteriaId" : "51D5D6E9-387D-4A4B-A613-0E0B9D74B8F1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.0" ,
"versionEndIncluding" : "6.0.5" ,
"matchCriteriaId" : "0D0A0B36-9A2F-415A-A404-EE0FF6BC63A3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.1" ,
"versionEndIncluding" : "6.1.3" ,
"matchCriteriaId" : "A85EAB94-7EE7-4B4D-82E6-132FCF8662C4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.2" ,
"versionEndIncluding" : "6.2.2" ,
"matchCriteriaId" : "B55FDB69-E699-43A1-8575-52E0B33F8863"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.3" ,
"versionEndExcluding" : "6.3.2" ,
"matchCriteriaId" : "4ED48F8A-D2AC-45FE-9B5F-231A0666A897"
}
]
}
]
}
] ,
2023-10-13 14:00:29 +00:00
"references" : [
2023-11-21 00:55:21 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html" ,
"source" : "audit@patchstack.com"
} ,
2023-10-29 09:06:41 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EVFT4DPZRFTXJPEPADM22BZVIUD2P66/" ,
"source" : "audit@patchstack.com"
} ,
2023-11-03 23:00:22 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCCVDPKOK57WCTH2QJ5DJM3B53RJNZKA/" ,
"source" : "audit@patchstack.com"
} ,
2023-10-29 09:06:41 +00:00
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQBL4ZQCBFNQ76XHM5257CIBFQRGT5QY/" ,
"source" : "audit@patchstack.com"
} ,
2023-10-13 14:00:29 +00:00
{
"url" : "https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve" ,
2023-10-16 18:00:28 +00:00
"source" : "audit@patchstack.com" ,
"tags" : [
"Exploit" ,
"Patch" ,
"Third Party Advisory"
]
2023-10-13 14:00:29 +00:00
} ,
{
"url" : "https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerability?_s_id=cve" ,
2023-10-16 18:00:28 +00:00
"source" : "audit@patchstack.com" ,
"tags" : [
"Third Party Advisory"
]
2023-10-13 14:00:29 +00:00
}
]
}
