admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-14T16:00:17.131627+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-14 16:03:15 +00:00
parent 5721c061c6
commit 0424f64694
14 changed files with 1079 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
CVE-2024/CVE-2024-27xx/CVE-2024-2743.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-2743",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:04.177",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T14:42:38.983",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab-EE a partir de la versi\u00f3n 13.3 anterior a la 17.1.7, 17.2 anterior a la 17.2.5 y 17.3 anterior a la 17.3.2 que permitir\u00eda a un atacante modificar un escaneo DAST a pedido sin permisos y filtrar variables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "13.3.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "593EF08B-1A59-46F2-8593-BC8A65840D3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451014",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2411756",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

81
CVE-2024/CVE-2024-46xx/CVE-2024-4612.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-4612",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:04.740",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T14:48:14.600",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de la 12.9 anterior a la 17.1.7, la 17.2 anterior a la 17.2.5 y la 17.3 anterior a la 17.3.2. En determinadas condiciones, una vulnerabilidad de redirecci\u00f3n abierta podr\u00eda permitir la apropiaci\u00f3n de una cuenta interrumpiendo el flujo de OAuth."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.9.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "2F4D084D-A6A3-4BA3-BA59-C8B20D0F814E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/460707",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2479857",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

81
CVE-2024/CVE-2024-46xx/CVE-2024-4660.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-4660",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:04.937",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T14:57:01.130",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de la 11.2 hasta la 17.1.7, a todas las versiones a partir de la 17.2 hasta la 17.2.5 y a todas las versiones a partir de la 17.3 hasta la 17.3.2. Un invitado pod\u00eda leer el c\u00f3digo fuente de un proyecto privado mediante plantillas de grupo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "4F6975C5-F519-4A85-8E4B-1C8067F7B0CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/460892",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2480126",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

102
CVE-2024/CVE-2024-54xx/CVE-2024-5435.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-5435",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:05.147",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:05:50.207",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE/CE que afecta a todas las versiones desde la 15.10 hasta la 17.1.7, todas las versiones desde la 17.2 hasta la 17.2.5 y todas las versiones desde la 17.3 hasta la 17.3.2, que revelar\u00e1n la contrase\u00f1a del usuario desde la configuraci\u00f3n del espejo del repositorio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "15.10.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "ABF7770C-12E5-496B-8D5F-F6E55E610AA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "15.10.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "A9EB56F1-6DB6-45C7-BD1B-B7B28A15B291"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "9DE9BFF3-C056-4146-A762-E34D60E10EDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "D2F29B41-64CF-4CEF-8EDF-BBDBA2FFE8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/464044",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2520722",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

102
CVE-2024/CVE-2024-63xx/CVE-2024-6389.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-6389",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:05.340",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:10:39.037",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab-CE/EE que afectaba a todas las versiones a partir de la 17.0 anterior a la 17.1.7, la 17.2 anterior a la 17.2.5 y la 17.3 anterior a la 17.3.2. Un atacante como usuario invitado pudo acceder a la informaci\u00f3n de confirmaci\u00f3n a trav\u00e9s del endpoint Atom de la versi\u00f3n, contrariamente a los permisos establecidos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.0.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "624E699C-D0A7-419F-88FD-AABFA4A49E5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.0.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "79D35B6F-7F74-408A-83BF-8C4464744AEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "9DE9BFF3-C056-4146-A762-E34D60E10EDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "D2F29B41-64CF-4CEF-8EDF-BBDBA2FFE8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/469367",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2573397",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

102
CVE-2024/CVE-2024-64xx/CVE-2024-6446.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-6446",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:05.557",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:17:11.720",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab que afecta a todas las versiones desde la 17.1 hasta la 17.1.7, desde la 17.2 hasta la 17.2.5 y desde la 17.3 hasta la 17.3.2. Se podr\u00eda utilizar una URL manipulada para enga\u00f1ar a una v\u00edctima y hacer que conf\u00ede en una aplicaci\u00f3n controlada por un atacante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "AC6C8C93-43DE-4B88-81F4-6DEB61EBC5E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "EE908F1B-A4D2-4CC6-A26F-F0D6CDC6411A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "9DE9BFF3-C056-4146-A762-E34D60E10EDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "D2F29B41-64CF-4CEF-8EDF-BBDBA2FFE8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/470144",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2573481",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

102
CVE-2024/CVE-2024-81xx/CVE-2024-8124.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-8124",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:06.007",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:18:34.463",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a large `glm_source` parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde la 16.4 hasta la 17.1.7, desde la 17.2 hasta la 17.2.5, desde la 17.3 hasta la 17.3.2, lo que podr\u00eda provocar una denegaci\u00f3n de servicio mediante el env\u00edo de un par\u00e1metro `glm_source` grande."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.4.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "C67622CA-831C-4C04-832E-2894B625EAC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.4.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "856F2E51-CDD0-4E52-9127-FC7FD2DA53D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "9DE9BFF3-C056-4146-A762-E34D60E10EDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "D2F29B41-64CF-4CEF-8EDF-BBDBA2FFE8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/480533",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2634880",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

102
CVE-2024/CVE-2024-86xx/CVE-2024-8631.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-8631",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:06.230",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:22:31.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de escalada de privilegios en GitLab EE que afecta a todas las versiones a partir de la 16.6 anterior a la 17.1.7, de la 17.2 anterior a la 17.2.5 y de la 17.3 anterior a la 17.3.2. Un usuario al que se le haya asignado el rol personalizado de Miembro del grupo de administradores podr\u00eda haber escalado sus privilegios para incluir otros roles personalizados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "A82F9F0C-280A-4147-9B5E-D3AA1C3A8EA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.6.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "ADF116ED-B1CD-4A59-92ED-9DF1C047C10F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "9DE9BFF3-C056-4146-A762-E34D60E10EDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "D2F29B41-64CF-4CEF-8EDF-BBDBA2FFE8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462665",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2478469",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

97
CVE-2024/CVE-2024-86xx/CVE-2024-8635.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-8635",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:06.437",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:24:45.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URL"
},
{
"lang": "es",
"value": "Se ha descubierto un problema de server-side request forgery en GitLab EE que afecta a todas las versiones a partir de la 16.8 anterior a la 17.1.7, de la 17.2 anterior a la 17.2.5 y de la 17.3 anterior a la 17.3.2. Un atacante pod\u00eda realizar solicitudes a recursos internos mediante una URL de proxy de dependencia de Maven personalizada"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,10 +81,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "D98A3E94-FD1A-4109-8A90-FD19A40CF007"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "FEA9798C-C168-4E92-AD2B-966A9F940A4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "9DE9BFF3-C056-4146-A762-E34D60E10EDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "D2F29B41-64CF-4CEF-8EDF-BBDBA2FFE8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/455273",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

81
CVE-2024/CVE-2024-86xx/CVE-2024-8640.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-8640",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:06.647",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:37:37.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de la 16.11 anterior a la 17.1.7, de la 17.2 anterior a la 17.2.5 y de la 17.3 anterior a la 17.3.2. Debido a un filtrado de entrada incompleto, era posible inyectar comandos en un servidor Cube conectado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,14 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.11.0",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "149E71F2-8B52-435C-9DFC-9C1D1E889899"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/486213",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2687770",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

97
CVE-2024/CVE-2024-87xx/CVE-2024-8754.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-8754",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-12T17:15:06.917",
"lastModified": "2024-09-12T18:14:03.913",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:40:20.583",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE/CE que afecta a todas las versiones desde la 16.9.7 hasta la 17.1.7, la 17.2 hasta la 17.2.5 y la 17.3 hasta la 17.3.2. Un error de validaci\u00f3n de entrada incorrecto permite a un atacante apropiarse de cuentas mediante la vinculaci\u00f3n de identidades de proveedores arbitrarias no reclamadas cuando se configura la autenticaci\u00f3n JWT."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -47,10 +81,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.9.7",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "CA47B0F3-2D32-4410-AC44-3635F290933C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.9.7",
"versionEndExcluding": "17.1.7",
"matchCriteriaId": "B2FAFF4E-0A2B-48DB-A49B-E13694603AB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "9DE9BFF3-C056-4146-A762-E34D60E10EDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.2.0",
"versionEndExcluding": "17.2.5",
"matchCriteriaId": "1F428DA1-FB1C-4B14-A1E1-65177E7F4B10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "D2F29B41-64CF-4CEF-8EDF-BBDBA2FFE8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.2",
"matchCriteriaId": "145E52CC-F503-446E-A760-1C01753DA938"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/464062",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
}
]
}

71
CVE-2024/CVE-2024-87xx/CVE-2024-8762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8762",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-09-13T01:15:02.320",
"lastModified": "2024-09-13T14:06:04.777",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-14T15:54:10.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:crud_operation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D15BB350-68BE-4E74-B9CE-BC9120B6F230"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Kangsiyuan/1/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.277341",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.277341",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.406159",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

21
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-09-14T14:00:17.294907+00:00
2024-09-14T16:00:17.131627+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-09-14T13:15:10.343000+00:00
2024-09-14T15:54:10.687000+00:00
```
### Last Data Feed Release
@ -38,15 +38,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `0`
- [CVE-2024-6482](CVE-2024/CVE-2024-64xx/CVE-2024-6482.json) (`2024-09-14T13:15:10.343`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `12`
- [CVE-2024-2743](CVE-2024/CVE-2024-27xx/CVE-2024-2743.json) (`2024-09-14T14:42:38.983`)
- [CVE-2024-4612](CVE-2024/CVE-2024-46xx/CVE-2024-4612.json) (`2024-09-14T14:48:14.600`)
- [CVE-2024-4660](CVE-2024/CVE-2024-46xx/CVE-2024-4660.json) (`2024-09-14T14:57:01.130`)
- [CVE-2024-5435](CVE-2024/CVE-2024-54xx/CVE-2024-5435.json) (`2024-09-14T15:05:50.207`)
- [CVE-2024-6389](CVE-2024/CVE-2024-63xx/CVE-2024-6389.json) (`2024-09-14T15:10:39.037`)
- [CVE-2024-6446](CVE-2024/CVE-2024-64xx/CVE-2024-6446.json) (`2024-09-14T15:17:11.720`)
- [CVE-2024-8124](CVE-2024/CVE-2024-81xx/CVE-2024-8124.json) (`2024-09-14T15:18:34.463`)
- [CVE-2024-8631](CVE-2024/CVE-2024-86xx/CVE-2024-8631.json) (`2024-09-14T15:22:31.717`)
- [CVE-2024-8635](CVE-2024/CVE-2024-86xx/CVE-2024-8635.json) (`2024-09-14T15:24:45.657`)
- [CVE-2024-8640](CVE-2024/CVE-2024-86xx/CVE-2024-8640.json) (`2024-09-14T15:37:37.257`)
- [CVE-2024-8754](CVE-2024/CVE-2024-87xx/CVE-2024-8754.json) (`2024-09-14T15:40:20.583`)
- [CVE-2024-8762](CVE-2024/CVE-2024-87xx/CVE-2024-8762.json) (`2024-09-14T15:54:10.687`)
## Download and Usage

26
_state.csv
View File

@ -248312,7 +248312,7 @@ CVE-2024-27426,0,0,f5fc7da5f09fbdadb762a21224b0dbb5a41a24dae16f449b1011805d51278
CVE-2024-27427,0,0,1b1c30f81afe26e3ae33e5d69b384adaf853c97d03be79d51f3ab8607e145d9b,2024-05-25T14:15:52.570000
CVE-2024-27428,0,0,20f753b8956754951db33f225c8ba9e79d8568aee28b82d82684ff12e52c1002,2024-05-25T14:15:52.687000
CVE-2024-27429,0,0,8ca6c37d4e86d1cce3febff9172b7aee5b4414a06f6c93a7cb5ad84a8d3b710b,2024-05-21T15:15:28.810000
CVE-2024-2743,0,0,57d397d0b59e8308f4a1b9f38a81628229ccafff2935b228609ac0566bd3b9a7,2024-09-12T18:14:03.913000
CVE-2024-2743,0,1,1c7d3acb7586c7e13aa79de9d6bbb17dd43b1f4451f9968857f4f64ee017a0c8,2024-09-14T14:42:38.983000
CVE-2024-27430,0,0,bcfe1dc31df623eedee5bd152c119180c00cd65ea96cab3b1e49e2927a247d51,2024-05-25T14:15:52.803000
CVE-2024-27431,0,0,f0b943d0779f4c0250316bc3e4f86930ac87e351769e7377bcc9a253794ae476,2024-07-03T01:50:40.003000
CVE-2024-27432,0,0,5adfd53e7c7b1e4e0cdd83f244838b35ae843625de51e278b8673967226dec4c,2024-05-17T18:35:35.070000
@ -259753,7 +259753,7 @@ CVE-2024-4608,0,0,6b948b515db267f779f431dbe386ca01ccd7f50a9fc569455bb84149dca963
CVE-2024-4609,0,0,b6f3fd3db9085553e8d026a562774e21d6dc7bb2eb7a9a6cfeb43138546783c0,2024-05-17T18:36:31.297000
CVE-2024-4610,0,0,43047990281e26a04055de4ace6574603f0b08f61a7727d9acdec64f6d8d9784,2024-08-14T17:06:24.800000
CVE-2024-4611,0,0,51a3d5438728b832e97210e2f9860d8c98e7a9272bd8319e6cdccdf57653adc1,2024-05-29T13:02:09.280000
CVE-2024-4612,0,0,9679bd2f1abe40d059d731c01811eb81bebf9745590d1074bef60718f9930d40,2024-09-12T18:14:03.913000
CVE-2024-4612,0,1,1b39fddfaef3a23e303b671a3f6128ef6409891969be34333717855158fe36fa,2024-09-14T14:48:14.600000
CVE-2024-4614,0,0,eca609b72f6d0dbdf3e2930a517382c618b783ca5f3bbd2f9a2c62afa1f7de10,2024-05-14T15:44:12.883000
CVE-2024-4615,0,0,7b5276905c165aa4f37a2a2e956283f0d8e2b47a85a8c0a930e4cc6ae0292a24,2024-07-02T14:51:50.013000
CVE-2024-4616,0,0,cb1145576a9fadb27b9b56693aa172c2cd4c0e400aa0e13b3db507a976467534,2024-08-09T19:35:10.193000
@ -259794,7 +259794,7 @@ CVE-2024-4653,0,0,7b6d5c0913690c5b51d844fc9718b4208eaa5f352f244fd41eee7be1add5e3
CVE-2024-4654,0,0,0088d34096b2578204ff98fe71c1f702e4c8866653411407f72fe940a56448df,2024-06-04T19:20:45.100000
CVE-2024-4655,0,0,95970f39f135367edf16c40c69bbdd98999f38726ef0802da749dedbafaa6dbb,2024-08-01T13:59:32.490000
CVE-2024-4656,0,0,32c9d7e0c2f1168ca7d7381e4fab827ca08fdbd964272924da1671d43db7cf43,2024-05-15T16:40:19.330000
CVE-2024-4660,0,0,375cfe69a5441eee600ee3c484bd7e45037c281a8a0c9627acfaef44e7035d97,2024-09-12T18:14:03.913000
CVE-2024-4660,0,1,e2da4ceee6df96a1cb7e9b187d6ffc85e3946e3cc1d921567db2bce412f91772,2024-09-14T14:57:01.130000
CVE-2024-4661,0,0,f19406aac3e0e4dd229494d2c7f4a9ae6fd94c8256be755b3955222db7d3bf70,2024-06-10T02:52:08.267000
CVE-2024-4662,0,0,42d3ec88d759fc9bf88fc92972e0c9891830916b90a0cdbb0331ad5486f420dd,2024-05-24T01:15:30.977000
CVE-2024-4663,0,0,26abfae0d13c9db7079b41941554710f5ceae1c12961c27d4c50148758e145c4,2024-06-20T12:44:01.637000
@ -260533,7 +260533,7 @@ CVE-2024-5431,0,0,c05cafcca4db035c01a1ef8070f41d696cf1ed72d29d4b28e570debbe2ef62
CVE-2024-5432,0,0,ab16c13801145bb5eaae071d9c21b29aca78e7920ad4908920a2f03fb30ba995,2024-07-15T16:53:35.600000
CVE-2024-5433,0,0,cf9a3f50aa3044d0d1df4fa80d5f9a0105faaa25fcb8a234110d2fd0fcff2ef0,2024-05-29T13:02:09.280000
CVE-2024-5434,0,0,bd01f6ae7a25122b4c9cfb7b6da0885ad33a7f141dec8df17c44747d924fac75,2024-05-29T13:02:09.280000
CVE-2024-5435,0,0,644527079f8780b3481878046fa6d0975193756f39d8f469646c6feeaf8dcbf8,2024-09-12T18:14:03.913000
CVE-2024-5435,0,1,7fa0bfcce7062d11bfed693d18f3ee80ebd55cd004719b4aac675700c9b1ccbe,2024-09-14T15:05:50.207000
CVE-2024-5436,0,0,1f0ff22e526bae999a5752534900397469f10984712d6e1a281251b3244c7ffe,2024-05-31T13:01:46.727000
CVE-2024-5437,0,0,b00058f5764b16d4661c63f1983ab9dae77d46bb23d9cbf0d57b3c9fafbd7a4a,2024-06-04T19:21:09.363000
CVE-2024-5438,0,0,beb1b61cb3794f25e50aa4c7911116dbbb532eaf0bf3366ce9bd52ca79f18ec6,2024-06-11T18:26:45.147000
@ -261342,7 +261342,7 @@ CVE-2024-6385,0,0,13d2095bcd11ed43b6c47262c7b96c8a9e162b20cb975895bc98c3af67d39f
CVE-2024-6386,0,0,9164927dbad6e7427231be8044dd2ccc9162f1a1173b863f2e4642cbddb16648,2024-08-22T12:48:02.790000
CVE-2024-6387,0,0,33e863f5fbdb5ebd28cdb76db79962b7a834a7793cc2d1eb4023a387b3acaea2,2024-09-14T03:15:08.143000
CVE-2024-6388,0,0,0ce37f83493b5d79bb3fdc963327390bc09266ac17f5f1de660cf43d4cdce70d,2024-06-27T17:11:52.390000
CVE-2024-6389,0,0,0f5288bc36ccabdeb644a7f1f848b2af478db86c3740cc3462d350146445ead0,2024-09-12T18:14:03.913000
CVE-2024-6389,0,1,97619f937594e57440ea9f8cb3d55fe9ec171c40b4959fd4a8bcfb76e0e63169,2024-09-14T15:10:39.037000
CVE-2024-6390,0,0,a350381d3f247972bbe468db9ec2332b3c135e89cdf36bdf1358f9f5965e67ff,2024-08-05T14:35:08.267000
CVE-2024-6391,0,0,f39301e9680e09028795caddd1f0219ac421e8fbe3773aa2e024531728c8f9e1,2024-07-09T18:19:14.047000
CVE-2024-6392,0,0,edc3ee0e5658afb33c71de43cf2ca6ea07650ea12323a6b995125316053d44cb,2024-08-15T14:56:16.490000
@ -261382,7 +261382,7 @@ CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a0
CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000
CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000
CVE-2024-6445,0,0,d4bd07ae9eba462d90eb79dcc7204c56bd4679ce8063eb2ebe32db5f30ce9fc7,2024-09-12T16:14:51.480000
CVE-2024-6446,0,0,7c3492ecf3af6ff83565ab5760f21367e9eee76954b966393573bbcb946cd3aa,2024-09-12T18:14:03.913000
CVE-2024-6446,0,1,40ba33596a31d7c54c56d318bcab067473a99b16234df2e24accf4e6227c9e31,2024-09-14T15:17:11.720000
CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000
CVE-2024-6448,0,0,29c9fba3b86c8e9eb615a2e1f73377ed9eea71e4eb21902a2662b1cd45074970,2024-08-28T12:57:27.610000
CVE-2024-6449,0,0,3f5ac8d5827bd74c021dab1f3c742a29223bd99b31b5ea254ad3baff099e2a5a,2024-09-12T15:32:19.680000
@ -261409,7 +261409,7 @@ CVE-2024-6472,0,0,06cfc3c26e9764572c1adb3e446cad13cb9599b02c4c47946f6698a134e258
CVE-2024-6473,0,0,9d329dd670917bde4dfbebd26b87a1f0ac64a0b550d97fba6854ff35150aadd6,2024-09-05T14:19:45.153000
CVE-2024-6477,0,0,095ad8bec127bb97feb0819e6df5852cd52601b6cc4ba1d92128a3b9897811f6,2024-09-06T17:35:19.087000
CVE-2024-6481,0,0,8a6ed16cb15e9b1be7b8ecc3c869a269748ddec5ecbc3504e8d7f068ea116af3,2024-08-08T14:35:14.190000
CVE-2024-6482,1,1,7d896b5aeb6a93873005c39543329631917bac06a8791a54c6832ab9fe4d1ee8,2024-09-14T13:15:10.343000
CVE-2024-6482,0,0,7d896b5aeb6a93873005c39543329631917bac06a8791a54c6832ab9fe4d1ee8,2024-09-14T13:15:10.343000
CVE-2024-6484,0,0,bc633abd6bfb9da06585afdfb273066dfbc508847026385eb612d46f7c70ed29,2024-07-11T18:09:58.777000
CVE-2024-6485,0,0,b143d2f5de1cad2c57f83d18fe64abfe0ba2da69210341aec4863f07cdd850cb,2024-07-11T18:09:58.777000
CVE-2024-6487,0,0,ade8feb977b02299075dd869ca65fb48f198290ee8a478009ada36ae91b54213,2024-08-01T14:00:24
@ -262568,7 +262568,7 @@ CVE-2024-8119,0,0,209c67cb8bfc8afcb7a4732dcac7c96ef9caf231c5c5c990646aa6c9fa1680
CVE-2024-8120,0,0,e3b9aaa878f2134b92d705f69a9facea2737a7bdb56611a3217b2f8626f847c1,2024-08-26T12:47:20.187000
CVE-2024-8121,0,0,ff1e52368219900437efe7b0d09c59c3cd45c1a8ee1d51b7c00a17f9caa0d460,2024-09-06T16:20:59.767000
CVE-2024-8123,0,0,0c7aca2112819fbb5f60b01b3de749c0321788022ccd287129bcc300c493718d,2024-09-06T17:20:28.600000
CVE-2024-8124,0,0,068cb7d15eea4491a957859c306eeb426f293fce72981bbbaecaed35888f4d38,2024-09-12T18:14:03.913000
CVE-2024-8124,0,1,069009b60fb461b3961d8d5a6f70a210254051552f91594c9e5f5615b13103e6,2024-09-14T15:18:34.463000
CVE-2024-8127,0,0,5102baf959cfebdfcce1f9ebf5537e39c68d598c19a75f9e8284fbe283c6efe3,2024-08-27T14:53:45.257000
CVE-2024-8128,0,0,d07e75d47fb86cf66a48a7ed0955a75ebdca9af77e0b6c43500f577ad4f51a7f,2024-08-27T15:32:47.997000
CVE-2024-8129,0,0,39dbf19e98dba6341432a7bc1b8c1b6b77a667d2938ed3ce971d1f146a38e875,2024-08-27T15:33:23.187000
@ -262823,13 +262823,13 @@ CVE-2024-8605,0,0,2abdfde3fad91633012e2fbc4796f8bda82aa939ecbbf9c2890b650d01ffd4
CVE-2024-8610,0,0,473e0782947d4bb5808f93b8ea2243b42a4e82997b690a69a9a95368e1eef9c1,2024-09-10T12:09:50.377000
CVE-2024-8611,0,0,a2b44027b2072954b313d2459899e49857f8f44440a8eb23f45a13a7d9867cef,2024-09-10T12:09:50.377000
CVE-2024-8622,0,0,8c0d8566c114d14578f376fb46a83dd09ecfc9aef59b4f73eead49a6f9d03ae6,2024-09-12T12:35:54.013000
CVE-2024-8631,0,0,ad06e619511fca58e085c8a9c495a6b947f226e413438966dd8936bfd409014d,2024-09-12T18:14:03.913000
CVE-2024-8635,0,0,a3656bf86941f54775cb4dcd7c23447a61c1236b0cd54261e3b29e21fb804490,2024-09-12T18:14:03.913000
CVE-2024-8631,0,1,ec0f3e499204fe8b3096f23de4c15b4f57ab537964111dc6b7313fbad5d35ea5,2024-09-14T15:22:31.717000
CVE-2024-8635,0,1,7a33169aa1c56166fecdf7f4d906662353a5e22f1362c34800f026c91df08470,2024-09-14T15:24:45.657000
CVE-2024-8636,0,0,0c59a94a620a4c5a9ca1b46d0e9c59ab3787ae337f0eaa0364c7e33937f31aa2,2024-09-13T14:35:08.313000
CVE-2024-8637,0,0,d6df40a324e01da3d9d07d635490137e7d47536917ac9016017a9e8f14b895ac,2024-09-13T14:35:09.463000
CVE-2024-8638,0,0,adc287523433619e00a0c3ce2872c8a5b5ae1ed0dec799a6e833b4af67d9d1f7,2024-09-13T14:35:10.470000
CVE-2024-8639,0,0,81b4d237da336d5cfc4eef796e8c69ea1e42ce312224983662ce770673b442eb,2024-09-13T14:35:11.650000
CVE-2024-8640,0,0,4f62187b49a595b28bad0bd53f1c9f9e810ccde507e922f6808577f832baf20b,2024-09-12T18:14:03.913000
CVE-2024-8640,0,1,355c8649c87d5efaa043494b8ec77b10dd7fca0f372cd99c6e0195d9ec1f3b26,2024-09-14T15:37:37.257000
CVE-2024-8641,0,0,70142403e266cff3ada76b36ab3a7e2087b6c631aef8afb8e81160bc63ca279c,2024-09-12T21:34:55.633000
CVE-2024-8642,0,0,0d7698e3a321d872dd4620edf9b803daeb8e08e2d186a2da501f5948a83a77e6,2024-09-11T16:26:11.920000
CVE-2024-8645,0,0,a9ec59eb761dcf7b03b051641e3314ff9102e8e55de30e4e3a512e1bddcece61,2024-09-10T12:09:50.377000
@ -262871,8 +262871,8 @@ CVE-2024-8747,0,0,6c88c8c8e632bc4d53a0196f95b7ceddf7275f331456b55093d5f334ca6d7b
CVE-2024-8749,0,0,6c300bdfd0775f414e5e2003c3bfef67fe867038e6f1a0c3495f0a7e6012e1de,2024-09-12T12:35:54.013000
CVE-2024-8750,0,0,418fabeb18e7b297a31252c3e8fef09ccda76bf14212f7478abfd99c5bae6ae6,2024-09-12T12:35:54.013000
CVE-2024-8751,0,0,dd4f77422f5dc981129a2e765da3e243ee86648b85be15172cd0c4e6601f992a,2024-09-13T14:06:04.777000
CVE-2024-8754,0,0,dcef29ecbc812aa49fbf1b13b0eb401b8ca812115ed5357160273332851b27b7,2024-09-12T18:14:03.913000
CVE-2024-8762,0,0,3365b2a60700d4c241af4290619684dfef583475bffb6fbc1a1478d60b8c3c6d,2024-09-13T14:06:04.777000
CVE-2024-8754,0,1,f8a4ca9a3c8c6c9af2a693c6565fade1a53b2c08d2db63ea33e154699f832b1a,2024-09-14T15:40:20.583000
CVE-2024-8762,0,1,2877f4481d10e26d4e6bf50e010d02152cab4d90b2c2329689bb4edd4b768ea9,2024-09-14T15:54:10.687000
CVE-2024-8775,0,0,fcca86ce876772170d6581789978acb0ae0c53951dd659594245568535621773,2024-09-14T11:47:14.677000
CVE-2024-8782,0,0,07c3a16b8681c9ebf93d105d5b076fbef190c05e8d1e936ffaeb395d86382ca2,2024-09-14T11:47:14.677000
CVE-2024-8783,0,0,289128ea1a51112e2b32da270994bcc7b30231f341b1d787ba1fce34d4218f29,2024-09-14T11:47:14.677000

Can't render this file because it is too large.