From 071866d86940997f7631cfe518f9f9a21f083465 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 20 Feb 2024 07:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-02-20T07:00:25.674495+00:00 --- CVE-2022/CVE-2022-453xx/CVE-2022-45320.json | 20 ++++++++ CVE-2023/CVE-2023-51xx/CVE-2023-5190.json | 55 +++++++++++++++++++++ README.md | 21 +++----- 3 files changed, 82 insertions(+), 14 deletions(-) create mode 100644 CVE-2022/CVE-2022-453xx/CVE-2022-45320.json create mode 100644 CVE-2023/CVE-2023-51xx/CVE-2023-5190.json diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45320.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45320.json new file mode 100644 index 00000000000..b49c49ae13f --- /dev/null +++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45320.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-45320", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-20T05:15:07.613", + "lastModified": "2024-02-20T05:15:07.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5190.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5190.json new file mode 100644 index 00000000000..b3f744eac32 --- /dev/null +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5190.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5190", + "sourceIdentifier": "security@liferay.com", + "published": "2024-02-20T06:15:07.680", + "lastModified": "2024-02-20T06:15:07.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Open redirect vulnerability in the Countries Management\u2019s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@liferay.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-5190", + "source": "security@liferay.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ac75c93e1f0..2ceee5b4249 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-20T05:00:24.601044+00:00 +2024-02-20T07:00:25.674495+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-20T04:15:07.330000+00:00 +2024-02-20T06:15:07.680000+00:00 ``` ### Last Data Feed Release @@ -29,28 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238919 +238921 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -* [CVE-2023-6764](CVE-2023/CVE-2023-67xx/CVE-2023-6764.json) (`2024-02-20T03:15:07.870`) -* [CVE-2024-1510](CVE-2024/CVE-2024-15xx/CVE-2024-1510.json) (`2024-02-20T03:15:08.077`) -* [CVE-2024-1559](CVE-2024/CVE-2024-15xx/CVE-2024-1559.json) (`2024-02-20T04:15:07.330`) +* [CVE-2022-45320](CVE-2022/CVE-2022-453xx/CVE-2022-45320.json) (`2024-02-20T05:15:07.613`) +* [CVE-2023-5190](CVE-2023/CVE-2023-51xx/CVE-2023-5190.json) (`2024-02-20T06:15:07.680`) ### CVEs modified in the last Commit -Recently modified CVEs: `6` +Recently modified CVEs: `0` -* [CVE-2023-6398](CVE-2023/CVE-2023-63xx/CVE-2023-6398.json) (`2024-02-20T03:15:07.650`) -* [CVE-2023-6693](CVE-2023/CVE-2023-66xx/CVE-2023-6693.json) (`2024-02-20T03:15:07.750`) -* [CVE-2024-24258](CVE-2024/CVE-2024-242xx/CVE-2024-24258.json) (`2024-02-20T03:15:08.257`) -* [CVE-2024-24259](CVE-2024/CVE-2024-242xx/CVE-2024-24259.json) (`2024-02-20T03:15:08.330`) -* [CVE-2024-24575](CVE-2024/CVE-2024-245xx/CVE-2024-24575.json) (`2024-02-20T03:15:08.397`) -* [CVE-2024-24577](CVE-2024/CVE-2024-245xx/CVE-2024-24577.json) (`2024-02-20T03:15:08.520`) ## Download and Usage