From 233eaa9f7920eff3acc1103e647dd2337f14cda0 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 18 Aug 2023 22:00:34 +0000 Subject: [PATCH] Auto-Update: 2023-08-18T22:00:30.628249+00:00 --- CVE-2022/CVE-2022-226xx/CVE-2022-22655.json | 86 ++++++++++++- CVE-2022/CVE-2022-266xx/CVE-2022-26699.json | 72 ++++++++++- CVE-2022/CVE-2022-328xx/CVE-2022-32876.json | 72 ++++++++++- CVE-2023/CVE-2023-202xx/CVE-2023-20212.json | 43 +++++++ CVE-2023/CVE-2023-274xx/CVE-2023-27471.json | 4 +- CVE-2023/CVE-2023-284xx/CVE-2023-28480.json | 64 +++++++++- CVE-2023/CVE-2023-290xx/CVE-2023-29097.json | 47 +++++++- CVE-2023/CVE-2023-304xx/CVE-2023-30475.json | 47 +++++++- CVE-2023/CVE-2023-304xx/CVE-2023-30477.json | 47 +++++++- CVE-2023/CVE-2023-304xx/CVE-2023-30483.json | 47 +++++++- CVE-2023/CVE-2023-370xx/CVE-2023-37070.json | 75 +++++++++++- CVE-2023/CVE-2023-388xx/CVE-2023-38890.json | 4 +- CVE-2023/CVE-2023-389xx/CVE-2023-38910.json | 4 +- CVE-2023/CVE-2023-389xx/CVE-2023-38911.json | 4 +- CVE-2023/CVE-2023-402xx/CVE-2023-40225.json | 126 ++++++++++++++++++-- CVE-2023/CVE-2023-403xx/CVE-2023-40341.json | 70 ++++++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40342.json | 70 ++++++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40343.json | 70 ++++++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40344.json | 70 ++++++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40345.json | 70 ++++++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40346.json | 70 ++++++++++- CVE-2023/CVE-2023-44xx/CVE-2023-4422.json | 4 +- README.md | 62 +++++----- 23 files changed, 1109 insertions(+), 119 deletions(-) create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20212.json diff --git a/CVE-2022/CVE-2022-226xx/CVE-2022-22655.json b/CVE-2022/CVE-2022-226xx/CVE-2022-22655.json index 47124296178..b9528d19c2f 100644 --- a/CVE-2022/CVE-2022-226xx/CVE-2022-22655.json +++ b/CVE-2022/CVE-2022-226xx/CVE-2022-22655.json @@ -2,23 +2,99 @@ "id": "CVE-2022-22655", "sourceIdentifier": "product-security@apple.com", "published": "2023-08-14T23:15:09.953", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:10:20.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.4", + "matchCriteriaId": "8C31A451-9CA8-4958-8602-A3CC4B4C55C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.4", + "matchCriteriaId": "ABA207BC-DD26-4B0D-80EA-589445821708" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.3", + "matchCriteriaId": "9422A022-F279-4596-BC97-3223611D73DC" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213182", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213183", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-266xx/CVE-2022-26699.json b/CVE-2022/CVE-2022-266xx/CVE-2022-26699.json index f878a322c70..71ab2f8ae78 100644 --- a/CVE-2022/CVE-2022-266xx/CVE-2022-26699.json +++ b/CVE-2022/CVE-2022-266xx/CVE-2022-26699.json @@ -2,19 +2,83 @@ "id": "CVE-2022-26699", "sourceIdentifier": "product-security@apple.com", "published": "2023-08-14T23:15:10.020", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:12:40.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.0", + "matchCriteriaId": "0A960726-1CF4-4E71-A1F7-2EA775D02DAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "13.0", + "matchCriteriaId": "2A54F5E4-E3E1-4F25-BDD8-64E0BDA06BE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213488", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-328xx/CVE-2022-32876.json b/CVE-2022/CVE-2022-328xx/CVE-2022-32876.json index c4740002304..50a55648fae 100644 --- a/CVE-2022/CVE-2022-328xx/CVE-2022-32876.json +++ b/CVE-2022/CVE-2022-328xx/CVE-2022-32876.json @@ -2,19 +2,83 @@ "id": "CVE-2022-32876", "sourceIdentifier": "product-security@apple.com", "published": "2023-08-14T23:15:10.093", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:15:09.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionEndIncluding": "9.0", + "matchCriteriaId": "0A960726-1CF4-4E71-A1F7-2EA775D02DAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0", + "versionEndExcluding": "13.0", + "matchCriteriaId": "2A54F5E4-E3E1-4F25-BDD8-64E0BDA06BE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213488", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20212.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20212.json new file mode 100644 index 00000000000..33529a5e6cb --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20212.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20212", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-08-18T20:15:09.773", + "lastModified": "2023-08-18T20:15:09.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. \r\n\r This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-FTkhqMWZ", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27471.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27471.json index c7c99bd589e..2a9a8167732 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27471.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27471", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T19:15:12.243", - "lastModified": "2023-08-18T19:15:12.243", - "vulnStatus": "Received", + "lastModified": "2023-08-18T20:11:33.760", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-284xx/CVE-2023-28480.json b/CVE-2023/CVE-2023-284xx/CVE-2023-28480.json index 6ba832356da..272d8a03f16 100644 --- a/CVE-2023/CVE-2023-284xx/CVE-2023-28480.json +++ b/CVE-2023/CVE-2023-284xx/CVE-2023-28480.json @@ -2,19 +2,75 @@ "id": "CVE-2023-28480", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T19:15:10.260", - "lastModified": "2023-08-15T12:29:16.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:22:00.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "BA582564-26E0-465D-A957-0EFD55AC3D03" + } + ] + } + ] + } + ], "references": [ { "url": "https://neo4j.com/security/cve-2023-28480/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29097.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29097.json index f546785ad1b..ff2ad72a5b9 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29097.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29097.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29097", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-14T14:15:10.170", - "lastModified": "2023-08-14T15:58:29.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:15:10.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:a3rev:a3_portfolio:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.0", + "matchCriteriaId": "AA0D36C0-4A1E-47C1-87E7-4A8BDDF53CBA" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/a3-portfolio/wordpress-a3-portfolio-plugin-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30475.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30475.json index 0d46fc073df..1e28148c480 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30475.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30475.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30475", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-14T14:15:10.277", - "lastModified": "2023-08-14T15:58:29.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:15:23.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:couponaffiliates:woocommerce_affiliate:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.4.5", + "matchCriteriaId": "56494766-A700-4B7F-A3FD-04AC26A6CFBB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-coupon-usage/wordpress-coupon-affiliates-plugin-5-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30477.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30477.json index cb392a0ad02..4c240157290 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30477.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30477.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30477", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-14T14:15:10.383", - "lastModified": "2023-08-14T15:58:29.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:22:15.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:essitco:affiliate_solution:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "B0E6F772-1B25-4A68-B6D4-40803BD4074A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/affiliate-solution/wordpress-affiliate-solution-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30483.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30483.json index 7e1a4f0668e..59cb1e8c67e 100644 --- a/CVE-2023/CVE-2023-304xx/CVE-2023-30483.json +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30483.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30483", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-14T14:15:10.487", - "lastModified": "2023-08-14T15:58:29.657", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:15:34.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.3.9.2", + "matchCriteriaId": "A5B62F34-267E-4F4D-8C24-4FA95669C045" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/watu/wordpress-watu-quiz-plugin-3-3-9-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-370xx/CVE-2023-37070.json b/CVE-2023/CVE-2023-370xx/CVE-2023-37070.json index 4c52654ce94..54b91186aa6 100644 --- a/CVE-2023/CVE-2023-370xx/CVE-2023-37070.json +++ b/CVE-2023/CVE-2023-370xx/CVE-2023-37070.json @@ -2,27 +2,90 @@ "id": "CVE-2023-37070", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T13:15:10.900", - "lastModified": "2023-08-14T13:26:38.470", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:16:06.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:hospital_information_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4FD71AB3-28CA-4ADB-B640-576DFAD1AE57" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/hospital-information-system-in-php-with-source-code/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/InfoSecWarrior/Offensive-Payloads/blob/main/Cross-Site-Scripting-XSS-Payloads.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37070-Exploit.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json index a5dfce9a701..ab5d41f4fee 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38890.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38890", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T19:15:12.690", - "lastModified": "2023-08-18T19:15:12.690", - "vulnStatus": "Received", + "lastModified": "2023-08-18T20:11:33.760", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38910.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38910.json index f22ecccf7b1..6896f2038b7 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38910.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38910.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38910", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T19:15:13.023", - "lastModified": "2023-08-18T19:15:13.023", - "vulnStatus": "Received", + "lastModified": "2023-08-18T20:11:33.760", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38911.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38911.json index e6741f7cd65..91734d27c6c 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38911.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38911.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38911", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T19:15:13.113", - "lastModified": "2023-08-18T19:15:13.113", - "vulnStatus": "Received", + "lastModified": "2023-08-18T20:11:33.760", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40225.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40225.json index bfa24c1da38..be9f0ff31f1 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40225.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40225.json @@ -2,39 +2,147 @@ "id": "CVE-2023-40225", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-10T21:15:10.743", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:03:17.290", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-444" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.32", + "matchCriteriaId": "023D059D-3A23-4CD9-85DF-119A32FB24B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.0", + "versionEndIncluding": "2.2.30", + "matchCriteriaId": "26AB82A2-31F2-4ECA-838A-9A94520B5AEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndIncluding": "2.4.23", + "matchCriteriaId": "B3F72E80-3A75-46BA-BC3A-40D87B7BFAF4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5.0", + "versionEndExcluding": "2.6.15", + "matchCriteriaId": "11561968-E0DC-4BFD-930F-52F96B4A4BBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.7.0", + "versionEndExcluding": "2.7.10", + "matchCriteriaId": "855FF6D8-8F0E-4402-AF4D-9810A5080E72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.8.0", + "versionEndExcluding": "2.8.2", + "matchCriteriaId": "8D4FC3EF-9132-46E7-A43B-9074EC0C2EC1" + } + ] + } + ] + } + ], "references": [ { "url": "https://cwe.mitre.org/data/definitions/436.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/haproxy/haproxy/issues/2237", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://www.haproxy.org/download/2.6/src/CHANGELOG", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.haproxy.org/download/2.7/src/CHANGELOG", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.haproxy.org/download/2.8/src/CHANGELOG", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40341.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40341.json index c6e3571a3d7..c25b3417846 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40341.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40341.json @@ -2,23 +2,83 @@ "id": "CVE-2023-40341", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.683", - "lastModified": "2023-08-17T19:15:13.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:04:57.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.27.5", + "matchCriteriaId": "D89CEF62-A137-4860-AAED-FBF65A38420C" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40342.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40342.json index 749b6b61a8d..e1893fbd6e0 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40342.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40342.json @@ -2,23 +2,83 @@ "id": "CVE-2023-40342", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.753", - "lastModified": "2023-08-17T19:15:13.650", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:05:19.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:flaky_test_handler:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.2.2", + "matchCriteriaId": "90925617-12A2-436E-8BC1-D2A5C59CB6E5" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3223", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40343.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40343.json index 50cdb6fc4ac..4bcba64d1dd 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40343.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40343.json @@ -2,23 +2,83 @@ "id": "CVE-2023-40343", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.817", - "lastModified": "2023-08-17T19:15:13.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:04:14.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:tuleap_authentication:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.1.20", + "matchCriteriaId": "5CC66E5D-B431-49C9-8450-24D92360FDE9" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3229", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40344.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40344.json index c045e7cc829..f7e26468fd7 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40344.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40344.json @@ -2,23 +2,83 @@ "id": "CVE-2023-40344", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.880", - "lastModified": "2023-08-17T19:15:13.780", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:01:47.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:delphix:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.0.2", + "matchCriteriaId": "681DA3E2-98DD-4822-8249-AD8E73BEBB4A" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(1)", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40345.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40345.json index b4dae219197..4c2f873b84a 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40345.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40345.json @@ -2,23 +2,83 @@ "id": "CVE-2023-40345", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.937", - "lastModified": "2023-08-17T19:15:13.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:01:50.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:delphix:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "3.0.2", + "matchCriteriaId": "681DA3E2-98DD-4822-8249-AD8E73BEBB4A" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(2)", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40346.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40346.json index d339093e5be..f7a0caf9991 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40346.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40346.json @@ -2,23 +2,83 @@ "id": "CVE-2023-40346", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:12.000", - "lastModified": "2023-08-17T19:15:13.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-18T20:00:39.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:shortcut_job:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "0.4", + "matchCriteriaId": "ACBC0946-E047-41B3-A3F0-2DF4B120B235" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3071", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4422.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4422.json index 7cf8a1e8871..1d78b77f7b7 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4422.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4422.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4422", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-18T19:15:13.250", - "lastModified": "2023-08-18T19:15:13.250", - "vulnStatus": "Received", + "lastModified": "2023-08-18T20:11:33.760", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index b2032e3644b..fac95d93f11 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-18T20:00:28.137771+00:00 +2023-08-18T22:00:30.628249+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-18T19:59:18.003000+00:00 +2023-08-18T20:22:15.393000+00:00 ``` ### Last Data Feed Release @@ -29,49 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222995 +222996 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `1` -* [CVE-2023-27471](CVE-2023/CVE-2023-274xx/CVE-2023-27471.json) (`2023-08-18T19:15:12.243`) -* [CVE-2023-38890](CVE-2023/CVE-2023-388xx/CVE-2023-38890.json) (`2023-08-18T19:15:12.690`) -* [CVE-2023-38910](CVE-2023/CVE-2023-389xx/CVE-2023-38910.json) (`2023-08-18T19:15:13.023`) -* [CVE-2023-38911](CVE-2023/CVE-2023-389xx/CVE-2023-38911.json) (`2023-08-18T19:15:13.113`) -* [CVE-2023-4422](CVE-2023/CVE-2023-44xx/CVE-2023-4422.json) (`2023-08-18T19:15:13.250`) +* [CVE-2023-20212](CVE-2023/CVE-2023-202xx/CVE-2023-20212.json) (`2023-08-18T20:15:09.773`) ### CVEs modified in the last Commit -Recently modified CVEs: `51` +Recently modified CVEs: `21` -* [CVE-2023-30489](CVE-2023/CVE-2023-304xx/CVE-2023-30489.json) (`2023-08-18T19:13:18.417`) -* [CVE-2023-38902](CVE-2023/CVE-2023-389xx/CVE-2023-38902.json) (`2023-08-18T19:15:12.817`) -* [CVE-2023-21230](CVE-2023/CVE-2023-212xx/CVE-2023-21230.json) (`2023-08-18T19:18:17.973`) -* [CVE-2023-21231](CVE-2023/CVE-2023-212xx/CVE-2023-21231.json) (`2023-08-18T19:22:32.220`) -* [CVE-2023-21232](CVE-2023/CVE-2023-212xx/CVE-2023-21232.json) (`2023-08-18T19:27:02.487`) -* [CVE-2023-21233](CVE-2023/CVE-2023-212xx/CVE-2023-21233.json) (`2023-08-18T19:29:16.643`) -* [CVE-2023-22444](CVE-2023/CVE-2023-224xx/CVE-2023-22444.json) (`2023-08-18T19:32:34.733`) -* [CVE-2023-21234](CVE-2023/CVE-2023-212xx/CVE-2023-21234.json) (`2023-08-18T19:33:31.687`) -* [CVE-2023-21273](CVE-2023/CVE-2023-212xx/CVE-2023-21273.json) (`2023-08-18T19:44:13.167`) -* [CVE-2023-31946](CVE-2023/CVE-2023-319xx/CVE-2023-31946.json) (`2023-08-18T19:52:31.287`) -* [CVE-2023-39850](CVE-2023/CVE-2023-398xx/CVE-2023-39850.json) (`2023-08-18T19:52:43.933`) -* [CVE-2023-39851](CVE-2023/CVE-2023-398xx/CVE-2023-39851.json) (`2023-08-18T19:52:52.827`) -* [CVE-2023-31945](CVE-2023/CVE-2023-319xx/CVE-2023-31945.json) (`2023-08-18T19:53:19.000`) -* [CVE-2023-31944](CVE-2023/CVE-2023-319xx/CVE-2023-31944.json) (`2023-08-18T19:53:32.777`) -* [CVE-2023-31943](CVE-2023/CVE-2023-319xx/CVE-2023-31943.json) (`2023-08-18T19:53:43.987`) -* [CVE-2023-31941](CVE-2023/CVE-2023-319xx/CVE-2023-31941.json) (`2023-08-18T19:54:03.467`) -* [CVE-2023-21271](CVE-2023/CVE-2023-212xx/CVE-2023-21271.json) (`2023-08-18T19:54:05.827`) -* [CVE-2023-31942](CVE-2023/CVE-2023-319xx/CVE-2023-31942.json) (`2023-08-18T19:54:17.253`) -* [CVE-2023-31940](CVE-2023/CVE-2023-319xx/CVE-2023-31940.json) (`2023-08-18T19:54:35.387`) -* [CVE-2023-31939](CVE-2023/CVE-2023-319xx/CVE-2023-31939.json) (`2023-08-18T19:54:56.413`) -* [CVE-2023-31938](CVE-2023/CVE-2023-319xx/CVE-2023-31938.json) (`2023-08-18T19:55:12.507`) -* [CVE-2023-40350](CVE-2023/CVE-2023-403xx/CVE-2023-40350.json) (`2023-08-18T19:56:16.510`) -* [CVE-2023-21272](CVE-2023/CVE-2023-212xx/CVE-2023-21272.json) (`2023-08-18T19:56:45.393`) -* [CVE-2023-40349](CVE-2023/CVE-2023-403xx/CVE-2023-40349.json) (`2023-08-18T19:58:43.633`) -* [CVE-2023-40348](CVE-2023/CVE-2023-403xx/CVE-2023-40348.json) (`2023-08-18T19:59:18.003`) +* [CVE-2022-22655](CVE-2022/CVE-2022-226xx/CVE-2022-22655.json) (`2023-08-18T20:10:20.783`) +* [CVE-2022-26699](CVE-2022/CVE-2022-266xx/CVE-2022-26699.json) (`2023-08-18T20:12:40.500`) +* [CVE-2022-32876](CVE-2022/CVE-2022-328xx/CVE-2022-32876.json) (`2023-08-18T20:15:09.717`) +* [CVE-2023-40346](CVE-2023/CVE-2023-403xx/CVE-2023-40346.json) (`2023-08-18T20:00:39.357`) +* [CVE-2023-40344](CVE-2023/CVE-2023-403xx/CVE-2023-40344.json) (`2023-08-18T20:01:47.190`) +* [CVE-2023-40345](CVE-2023/CVE-2023-403xx/CVE-2023-40345.json) (`2023-08-18T20:01:50.273`) +* [CVE-2023-40225](CVE-2023/CVE-2023-402xx/CVE-2023-40225.json) (`2023-08-18T20:03:17.290`) +* [CVE-2023-40343](CVE-2023/CVE-2023-403xx/CVE-2023-40343.json) (`2023-08-18T20:04:14.053`) +* [CVE-2023-40341](CVE-2023/CVE-2023-403xx/CVE-2023-40341.json) (`2023-08-18T20:04:57.107`) +* [CVE-2023-40342](CVE-2023/CVE-2023-403xx/CVE-2023-40342.json) (`2023-08-18T20:05:19.467`) +* [CVE-2023-27471](CVE-2023/CVE-2023-274xx/CVE-2023-27471.json) (`2023-08-18T20:11:33.760`) +* [CVE-2023-38890](CVE-2023/CVE-2023-388xx/CVE-2023-38890.json) (`2023-08-18T20:11:33.760`) +* [CVE-2023-38910](CVE-2023/CVE-2023-389xx/CVE-2023-38910.json) (`2023-08-18T20:11:33.760`) +* [CVE-2023-38911](CVE-2023/CVE-2023-389xx/CVE-2023-38911.json) (`2023-08-18T20:11:33.760`) +* [CVE-2023-4422](CVE-2023/CVE-2023-44xx/CVE-2023-4422.json) (`2023-08-18T20:11:33.760`) +* [CVE-2023-29097](CVE-2023/CVE-2023-290xx/CVE-2023-29097.json) (`2023-08-18T20:15:10.827`) +* [CVE-2023-30475](CVE-2023/CVE-2023-304xx/CVE-2023-30475.json) (`2023-08-18T20:15:23.233`) +* [CVE-2023-30483](CVE-2023/CVE-2023-304xx/CVE-2023-30483.json) (`2023-08-18T20:15:34.683`) +* [CVE-2023-37070](CVE-2023/CVE-2023-370xx/CVE-2023-37070.json) (`2023-08-18T20:16:06.100`) +* [CVE-2023-28480](CVE-2023/CVE-2023-284xx/CVE-2023-28480.json) (`2023-08-18T20:22:00.227`) +* [CVE-2023-30477](CVE-2023/CVE-2023-304xx/CVE-2023-30477.json) (`2023-08-18T20:22:15.393`) ## Download and Usage