admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-18T22:00:30.628249+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-18 22:00:34 +00:00
parent 822d986a57
commit 233eaa9f79
23 changed files with 1109 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
CVE-2022/CVE-2022-226xx/CVE-2022-22655.json
View File

@ -2,23 +2,99 @@
"id": "CVE-2022-22655", "id": "CVE-2022-22655",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:09.953", "published": "2023-08-14T23:15:09.953",
"lastModified": "2023-08-15T12:29:16.237", "lastModified": "2023-08-18T20:10:20.783",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information." "value": "An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.4",
"matchCriteriaId": "8C31A451-9CA8-4958-8602-A3CC4B4C55C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.4",
"matchCriteriaId": "ABA207BC-DD26-4B0D-80EA-589445821708"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.3",
"matchCriteriaId": "9422A022-F279-4596-BC97-3223611D73DC"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/HT213182", "url": "https://support.apple.com/en-us/HT213182",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT213183", "url": "https://support.apple.com/en-us/HT213183",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

72
CVE-2022/CVE-2022-266xx/CVE-2022-26699.json
View File

@ -2,19 +2,83 @@
"id": "CVE-2022-26699", "id": "CVE-2022-26699",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.020", "published": "2023-08-14T23:15:10.020",
"lastModified": "2023-08-15T12:29:16.237", "lastModified": "2023-08-18T20:12:40.500",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients." "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.0",
"matchCriteriaId": "0A960726-1CF4-4E71-A1F7-2EA775D02DAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "13.0",
"matchCriteriaId": "2A54F5E4-E3E1-4F25-BDD8-64E0BDA06BE9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/HT213488", "url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

72
CVE-2022/CVE-2022-328xx/CVE-2022-32876.json
View File

@ -2,19 +2,83 @@
"id": "CVE-2022-32876", "id": "CVE-2022-32876",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2023-08-14T23:15:10.093", "published": "2023-08-14T23:15:10.093",
"lastModified": "2023-08-15T12:29:16.237", "lastModified": "2023-08-18T20:15:09.717",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication." "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.0",
"matchCriteriaId": "0A960726-1CF4-4E71-A1F7-2EA775D02DAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndExcluding": "13.0",
"matchCriteriaId": "2A54F5E4-E3E1-4F25-BDD8-64E0BDA06BE9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/HT213488", "url": "https://support.apple.com/en-us/HT213488",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

43
CVE-2023/CVE-2023-202xx/CVE-2023-20212.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20212",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-08-18T20:15:09.773",
"lastModified": "2023-08-18T20:15:09.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. \r\n\r This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-FTkhqMWZ",
"source": "ykramarz@cisco.com"
}
]
}

4
CVE-2023/CVE-2023-274xx/CVE-2023-27471.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27471", "id": "CVE-2023-27471",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-18T19:15:12.243", "published": "2023-08-18T19:15:12.243",
"lastModified": "2023-08-18T19:15:12.243", "lastModified": "2023-08-18T20:11:33.760",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

64
CVE-2023/CVE-2023-284xx/CVE-2023-28480.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2023-28480", "id": "CVE-2023-28480",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T19:15:10.260", "published": "2023-08-14T19:15:10.260",
"lastModified": "2023-08-15T12:29:16.237", "lastModified": "2023-08-18T20:22:00.227",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls." "value": "An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tigergraph:tigergraph:3.7.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BA582564-26E0-465D-A957-0EFD55AC3D03"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://neo4j.com/security/cve-2023-28480/", "url": "https://neo4j.com/security/cve-2023-28480/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-290xx/CVE-2023-29097.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29097", "id": "CVE-2023-29097",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-14T14:15:10.170", "published": "2023-08-14T14:15:10.170",
"lastModified": "2023-08-14T15:58:29.657", "lastModified": "2023-08-18T20:15:10.827",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:a3rev:a3_portfolio:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.0",
"matchCriteriaId": "AA0D36C0-4A1E-47C1-87E7-4A8BDDF53CBA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/a3-portfolio/wordpress-a3-portfolio-plugin-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/a3-portfolio/wordpress-a3-portfolio-plugin-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-304xx/CVE-2023-30475.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30475", "id": "CVE-2023-30475",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-14T14:15:10.277", "published": "2023-08-14T14:15:10.277",
"lastModified": "2023-08-14T15:58:29.657", "lastModified": "2023-08-18T20:15:23.233",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:couponaffiliates:woocommerce_affiliate:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.4.5",
"matchCriteriaId": "56494766-A700-4B7F-A3FD-04AC26A6CFBB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/woo-coupon-usage/wordpress-coupon-affiliates-plugin-5-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/woo-coupon-usage/wordpress-coupon-affiliates-plugin-5-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-304xx/CVE-2023-30477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30477", "id": "CVE-2023-30477",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-14T14:15:10.383", "published": "2023-08-14T14:15:10.383",
"lastModified": "2023-08-14T15:58:29.657", "lastModified": "2023-08-18T20:22:15.393",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:essitco:affiliate_solution:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "B0E6F772-1B25-4A68-B6D4-40803BD4074A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/affiliate-solution/wordpress-affiliate-solution-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/affiliate-solution/wordpress-affiliate-solution-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-304xx/CVE-2023-30483.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30483", "id": "CVE-2023-30483",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-14T14:15:10.487", "published": "2023-08-14T14:15:10.487",
"lastModified": "2023-08-14T15:58:29.657", "lastModified": "2023-08-18T20:15:34.683",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.9.2",
"matchCriteriaId": "A5B62F34-267E-4F4D-8C24-4FA95669C045"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/watu/wordpress-watu-quiz-plugin-3-3-9-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/watu/wordpress-watu-quiz-plugin-3-3-9-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-370xx/CVE-2023-37070.json
View File

@ -2,27 +2,90 @@
"id": "CVE-2023-37070", "id": "CVE-2023-37070",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T13:15:10.900", "published": "2023-08-14T13:15:10.900",
"lastModified": "2023-08-14T13:26:38.470", "lastModified": "2023-08-18T20:16:06.100",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)" "value": "Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:hospital_information_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD71AB3-28CA-4ADB-B640-576DFAD1AE57"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://code-projects.org/hospital-information-system-in-php-with-source-code/", "url": "https://code-projects.org/hospital-information-system-in-php-with-source-code/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/InfoSecWarrior/Offensive-Payloads/blob/main/Cross-Site-Scripting-XSS-Payloads.txt", "url": "https://github.com/InfoSecWarrior/Offensive-Payloads/blob/main/Cross-Site-Scripting-XSS-Payloads.txt",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37070-Exploit.md", "url": "https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37070-Exploit.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-388xx/CVE-2023-38890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38890", "id": "CVE-2023-38890",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-18T19:15:12.690", "published": "2023-08-18T19:15:12.690",
"lastModified": "2023-08-18T19:15:12.690", "lastModified": "2023-08-18T20:11:33.760",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38910", "id": "CVE-2023-38910",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-18T19:15:13.023", "published": "2023-08-18T19:15:13.023",
"lastModified": "2023-08-18T19:15:13.023", "lastModified": "2023-08-18T20:11:33.760",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38911", "id": "CVE-2023-38911",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-18T19:15:13.113", "published": "2023-08-18T19:15:13.113",
"lastModified": "2023-08-18T19:15:13.113", "lastModified": "2023-08-18T20:11:33.760",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

126
CVE-2023/CVE-2023-402xx/CVE-2023-40225.json
View File

@ -2,39 +2,147 @@
"id": "CVE-2023-40225", "id": "CVE-2023-40225",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-10T21:15:10.743", "published": "2023-08-10T21:15:10.743",
"lastModified": "2023-08-11T03:44:51.127", "lastModified": "2023-08-18T20:03:17.290",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request." "value": "HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.32",
"matchCriteriaId": "023D059D-3A23-4CD9-85DF-119A32FB24B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.0",
"versionEndIncluding": "2.2.30",
"matchCriteriaId": "26AB82A2-31F2-4ECA-838A-9A94520B5AEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndIncluding": "2.4.23",
"matchCriteriaId": "B3F72E80-3A75-46BA-BC3A-40D87B7BFAF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.5.0",
"versionEndExcluding": "2.6.15",
"matchCriteriaId": "11561968-E0DC-4BFD-930F-52F96B4A4BBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.7.10",
"matchCriteriaId": "855FF6D8-8F0E-4402-AF4D-9810A5080E72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.0",
"versionEndExcluding": "2.8.2",
"matchCriteriaId": "8D4FC3EF-9132-46E7-A43B-9074EC0C2EC1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://cwe.mitre.org/data/definitions/436.html", "url": "https://cwe.mitre.org/data/definitions/436.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Technical Description"
]
}, },
{ {
"url": "https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856", "url": "https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/haproxy/haproxy/issues/2237", "url": "https://github.com/haproxy/haproxy/issues/2237",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.haproxy.org/download/2.6/src/CHANGELOG", "url": "https://www.haproxy.org/download/2.6/src/CHANGELOG",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://www.haproxy.org/download/2.7/src/CHANGELOG", "url": "https://www.haproxy.org/download/2.7/src/CHANGELOG",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://www.haproxy.org/download/2.8/src/CHANGELOG", "url": "https://www.haproxy.org/download/2.8/src/CHANGELOG",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-403xx/CVE-2023-40341.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-40341", "id": "CVE-2023-40341",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.683", "published": "2023-08-16T15:15:11.683",
"lastModified": "2023-08-17T19:15:13.587", "lastModified": "2023-08-18T20:04:57.107",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job." "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:blue_ocean:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.27.5",
"matchCriteriaId": "D89CEF62-A137-4860-AAED-FBF65A38420C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-403xx/CVE-2023-40342.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-40342", "id": "CVE-2023-40342",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.753", "published": "2023-08-16T15:15:11.753",
"lastModified": "2023-08-17T19:15:13.650", "lastModified": "2023-08-18T20:05:19.467",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents." "value": "Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:flaky_test_handler:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.2.2",
"matchCriteriaId": "90925617-12A2-436E-8BC1-D2A5C59CB6E5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3223", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3223",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-403xx/CVE-2023-40343.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-40343", "id": "CVE-2023-40343",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.817", "published": "2023-08-16T15:15:11.817",
"lastModified": "2023-08-17T19:15:13.713", "lastModified": "2023-08-18T20:04:14.053",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token." "value": "Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:tuleap_authentication:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.1.20",
"matchCriteriaId": "5CC66E5D-B431-49C9-8450-24D92360FDE9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3229", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3229",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-403xx/CVE-2023-40344.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-40344", "id": "CVE-2023-40344",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.880", "published": "2023-08-16T15:15:11.880",
"lastModified": "2023-08-17T19:15:13.780", "lastModified": "2023-08-18T20:01:47.190",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins." "value": "A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:delphix:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.0.2",
"matchCriteriaId": "681DA3E2-98DD-4822-8249-AD8E73BEBB4A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(1)", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(1)",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-403xx/CVE-2023-40345.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-40345", "id": "CVE-2023-40345",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:11.937", "published": "2023-08-16T15:15:11.937",
"lastModified": "2023-08-17T19:15:13.843", "lastModified": "2023-08-18T20:01:50.273",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to." "value": "Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:delphix:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.0.2",
"matchCriteriaId": "681DA3E2-98DD-4822-8249-AD8E73BEBB4A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(2)", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(2)",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-403xx/CVE-2023-40346.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-40346", "id": "CVE-2023-40346",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-08-16T15:15:12.000", "published": "2023-08-16T15:15:12.000",
"lastModified": "2023-08-17T19:15:13.910", "lastModified": "2023-08-18T20:00:39.357",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs." "value": "Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:shortcut_job:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "0.4",
"matchCriteriaId": "ACBC0946-E047-41B3-A3F0-2DF4B120B235"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3071", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3071",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-44xx/CVE-2023-4422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4422", "id": "CVE-2023-4422",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2023-08-18T19:15:13.250", "published": "2023-08-18T19:15:13.250",
"lastModified": "2023-08-18T19:15:13.250", "lastModified": "2023-08-18T20:11:33.760",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

62
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-08-18T20:00:28.137771+00:00 2023-08-18T22:00:30.628249+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-08-18T19:59:18.003000+00:00 2023-08-18T20:22:15.393000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,49 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
222995 222996
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `5` Recently added CVEs: `1`
* [CVE-2023-27471](CVE-2023/CVE-2023-274xx/CVE-2023-27471.json) (`2023-08-18T19:15:12.243`) * [CVE-2023-20212](CVE-2023/CVE-2023-202xx/CVE-2023-20212.json) (`2023-08-18T20:15:09.773`)
* [CVE-2023-38890](CVE-2023/CVE-2023-388xx/CVE-2023-38890.json) (`2023-08-18T19:15:12.690`)
* [CVE-2023-38910](CVE-2023/CVE-2023-389xx/CVE-2023-38910.json) (`2023-08-18T19:15:13.023`)
* [CVE-2023-38911](CVE-2023/CVE-2023-389xx/CVE-2023-38911.json) (`2023-08-18T19:15:13.113`)
* [CVE-2023-4422](CVE-2023/CVE-2023-44xx/CVE-2023-4422.json) (`2023-08-18T19:15:13.250`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `51` Recently modified CVEs: `21`
* [CVE-2023-30489](CVE-2023/CVE-2023-304xx/CVE-2023-30489.json) (`2023-08-18T19:13:18.417`) * [CVE-2022-22655](CVE-2022/CVE-2022-226xx/CVE-2022-22655.json) (`2023-08-18T20:10:20.783`)
* [CVE-2023-38902](CVE-2023/CVE-2023-389xx/CVE-2023-38902.json) (`2023-08-18T19:15:12.817`) * [CVE-2022-26699](CVE-2022/CVE-2022-266xx/CVE-2022-26699.json) (`2023-08-18T20:12:40.500`)
* [CVE-2023-21230](CVE-2023/CVE-2023-212xx/CVE-2023-21230.json) (`2023-08-18T19:18:17.973`) * [CVE-2022-32876](CVE-2022/CVE-2022-328xx/CVE-2022-32876.json) (`2023-08-18T20:15:09.717`)
* [CVE-2023-21231](CVE-2023/CVE-2023-212xx/CVE-2023-21231.json) (`2023-08-18T19:22:32.220`) * [CVE-2023-40346](CVE-2023/CVE-2023-403xx/CVE-2023-40346.json) (`2023-08-18T20:00:39.357`)
* [CVE-2023-21232](CVE-2023/CVE-2023-212xx/CVE-2023-21232.json) (`2023-08-18T19:27:02.487`) * [CVE-2023-40344](CVE-2023/CVE-2023-403xx/CVE-2023-40344.json) (`2023-08-18T20:01:47.190`)
* [CVE-2023-21233](CVE-2023/CVE-2023-212xx/CVE-2023-21233.json) (`2023-08-18T19:29:16.643`) * [CVE-2023-40345](CVE-2023/CVE-2023-403xx/CVE-2023-40345.json) (`2023-08-18T20:01:50.273`)
* [CVE-2023-22444](CVE-2023/CVE-2023-224xx/CVE-2023-22444.json) (`2023-08-18T19:32:34.733`) * [CVE-2023-40225](CVE-2023/CVE-2023-402xx/CVE-2023-40225.json) (`2023-08-18T20:03:17.290`)
* [CVE-2023-21234](CVE-2023/CVE-2023-212xx/CVE-2023-21234.json) (`2023-08-18T19:33:31.687`) * [CVE-2023-40343](CVE-2023/CVE-2023-403xx/CVE-2023-40343.json) (`2023-08-18T20:04:14.053`)
* [CVE-2023-21273](CVE-2023/CVE-2023-212xx/CVE-2023-21273.json) (`2023-08-18T19:44:13.167`) * [CVE-2023-40341](CVE-2023/CVE-2023-403xx/CVE-2023-40341.json) (`2023-08-18T20:04:57.107`)
* [CVE-2023-31946](CVE-2023/CVE-2023-319xx/CVE-2023-31946.json) (`2023-08-18T19:52:31.287`) * [CVE-2023-40342](CVE-2023/CVE-2023-403xx/CVE-2023-40342.json) (`2023-08-18T20:05:19.467`)
* [CVE-2023-39850](CVE-2023/CVE-2023-398xx/CVE-2023-39850.json) (`2023-08-18T19:52:43.933`) * [CVE-2023-27471](CVE-2023/CVE-2023-274xx/CVE-2023-27471.json) (`2023-08-18T20:11:33.760`)
* [CVE-2023-39851](CVE-2023/CVE-2023-398xx/CVE-2023-39851.json) (`2023-08-18T19:52:52.827`) * [CVE-2023-38890](CVE-2023/CVE-2023-388xx/CVE-2023-38890.json) (`2023-08-18T20:11:33.760`)
* [CVE-2023-31945](CVE-2023/CVE-2023-319xx/CVE-2023-31945.json) (`2023-08-18T19:53:19.000`) * [CVE-2023-38910](CVE-2023/CVE-2023-389xx/CVE-2023-38910.json) (`2023-08-18T20:11:33.760`)
* [CVE-2023-31944](CVE-2023/CVE-2023-319xx/CVE-2023-31944.json) (`2023-08-18T19:53:32.777`) * [CVE-2023-38911](CVE-2023/CVE-2023-389xx/CVE-2023-38911.json) (`2023-08-18T20:11:33.760`)
* [CVE-2023-31943](CVE-2023/CVE-2023-319xx/CVE-2023-31943.json) (`2023-08-18T19:53:43.987`) * [CVE-2023-4422](CVE-2023/CVE-2023-44xx/CVE-2023-4422.json) (`2023-08-18T20:11:33.760`)
* [CVE-2023-31941](CVE-2023/CVE-2023-319xx/CVE-2023-31941.json) (`2023-08-18T19:54:03.467`) * [CVE-2023-29097](CVE-2023/CVE-2023-290xx/CVE-2023-29097.json) (`2023-08-18T20:15:10.827`)
* [CVE-2023-21271](CVE-2023/CVE-2023-212xx/CVE-2023-21271.json) (`2023-08-18T19:54:05.827`) * [CVE-2023-30475](CVE-2023/CVE-2023-304xx/CVE-2023-30475.json) (`2023-08-18T20:15:23.233`)
* [CVE-2023-31942](CVE-2023/CVE-2023-319xx/CVE-2023-31942.json) (`2023-08-18T19:54:17.253`) * [CVE-2023-30483](CVE-2023/CVE-2023-304xx/CVE-2023-30483.json) (`2023-08-18T20:15:34.683`)
* [CVE-2023-31940](CVE-2023/CVE-2023-319xx/CVE-2023-31940.json) (`2023-08-18T19:54:35.387`) * [CVE-2023-37070](CVE-2023/CVE-2023-370xx/CVE-2023-37070.json) (`2023-08-18T20:16:06.100`)
* [CVE-2023-31939](CVE-2023/CVE-2023-319xx/CVE-2023-31939.json) (`2023-08-18T19:54:56.413`) * [CVE-2023-28480](CVE-2023/CVE-2023-284xx/CVE-2023-28480.json) (`2023-08-18T20:22:00.227`)
* [CVE-2023-31938](CVE-2023/CVE-2023-319xx/CVE-2023-31938.json) (`2023-08-18T19:55:12.507`) * [CVE-2023-30477](CVE-2023/CVE-2023-304xx/CVE-2023-30477.json) (`2023-08-18T20:22:15.393`)
* [CVE-2023-40350](CVE-2023/CVE-2023-403xx/CVE-2023-40350.json) (`2023-08-18T19:56:16.510`)
* [CVE-2023-21272](CVE-2023/CVE-2023-212xx/CVE-2023-21272.json) (`2023-08-18T19:56:45.393`)
* [CVE-2023-40349](CVE-2023/CVE-2023-403xx/CVE-2023-40349.json) (`2023-08-18T19:58:43.633`)
* [CVE-2023-40348](CVE-2023/CVE-2023-403xx/CVE-2023-40348.json) (`2023-08-18T19:59:18.003`)
## Download and Usage ## Download and Usage