admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-11-10T23:00:19.312599+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-11-10 23:00:22 +00:00
parent 88712814a9
commit 3139474764
2 changed files with 72 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2023/CVE-2023-471xx/CVE-2023-47122.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-47122",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-10T22:15:14.250",
"lastModified": "2023-11-10T22:15:14.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures. There is no known compromise the default public good instance (`rekor.sigstore.dev`) - anyone using this instance is unaffected. This issue was fixed in v0.8.0. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://docs.sigstore.dev/about/threat-model/#sigstore-threat-model",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sigstore/gitsign/commit/cd66ccb03c86a3600955f0c15f6bfeb75f697236",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sigstore/gitsign/pull/399",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sigstore/gitsign/security/advisories/GHSA-xvrc-2wvh-49vc",
"source": "security-advisories@github.com"
}
]
}

12
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-11-10T21:00:18.809981+00:00 2023-11-10T23:00:19.312599+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-11-10T20:15:07.263000+00:00 2023-11-10T22:15:14.250000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,16 +29,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
230343 230344
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `3` Recently added CVEs: `1`
* [CVE-2023-47108](CVE-2023/CVE-2023-471xx/CVE-2023-47108.json) (`2023-11-10T19:15:16.410`) * [CVE-2023-47122](CVE-2023/CVE-2023-471xx/CVE-2023-47122.json) (`2023-11-10T22:15:14.250`)
* [CVE-2023-47129](CVE-2023/CVE-2023-471xx/CVE-2023-47129.json) (`2023-11-10T19:15:16.617`)
* [CVE-2023-36027](CVE-2023/CVE-2023-360xx/CVE-2023-36027.json) (`2023-11-10T20:15:07.263`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit