Auto-Update: 2025-01-23T09:00:32.968654+00:00

2025-05-09 03:57:14 +00:00 · 2025-01-23 09:03:58 +00:00 · 2025-01-23 09:03:58 +00:00 · 3bda054cd5
commit 3bda054cd5
parent 902c6f7b4b
4 changed files with 126 additions and 15 deletions
--- a/CVE-2024/CVE-2024-529xx/CVE-2024-52972.json
+++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52972.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-52972",
+  "sourceIdentifier": "bressers@elastic.co",
+  "published": "2025-01-23T07:15:08.700",
+  "lastModified": "2025-01-23T07:15:08.700",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "bressers@elastic.co",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "bressers@elastic.co",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-770"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://discuss.elastic.co/t/kibana-7-17-23-8-15-0-security-updates-esa-2024-32-esa-2024-33/373548",
+      "source": "bressers@elastic.co"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-529xx/CVE-2024-52975.json
+++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52975.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-52975",
+  "sourceIdentifier": "bressers@elastic.co",
+  "published": "2025-01-23T08:15:16.990",
+  "lastModified": "2025-01-23T08:15:16.990",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "bressers@elastic.co",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "baseScore": 9.0,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "bressers@elastic.co",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://discuss.elastic.co/t/fleet-server-8-15-0-security-update-esa-2024-31/373522",
+      "source": "bressers@elastic.co"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-23T07:00:19.965624+00:00
+2025-01-23T09:00:32.968654+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-23T06:15:27.893000+00:00
+2025-01-23T08:15:16.990000+00:00
 ```

 ### Last Data Feed Release
@ -33,24 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-278637
+278639
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `2`

- [CVE-2024-43707](CVE-2024/CVE-2024-437xx/CVE-2024-43707.json) (`2025-01-23T06:15:27.380`)
- [CVE-2024-43710](CVE-2024/CVE-2024-437xx/CVE-2024-43710.json) (`2025-01-23T06:15:27.550`)
- [CVE-2025-24529](CVE-2025/CVE-2025-245xx/CVE-2025-24529.json) (`2025-01-23T06:15:27.710`)
- [CVE-2025-24530](CVE-2025/CVE-2025-245xx/CVE-2025-24530.json) (`2025-01-23T06:15:27.893`)
+- [CVE-2024-52972](CVE-2024/CVE-2024-529xx/CVE-2024-52972.json) (`2025-01-23T07:15:08.700`)
+- [CVE-2024-52975](CVE-2024/CVE-2024-529xx/CVE-2024-52975.json) (`2025-01-23T08:15:16.990`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-12085](CVE-2024/CVE-2024-120xx/CVE-2024-12085.json) (`2025-01-23T06:15:26.843`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -245117,7 +245117,7 @@ CVE-2024-1208,0,0,3c4b0e7895c1837530e812c9d592f58958b18ef870d236a49969dfb3f5e669
 CVE-2024-12082,0,0,d67c450c190c0364d4b144dcd382bc569f8e4f4f12ff2a960005828e083c85c7,2024-12-11T17:12:56.793000
 CVE-2024-12083,0,0,d43543ed1a2c4c8cfbaff70b85f71ffc7dc15514475ec8e8bc46a80ffd753fb3,2025-01-14T01:15:09.267000
 CVE-2024-12084,0,0,fe5308a36c7239f4fe16284500a49c24cf51de42c57cef941d363a1b33c8f1f6,2025-01-15T15:15:10.537000
-CVE-2024-12085,0,1,f90fdedd785deac1ec9433cc23cc333178c884158ba18328a3296b52f5bce1e9,2025-01-23T06:15:26.843000
+CVE-2024-12085,0,0,f90fdedd785deac1ec9433cc23cc333178c884158ba18328a3296b52f5bce1e9,2025-01-23T06:15:26.843000
 CVE-2024-12086,0,0,e5130c03152639985c3e2f822b45f241716bd573825b1ce309364a23fc10467b,2025-01-14T22:15:26.370000
 CVE-2024-12087,0,0,083db16c2a7b9baa1b397fd2cd269bff2aa8f7c2646d1851d134f1f8a052e34a,2025-01-14T22:15:26.503000
 CVE-2024-12088,0,0,789608af69629f4130f54998ea59694fde701c19a329a9d8093e26a51277e55d,2025-01-14T22:15:26.600000
@ -264839,10 +264839,10 @@ CVE-2024-43702,0,0,026195b67973267c5f7e1b66b43eadfe3de1f0eaa8dad79a11b9df4d6c345
 CVE-2024-43703,0,0,e564d47a3ea8e2e59e7c0c62fe5b37de767d270b87bc716325b902fc07b61a86,2024-12-01T23:15:06.383000
 CVE-2024-43704,0,0,82c22af109add6551b6eea89e99a6b50accfdf02d564899eae149615096d5dc8,2024-11-18T17:11:17.393000
 CVE-2024-43705,0,0,29f69c0cebaa0d9dd3b94a974b4686ab8ab2fbc5f28104cf63225fbecfd597b0,2024-12-28T17:15:07.190000
-CVE-2024-43707,1,1,ddeb87cfbf6c2f90875a66a1e09b89cb4d1a17486d95025ee3c0d5c040f5ea0d,2025-01-23T06:15:27.380000
+CVE-2024-43707,0,0,ddeb87cfbf6c2f90875a66a1e09b89cb4d1a17486d95025ee3c0d5c040f5ea0d,2025-01-23T06:15:27.380000
 CVE-2024-43709,0,0,09cf25b20d4028796eee5e828fe568cc7b1650ddae8136f4850d31a7a66e0f89,2025-01-21T11:15:09.807000
 CVE-2024-4371,0,0,e83d972dfd798c0045589442b000f085f252e3d21fb48583dd2590000a3618ae,2024-11-21T09:42:43.087000
-CVE-2024-43710,1,1,66507b3ca0fa781f24439dda0a4400e175eb5584cf6d616992df280c4323ef00,2025-01-23T06:15:27.550000
+CVE-2024-43710,0,0,66507b3ca0fa781f24439dda0a4400e175eb5584cf6d616992df280c4323ef00,2025-01-23T06:15:27.550000
 CVE-2024-43712,0,0,9ab3fe760e8f19464e8d37dd73b7335ae43d5382e27e4d6ab5795a2dd3e62314,2024-12-17T15:23:11.173000
 CVE-2024-43713,0,0,2351d2ccf5a9bdfa299b6fe1f3d7c7e3a4bbc01a6f8443c4348a36cf5880bc04,2024-12-17T14:55:13.953000
 CVE-2024-43714,0,0,73ad98cab774040abdc9b8e9830549831c35b419b45dea5dc85f0b3962eb2d25,2024-12-17T14:55:24.553000
@ -271212,7 +271212,9 @@ CVE-2024-52963,0,0,ff01669b1598f0bce0b4b90af8cc55f96a203c8a430eccd639efb9c221ab9
 CVE-2024-52967,0,0,ee495ed0ae82b5386a5a5e29b20d009f38e7fec0fdb15824df2e77e4920e6e29,2025-01-14T14:15:33.967000
 CVE-2024-52969,0,0,d48edc4c533d9acd9a260c0e4d555526245a1be1476ba79e29b9502b8c79f01c,2025-01-14T14:15:34.123000
 CVE-2024-5297,0,0,4e7f74d9629bbb9b864fb76b28bd5d406dd3be0c174577372182a6d0a600d934,2024-11-21T09:47:22.990000
+CVE-2024-52972,1,1,7c321733bc0eb6dbde9e2cbb52d276f2124cc37045e46c00de470cd13b384da3,2025-01-23T07:15:08.700000
 CVE-2024-52973,0,0,80557c3abfe62ff99c7924275640db641adc976d538445e17950b607d9ba9ac5,2025-01-21T11:15:10.200000
+CVE-2024-52975,1,1,d860756695811f7a9e54fae9d7efd286035e360bea37bbeca473a1af11dfcd09,2025-01-23T08:15:16.990000
 CVE-2024-5298,0,0,329feabae44ccd7ff86530cac1ce0ba86c416ea44126377af7ea7290b6d65a10,2024-11-21T09:47:23.103000
 CVE-2024-52982,0,0,87ddbec0fddbec6a4eb61fd0607c77d31103b1dd9283c5a13ec4d5a36a8ccef0,2024-12-18T18:22:52.637000
 CVE-2024-52983,0,0,6cf30a09aaa853464d214fc07b1d213f931e08bd912522971a9cefc2fb965c45,2024-12-18T18:23:06.273000
@ -278634,5 +278636,5 @@ CVE-2025-24458,0,0,d40186eb9e20b87dbfe22ca8e82230b8c5ca63ed2b27afa922d0acbf4a5a6
 CVE-2025-24459,0,0,cf1053a49f1d3955a9edd8a62798e64293c85e15ea82c35fbb496d77989ebff7,2025-01-21T18:15:18.890000
 CVE-2025-24460,0,0,97eab806c8a3d30547891d4eaab3684701aff9d96e2ee7ed4dd851798df9859e,2025-01-21T18:15:19.067000
 CVE-2025-24461,0,0,4661385da2b0856294db236374b642678d50c8f98ffe4c271a944c44e0c44892,2025-01-21T18:15:19.260000
-CVE-2025-24529,1,1,7459c8f6ea6572438be054043522f6ad7d47bb47712c68b14b3279374ca9499e,2025-01-23T06:15:27.710000
-CVE-2025-24530,1,1,26bcbc2a7fc8ce39ab2344c25221d31ecec6ecd190428b8d21eb1bedd98340f6,2025-01-23T06:15:27.893000
+CVE-2025-24529,0,0,7459c8f6ea6572438be054043522f6ad7d47bb47712c68b14b3279374ca9499e,2025-01-23T06:15:27.710000
+CVE-2025-24530,0,0,26bcbc2a7fc8ce39ab2344c25221d31ecec6ecd190428b8d21eb1bedd98340f6,2025-01-23T06:15:27.893000