From 6655d48d493fd85856bc4e5921c1e6eb94653541 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 5 Oct 2023 12:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-10-05T12:00:27.130395+00:00 --- CVE-2023/CVE-2023-451xx/CVE-2023-45159.json | 55 +++++++++++++++++++++ README.md | 12 ++--- 2 files changed, 61 insertions(+), 6 deletions(-) create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45159.json diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45159.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45159.json new file mode 100644 index 00000000000..a2bc647c534 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45159.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45159", + "sourceIdentifier": "security@1e.com", + "published": "2023-10-05T11:15:14.063", + "lastModified": "2023-10-05T11:15:14.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "1E Client installer can perform arbitrary file deletion on protected files.\u00a0\u00a0\n\nA non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces\u00a0the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@1e.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@1e.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + } + ], + "references": [ + { + "url": "https://www.1e.com/trust-security-compliance/cve-info/", + "source": "security@1e.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f13164f02d6..f09b90ee2ca 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-05T08:00:25.785982+00:00 +2023-10-05T12:00:27.130395+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-05T06:15:09.290000+00:00 +2023-10-05T11:15:14.063000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227030 +227031 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `1` +* [CVE-2023-45159](CVE-2023/CVE-2023-451xx/CVE-2023-45159.json) (`2023-10-05T11:15:14.063`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2021-21551](CVE-2021/CVE-2021-215xx/CVE-2021-21551.json) (`2023-10-05T06:15:09.290`) ## Download and Usage