From 75a6d46b9fca44412d525138f75c3e2db7e61077 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 7 Jul 2024 18:03:35 +0000 Subject: [PATCH] Auto-Update: 2024-07-07T18:00:42.520950+00:00 --- CVE-2024/CVE-2024-62xx/CVE-2024-6229.json | 56 +++++++++++++++++++++++ README.md | 8 ++-- _state.csv | 3 +- 3 files changed, 62 insertions(+), 5 deletions(-) create mode 100644 CVE-2024/CVE-2024-62xx/CVE-2024-6229.json diff --git a/CVE-2024/CVE-2024-62xx/CVE-2024-6229.json b/CVE-2024/CVE-2024-62xx/CVE-2024-6229.json new file mode 100644 index 00000000000..7bf02545dad --- /dev/null +++ b/CVE-2024/CVE-2024-62xx/CVE-2024-6229.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-6229", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-07-07T16:15:02.013", + "lastModified": "2024-07-07T16:15:02.013", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever any user clicks on a link containing the payload, leading to potential data theft, session hijacking, and reputation damage." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/2ee71e9e-2cf5-41a4-8440-d75758018786", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8f450677b0e..fc6903818e8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-07T16:00:28.387567+00:00 +2024-07-07T18:00:42.520950+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-07T15:15:09.923000+00:00 +2024-07-07T16:15:02.013000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255977 +255978 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-40614](CVE-2024/CVE-2024-406xx/CVE-2024-40614.json) (`2024-07-07T15:15:09.923`) +- [CVE-2024-6229](CVE-2024/CVE-2024-62xx/CVE-2024-6229.json) (`2024-07-07T16:15:02.013`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index a500fdf9bd6..d8fd5825966 100644 --- a/_state.csv +++ b/_state.csv @@ -254315,7 +254315,7 @@ CVE-2024-40603,0,0,a59eb09c112c52f2f41fff991543251e420e8ed1adcc447fe75b7105e7759 CVE-2024-40604,0,0,06c9fcfeda33a92aaaf0864f242969e9767dfcef607901c977ee31765ab64188,2024-07-07T00:15:10.690000 CVE-2024-40605,0,0,63f2796aa96da63d2a64510dcc3ffc1fba4cca74f8258df71034a13d64b69abc,2024-07-07T00:15:10.770000 CVE-2024-4061,0,0,731822e6f24cd811e7f06812f39ade81c9a66c6b1046f4d45903066a1f181f99,2024-05-21T12:37:59.687000 -CVE-2024-40614,1,1,a58e68ff975dc388908772a166ffcb41c50e83a7ba383078526a5a88e8f6baf7,2024-07-07T15:15:09.923000 +CVE-2024-40614,0,0,a58e68ff975dc388908772a166ffcb41c50e83a7ba383078526a5a88e8f6baf7,2024-07-07T15:15:09.923000 CVE-2024-4062,0,0,7fcbe6e50148b9b5e05d3025a893191a4aca3bb309243ec182c3df8f6e2a0587,2024-06-04T19:20:29.007000 CVE-2024-4063,0,0,10c24a204d439c4cd3340a486d9bc67fc982c548c71c2d3a385738d7e6499dc1,2024-06-04T19:20:29.120000 CVE-2024-4064,0,0,0a357968458dd966b7a4969f86556627b0af0220edbb91249e767e6972ab2a17,2024-05-17T02:40:14.223000 @@ -255866,6 +255866,7 @@ CVE-2024-6216,0,0,163aaa10da8fbd3f1a722ddf5828825abea50c90fd2d9b89c4bf2c73ab93f6 CVE-2024-6217,0,0,3711ed31aaa9f7586428ac093ba9118453625e92a316540d8e0c90d5655ba292,2024-06-21T11:22:01.687000 CVE-2024-6218,0,0,080145c08c5ffaf1b0f4fe61601c30772836ccbea26d111bc22bd57681c581e7,2024-06-21T15:15:16.547000 CVE-2024-6225,0,0,05da1495d7d116987721ea4d8dad783669e833db8afd42c6e9b9d7b36358250e,2024-06-24T19:21:28.450000 +CVE-2024-6229,1,1,f1f054c8daa5ac2c46672d5a0f53c7a9d2a940a35470133039aaba3576e253b3,2024-07-07T16:15:02.013000 CVE-2024-6238,0,0,01bce4fcd5bf21099e3fa29fb7e34bf0d2a461d152d0ae3d9b913c1fb46d1451,2024-06-25T18:50:42.040000 CVE-2024-6239,0,0,4d98a21d53ef2e5917897cadc254a12ee654ff1e3575a82a15151981272f61b5,2024-06-24T19:06:27.537000 CVE-2024-6240,0,0,3ba60659d5977ed2c81ae70dc02c754f9eebbd14309190bebb86d2a019bd47a8,2024-06-24T19:10:38.983000