From 8e53b895c4355fe78efbba6f8a72d69b701b78b2 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 29 Sep 2023 08:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-09-29T08:00:26.836881+00:00 --- CVE-2023/CVE-2023-09xx/CVE-2023-0989.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-22xx/CVE-2023-2233.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-305xx/CVE-2023-30591.json | 67 +++++++++++++++++++++ CVE-2023/CVE-2023-31xx/CVE-2023-3115.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3906.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3914.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3917.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3920.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-39xx/CVE-2023-3979.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44466.json | 32 ++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44469.json | 28 +++++++++ CVE-2023/CVE-2023-45xx/CVE-2023-4532.json | 59 ++++++++++++++++++ README.md | 51 ++++++---------- 13 files changed, 675 insertions(+), 34 deletions(-) create mode 100644 CVE-2023/CVE-2023-09xx/CVE-2023-0989.json create mode 100644 CVE-2023/CVE-2023-22xx/CVE-2023-2233.json create mode 100644 CVE-2023/CVE-2023-305xx/CVE-2023-30591.json create mode 100644 CVE-2023/CVE-2023-31xx/CVE-2023-3115.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3906.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3914.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3917.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3920.json create mode 100644 CVE-2023/CVE-2023-39xx/CVE-2023-3979.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44466.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44469.json create mode 100644 CVE-2023/CVE-2023-45xx/CVE-2023-4532.json diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0989.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0989.json new file mode 100644 index 00000000000..2850b2d738c --- /dev/null +++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0989.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-0989", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:12.520", + "lastModified": "2023-09-29T07:15:12.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An information disclosure issue in GitLab CE/EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417275", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1875515", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2233.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2233.json new file mode 100644 index 00000000000..79cba852284 --- /dev/null +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2233.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-2233", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:12.927", + "lastModified": "2023-09-29T07:15:12.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/408359", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/1947211", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30591.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30591.json new file mode 100644 index 00000000000..707e577c7cf --- /dev/null +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30591.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-30591", + "sourceIdentifier": "info@starlabs.sg", + "published": "2023-09-29T06:15:09.870", + "lastModified": "2023-09-29T06:15:09.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "info@starlabs.sg", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-241" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/NodeBB/NodeBB/commit/37b48b82a4bc7680c6e4c42647209010cb239c2c", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/NodeBB/NodeBB/commit/4d2d76897a02e7068ab74c81d17a2febfae8bfb9", + "source": "info@starlabs.sg" + }, + { + "url": "https://github.com/NodeBB/NodeBB/commit/830f142b7aea2e597294a84d52c05aab3a3539ca", + "source": "info@starlabs.sg" + }, + { + "url": "https://starlabs.sg/advisories/23/23-30591/", + "source": "info@starlabs.sg" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3115.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3115.json new file mode 100644 index 00000000000..063c0e0a402 --- /dev/null +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3115.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3115", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:13.100", + "lastModified": "2023-09-29T07:15:13.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/414367", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2004158", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3906.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3906.json new file mode 100644 index 00000000000..411f576c56a --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3906.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3906", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:13.233", + "lastModified": "2023-09-29T07:15:13.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419213", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2071411", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3914.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3914.json new file mode 100644 index 00000000000..bd490963327 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3914.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3914", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:13.380", + "lastModified": "2023-09-29T07:15:13.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-840" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/418115", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2040822", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3917.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3917.json new file mode 100644 index 00000000000..f78fe67d203 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3917.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3917", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:13.557", + "lastModified": "2023-09-29T07:15:13.557", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417896", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2055158", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3920.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3920.json new file mode 100644 index 00000000000..3611869ae66 --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3920.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3920", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:13.777", + "lastModified": "2023-09-29T07:15:13.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417481", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2058121", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3979.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3979.json new file mode 100644 index 00000000000..66ecf614ade --- /dev/null +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3979.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3979", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:13.910", + "lastModified": "2023-09-29T07:15:13.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request\u2019s source branch. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/419972", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2082560", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44466.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44466.json new file mode 100644 index 00000000000..1de8abd68d5 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44466.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-44466", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-29T06:15:11.007", + "lastModified": "2023-09-29T06:15:11.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97", + "source": "cve@mitre.org" + }, + { + "url": "https://www.spinics.net/lists/ceph-devel/msg57909.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44469.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44469.json new file mode 100644 index 00000000000..a49034de451 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44469.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-44469", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-29T07:15:14.073", + "lastModified": "2023-09-29T07:15:14.073", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998", + "source": "cve@mitre.org" + }, + { + "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/releases/v2.17.1", + "source": "cve@mitre.org" + }, + { + "url": "https://security.lauritz-holtmann.de/post/sso-security-ssrf/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4532.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4532.json new file mode 100644 index 00000000000..5cd4b6fb1ea --- /dev/null +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4532.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4532", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-29T07:15:14.200", + "lastModified": "2023-09-29T07:15:14.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/423357", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2084199", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4e7b3b320c3..cba538247b3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-29T06:00:24.686342+00:00 +2023-09-29T08:00:26.836881+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-29T05:15:46.757000+00:00 +2023-09-29T07:15:14.200000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226563 +226575 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `12` -* [CVE-2023-26146](CVE-2023/CVE-2023-261xx/CVE-2023-26146.json) (`2023-09-29T05:15:46.540`) -* [CVE-2023-26147](CVE-2023/CVE-2023-261xx/CVE-2023-26147.json) (`2023-09-29T05:15:46.630`) -* [CVE-2023-26148](CVE-2023/CVE-2023-261xx/CVE-2023-26148.json) (`2023-09-29T05:15:46.693`) -* [CVE-2023-44464](CVE-2023/CVE-2023-444xx/CVE-2023-44464.json) (`2023-09-29T05:15:46.757`) +* [CVE-2023-30591](CVE-2023/CVE-2023-305xx/CVE-2023-30591.json) (`2023-09-29T06:15:09.870`) +* [CVE-2023-44466](CVE-2023/CVE-2023-444xx/CVE-2023-44466.json) (`2023-09-29T06:15:11.007`) +* [CVE-2023-0989](CVE-2023/CVE-2023-09xx/CVE-2023-0989.json) (`2023-09-29T07:15:12.520`) +* [CVE-2023-2233](CVE-2023/CVE-2023-22xx/CVE-2023-2233.json) (`2023-09-29T07:15:12.927`) +* [CVE-2023-3115](CVE-2023/CVE-2023-31xx/CVE-2023-3115.json) (`2023-09-29T07:15:13.100`) +* [CVE-2023-3906](CVE-2023/CVE-2023-39xx/CVE-2023-3906.json) (`2023-09-29T07:15:13.233`) +* [CVE-2023-3914](CVE-2023/CVE-2023-39xx/CVE-2023-3914.json) (`2023-09-29T07:15:13.380`) +* [CVE-2023-3917](CVE-2023/CVE-2023-39xx/CVE-2023-3917.json) (`2023-09-29T07:15:13.557`) +* [CVE-2023-3920](CVE-2023/CVE-2023-39xx/CVE-2023-3920.json) (`2023-09-29T07:15:13.777`) +* [CVE-2023-3979](CVE-2023/CVE-2023-39xx/CVE-2023-3979.json) (`2023-09-29T07:15:13.910`) +* [CVE-2023-44469](CVE-2023/CVE-2023-444xx/CVE-2023-44469.json) (`2023-09-29T07:15:14.073`) +* [CVE-2023-4532](CVE-2023/CVE-2023-45xx/CVE-2023-4532.json) (`2023-09-29T07:15:14.200`) ### CVEs modified in the last Commit -Recently modified CVEs: `42` +Recently modified CVEs: `0` -* [CVE-2023-43662](CVE-2023/CVE-2023-436xx/CVE-2023-43662.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-43739](CVE-2023/CVE-2023-437xx/CVE-2023-43739.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-44163](CVE-2023/CVE-2023-441xx/CVE-2023-44163.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-44164](CVE-2023/CVE-2023-441xx/CVE-2023-44164.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-44165](CVE-2023/CVE-2023-441xx/CVE-2023-44165.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-44166](CVE-2023/CVE-2023-441xx/CVE-2023-44166.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-44167](CVE-2023/CVE-2023-441xx/CVE-2023-44167.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-44168](CVE-2023/CVE-2023-441xx/CVE-2023-44168.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-44174](CVE-2023/CVE-2023-441xx/CVE-2023-44174.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-43654](CVE-2023/CVE-2023-436xx/CVE-2023-43654.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-3775](CVE-2023/CVE-2023-37xx/CVE-2023-3775.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-5077](CVE-2023/CVE-2023-50xx/CVE-2023-5077.json) (`2023-09-29T04:19:01.990`) -* [CVE-2023-40409](CVE-2023/CVE-2023-404xx/CVE-2023-40409.json) (`2023-09-29T04:28:38.197`) -* [CVE-2023-40434](CVE-2023/CVE-2023-404xx/CVE-2023-40434.json) (`2023-09-29T04:28:58.020`) -* [CVE-2023-40441](CVE-2023/CVE-2023-404xx/CVE-2023-40441.json) (`2023-09-29T04:29:16.200`) -* [CVE-2023-40455](CVE-2023/CVE-2023-404xx/CVE-2023-40455.json) (`2023-09-29T04:29:27.077`) -* [CVE-2023-43860](CVE-2023/CVE-2023-438xx/CVE-2023-43860.json) (`2023-09-29T04:32:19.887`) -* [CVE-2023-43861](CVE-2023/CVE-2023-438xx/CVE-2023-43861.json) (`2023-09-29T04:32:26.513`) -* [CVE-2023-43862](CVE-2023/CVE-2023-438xx/CVE-2023-43862.json) (`2023-09-29T04:32:29.750`) -* [CVE-2023-43863](CVE-2023/CVE-2023-438xx/CVE-2023-43863.json) (`2023-09-29T04:32:32.697`) -* [CVE-2023-43864](CVE-2023/CVE-2023-438xx/CVE-2023-43864.json) (`2023-09-29T04:32:35.077`) -* [CVE-2023-43865](CVE-2023/CVE-2023-438xx/CVE-2023-43865.json) (`2023-09-29T04:32:37.927`) -* [CVE-2023-43866](CVE-2023/CVE-2023-438xx/CVE-2023-43866.json) (`2023-09-29T04:32:39.893`) -* [CVE-2023-43867](CVE-2023/CVE-2023-438xx/CVE-2023-43867.json) (`2023-09-29T04:32:42.783`) -* [CVE-2023-43868](CVE-2023/CVE-2023-438xx/CVE-2023-43868.json) (`2023-09-29T04:32:45.993`) ## Download and Usage