Auto-Update: 2023-06-15T06:00:29.917237+00:00

2025-07-09 16:05:11 +00:00 · 2023-06-15 06:00:33 +00:00 · 2023-06-15 06:00:33 +00:00 · 9be900a5ac
commit 9be900a5ac
parent 82ffc3d3d6
5 changed files with 229 additions and 14 deletions
--- a/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2270.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-2270",
+  "sourceIdentifier": "psirt@netskope.com",
+  "published": "2023-06-15T05:15:09.773",
+  "lastModified": "2023-06-15T05:15:09.773",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@netskope.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@netskope.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001",
+      "source": "psirt@netskope.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3193.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3193",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2023-06-15T04:15:34.727",
+  "lastModified": "2023-06-15T04:15:34.727",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193",
+      "source": "security@liferay.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35029.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-35029",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2023-06-15T04:15:34.513",
+  "lastModified": "2023-06-15T04:15:34.513",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-601"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35029",
+      "source": "security@liferay.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35030.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-35030",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2023-06-15T05:15:09.857",
+  "lastModified": "2023-06-15T05:15:09.857",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35030",
+      "source": "security@liferay.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-15T04:00:35.376240+00:00
+2023-06-15T06:00:29.917237+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-15T03:15:10.253000+00:00
+2023-06-15T05:15:09.857000+00:00
 ```

 ### Last Data Feed Release
@ -29,28 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-217803
+217807
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `6`
+Recently added CVEs: `4`

-* [CVE-2022-33159](CVE-2022/CVE-2022-331xx/CVE-2022-33159.json) (`2023-06-15T02:15:09.240`)
-* [CVE-2022-33163](CVE-2022/CVE-2022-331xx/CVE-2022-33163.json) (`2023-06-15T02:15:09.313`)
-* [CVE-2022-33168](CVE-2022/CVE-2022-331xx/CVE-2022-33168.json) (`2023-06-15T02:15:09.377`)
-* [CVE-2022-32752](CVE-2022/CVE-2022-327xx/CVE-2022-32752.json) (`2023-06-15T03:15:09.873`)
-* [CVE-2022-32757](CVE-2022/CVE-2022-327xx/CVE-2022-32757.json) (`2023-06-15T03:15:09.950`)
-* [CVE-2022-33166](CVE-2022/CVE-2022-331xx/CVE-2022-33166.json) (`2023-06-15T03:15:10.020`)
+* [CVE-2023-35029](CVE-2023/CVE-2023-350xx/CVE-2023-35029.json) (`2023-06-15T04:15:34.513`)
+* [CVE-2023-3193](CVE-2023/CVE-2023-31xx/CVE-2023-3193.json) (`2023-06-15T04:15:34.727`)
+* [CVE-2023-2270](CVE-2023/CVE-2023-22xx/CVE-2023-2270.json) (`2023-06-15T05:15:09.773`)
+* [CVE-2023-35030](CVE-2023/CVE-2023-350xx/CVE-2023-35030.json) (`2023-06-15T05:15:09.857`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `3`
+Recently modified CVEs: `0`

-* [CVE-2020-15225](CVE-2020/CVE-2020-152xx/CVE-2020-15225.json) (`2023-06-15T03:15:09.710`)
-* [CVE-2023-32573](CVE-2023/CVE-2023-325xx/CVE-2023-32573.json) (`2023-06-15T03:15:10.127`)
-* [CVE-2023-34410](CVE-2023/CVE-2023-344xx/CVE-2023-34410.json) (`2023-06-15T03:15:10.253`)


 ## Download and Usage