From b3eaf117ef399868a65cb456e067feafc41c05af Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 30 Sep 2023 10:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-30T10:00:24.920815+00:00 --- CVE-2023/CVE-2023-52xx/CVE-2023-5207.json | 63 +++++++++++++++++++++++ README.md | 12 ++--- 2 files changed, 68 insertions(+), 7 deletions(-) create mode 100644 CVE-2023/CVE-2023-52xx/CVE-2023-5207.json diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5207.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5207.json new file mode 100644 index 00000000000..3e1e2fabde6 --- /dev/null +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5207.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5207", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-09-30T09:15:14.933", + "lastModified": "2023-09-30T09:15:14.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425604", + "source": "cve@gitlab.com" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/425857", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2174141", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9d96bdc6f2b..7c1650f40cc 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-30T08:00:25.401743+00:00 +2023-09-30T10:00:24.920815+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-30T06:15:11.483000+00:00 +2023-09-30T09:15:14.933000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226656 +226657 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -* [CVE-2023-5298](CVE-2023/CVE-2023-52xx/CVE-2023-5298.json) (`2023-09-30T06:15:11.483`) +* [CVE-2023-5207](CVE-2023/CVE-2023-52xx/CVE-2023-5207.json) (`2023-09-30T09:15:14.933`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-09-30T06:15:09.310`) -* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-09-30T06:15:10.963`) ## Download and Usage