Auto-Update: 2024-06-19T20:00:19.790114+00:00

2025-07-09 16:05:11 +00:00 · 2024-06-19 20:03:12 +00:00 · 2024-06-19 20:03:12 +00:00 · bc421197f7
commit bc421197f7
parent 0a78ef19f3
7 changed files with 221 additions and 9 deletions
--- a/CVE-2024/CVE-2024-361xx/CVE-2024-36115.json
+++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36115.json
@ -0,0 +1,67 @@
+{
+  "id": "CVE-2024-36115",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-06-19T18:15:10.597",
+  "lastModified": "2024-06-19T18:15:10.597",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in the fact that the artifact's content is served via the same origin (protocol/host/port) as the Admin UI. If the artifact contains HTML content with javascript inside, the javascript is executed within the same origin. Therefore, if an authenticated user is viewing the artifacts content, the javascript inside can access the browser's local storage where the user's password (aka 'token-secret') is stored. It is especially dangerous in scenarios where Reposilite is configured to mirror third party repositories, like the Maven Central Repository. Since anyone can publish an artifact to Maven Central under its own name, such malicious packages can be used to attack the Reposilite instance. This issue may lead to the full Reposilite instance compromise. If this attack is performed against the admin user, it's possible to use the admin API to modify settings and artifacts on the instance. In the worst case scenario, an attacker would be able to obtain the Remote code execution on all systems that use artifacts from Reposilite. It's important to note that the attacker does not need to lure a victim user to use a malicious artifact, but just open a link in the browser. This link can be silently loaded among the other HTML content, making this attack unnoticeable. Even if the Reposilite instance is located in an isolated environment, such as behind a VPN or in the local network, this attack is still possible as it can be performed from the admin browser. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-072."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/dzikoysk/reposilite/commit/279a472015ec675c1da449d902dc82e4dd578484",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/dzikoysk/reposilite/commit/d11609f427aba255e0f6f54b1105d5d20ab043cf",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-9w8w-34vr-65j2",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-361xx/CVE-2024-36116.json
+++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36116.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-36116",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-06-19T18:15:10.910",
+  "lastModified": "2024-06-19T18:15:10.910",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server's file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as '/../../../anything.txt', so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the '$workspace$/plugins' directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-361xx/CVE-2024-36117.json
+++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36117.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-36117",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-06-19T18:15:11.220",
+  "lastModified": "2024-06-19T18:15:11.220",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-383xx/CVE-2024-38352.json
+++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38352.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2024-38352",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-06-19T18:15:11.507",
+  "lastModified": "2024-06-19T18:15:11.507",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: CVE was assigned in error."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2024/CVE-2024-43xx/CVE-2024-4369.json
+++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4369.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-4369",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-05-01T00:15:06.890",
-  "lastModified": "2024-06-19T06:15:11.227",
+  "lastModified": "2024-06-19T18:15:11.820",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -51,6 +51,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:3881",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2024:3889",
      "source": "secalert@redhat.com"
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-19T18:00:18.503584+00:00
+2024-06-19T20:00:19.790114+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-19T17:15:57.863000+00:00
+2024-06-19T18:15:11.820000+00:00
 ```

 ### Last Data Feed Release
@ -33,20 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-254596
+254600
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `4`

- [CVE-2024-32030](CVE-2024/CVE-2024-320xx/CVE-2024-32030.json) (`2024-06-19T17:15:57.863`)
+- [CVE-2024-36115](CVE-2024/CVE-2024-361xx/CVE-2024-36115.json) (`2024-06-19T18:15:10.597`)
+- [CVE-2024-36116](CVE-2024/CVE-2024-361xx/CVE-2024-36116.json) (`2024-06-19T18:15:10.910`)
+- [CVE-2024-36117](CVE-2024/CVE-2024-361xx/CVE-2024-36117.json) (`2024-06-19T18:15:11.220`)
+- [CVE-2024-38352](CVE-2024/CVE-2024-383xx/CVE-2024-38352.json) (`2024-06-19T18:15:11.507`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2024-4369](CVE-2024/CVE-2024-43xx/CVE-2024-4369.json) (`2024-06-19T18:15:11.820`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -249855,7 +249855,7 @@ CVE-2024-32027,0,0,5f3c09d170bbd26a1e397a298c9a92805316ba30164f013dc8cd02f515dcd
 CVE-2024-32028,0,0,a16d36bcfaa5cccbb6282aecd03e18b80c66f8151e3c2f08a8edd43b521f9227,2024-04-15T13:15:31.997000
 CVE-2024-32029,0,0,1e834dc3a71ee261fc468b623f57a7d125b56bad8bd02c617d5a0b814be0d9b3,2024-05-30T16:15:10.050000
 CVE-2024-3203,0,0,5eb7ad499de8259c7320c0effe5b5c52900c8ef3ec49c4b6655249cca33556b2,2024-05-17T02:39:46.670000
-CVE-2024-32030,1,1,fd0b78de9a3262b9c8f29bead6cae209f5e2258b9ecfd9525e4f9a70cbf64a74,2024-06-19T17:15:57.863000
+CVE-2024-32030,0,0,fd0b78de9a3262b9c8f29bead6cae209f5e2258b9ecfd9525e4f9a70cbf64a74,2024-06-19T17:15:57.863000
 CVE-2024-32035,0,0,9f9419e7b7ca688ca6c807b99c4196d3fdd26d305c290e1d723cf412a79167b9,2024-04-16T13:24:07.103000
 CVE-2024-32036,0,0,4358f457ff05e2fb3005eccdac6fca8cb869be3ffa209c190e441f2c4aed7dbe,2024-04-16T23:15:09.173000
 CVE-2024-32038,0,0,02c9bf2213ac1ff691fd8ed35a9ee3f7c3440196b5d0ceb851835e775a533fbd,2024-04-19T16:19:49.043000
@ -252301,6 +252301,9 @@ CVE-2024-3611,0,0,b6a9e7e031fc264aaf6cc25eb2de4637a54a3c74ff1ad6ab29710fbea0fb99
 CVE-2024-36110,0,0,60de6d063a43c2488fb7938eb212a9d443b4f1b9215af12070cdde5c64f618d1,2024-05-29T13:02:09.280000
 CVE-2024-36112,0,0,fd8205b7c79aea233d5b23b835a6806c74e0d450d4ed81f7488de46ba99ce9ca,2024-05-29T13:02:09.280000
 CVE-2024-36114,0,0,cd6667af901bf4e55598a9890cfbf772045b36365134bac1827f2ee46e0e9bfd,2024-05-30T13:15:41.297000
+CVE-2024-36115,1,1,77ffb340facd4eb973eac52381e2f6a69c57f16112d9a1e9c8a11631b93721bf,2024-06-19T18:15:10.597000
+CVE-2024-36116,1,1,97d02985e00df6f7d772ee84aa2631c7ca3d05edfa8f47e4715c606bf2662bd4,2024-06-19T18:15:10.910000
+CVE-2024-36117,1,1,3a38fcb17cdffee17f9ebc04549ce42d49dd9d7c61932ea40dda2b103f15627b,2024-06-19T18:15:11.220000
 CVE-2024-36118,0,0,33d8fbf029e8489b5c9f0a8940761bdd6087754b4000c59931582a52c8a8908f,2024-05-30T18:18:58.870000
 CVE-2024-36119,0,0,df322ac6443fcc8a013c93b7e5a35f3678792028e0c0bb1f44fa863251664f98,2024-05-31T13:01:46.727000
 CVE-2024-3612,0,0,d6528427cbb589467c111cbd40a18dd09640d3302d8baf887860f351407e958e,2024-05-17T02:40:01.520000
@ -253033,6 +253036,7 @@ CVE-2024-3834,0,0,a6e69ceb5a64ba9dfba23cdfa4c02e2549bf746772815229f9a627159689f7
 CVE-2024-38347,0,0,1db5df6f7760b01b56d52993df383797c5f4798c0cdb9cb68f64a4daf639125b,2024-06-18T17:15:52.583000
 CVE-2024-38348,0,0,94cbfe55a7243d30de59c6d5a0b267d7b83aa88d8592807a6edbb2ea3d15f4b0,2024-06-18T17:15:52.677000
 CVE-2024-38351,0,0,e713168365103b037ea0e97b0ff1c8370226a2ff3430694f8a53a77f591bce4f,2024-06-18T17:15:52.777000
+CVE-2024-38352,1,1,13a6e81e4d4d40a0591843c161ee638c75aac348990bf4d2603a4c2fb8cf2a30,2024-06-19T18:15:11.507000
 CVE-2024-3837,0,0,5046b04f6fff161407832d91f839d6c01f3dcf30bcf75f620bfd7221b5de1c27,2024-05-03T03:16:29.010000
 CVE-2024-3838,0,0,bd55ca068ebe4472845bce1f3d037932d27279da54b129864c942318cbf6c399,2024-04-23T18:15:15.410000
 CVE-2024-3839,0,0,5078cfd1c7c68c41b30fd8b0c9c6a095120ec81bc8166ccecb75ba3c8be530b5,2024-05-03T04:15:09.127000
@ -253552,7 +253556,7 @@ CVE-2024-4365,0,0,9806433296206bcec148d9648ab2fc91142327d17ef07e64e0ad9e5ff3907a
 CVE-2024-4366,0,0,c04cea9d73579a737d5c3d200547b1e50e3a1d3ac8e5c0e3a1d88c878c2e9d6a,2024-05-24T13:03:05.093000
 CVE-2024-4367,0,0,c21edbb80531231ffca1d343d0a559592c99f935f8e88145cc03f35a6a006b04,2024-06-10T17:16:33.380000
 CVE-2024-4368,0,0,e238366009859277dd7e92e4325028250a78f7d3fa28b20672c01083b2417648,2024-06-10T18:15:36.693000
-CVE-2024-4369,0,0,750c540dee2d4c40a38f06990cf466b3dc0fe3843b58e99a1d691067211642f2,2024-06-19T06:15:11.227000
+CVE-2024-4369,0,1,50920fdcee19aa19b0b40029a8eb79df3e2175cd7214593e13e1ad35efa56c2f,2024-06-19T18:15:11.820000
 CVE-2024-4370,0,0,069da1b0ae5c656e192af67776d4fb05a1e574a802cd3af79b4e6cc7490b0dbc,2024-05-15T16:40:19.330000
 CVE-2024-4371,0,0,6cec3438f9da16aaaf81036d5252f279057c04fa33a9a5b8c9aee6667c7b57b7,2024-06-13T18:35:19.777000
 CVE-2024-4372,0,0,88e318f3c277cb3db68d033332d7a1ea039944347227497506fc7085644cb64e,2024-05-21T12:37:59.687000