From bc421197f7cbead2e9e7c499c3bb8c498ae52d83 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 19 Jun 2024 20:03:12 +0000 Subject: [PATCH] Auto-Update: 2024-06-19T20:00:19.790114+00:00 --- CVE-2024/CVE-2024-361xx/CVE-2024-36115.json | 67 +++++++++++++++++++++ CVE-2024/CVE-2024-361xx/CVE-2024-36116.json | 63 +++++++++++++++++++ CVE-2024/CVE-2024-361xx/CVE-2024-36117.json | 55 +++++++++++++++++ CVE-2024/CVE-2024-383xx/CVE-2024-38352.json | 15 +++++ CVE-2024/CVE-2024-43xx/CVE-2024-4369.json | 6 +- README.md | 16 +++-- _state.csv | 8 ++- 7 files changed, 221 insertions(+), 9 deletions(-) create mode 100644 CVE-2024/CVE-2024-361xx/CVE-2024-36115.json create mode 100644 CVE-2024/CVE-2024-361xx/CVE-2024-36116.json create mode 100644 CVE-2024/CVE-2024-361xx/CVE-2024-36117.json create mode 100644 CVE-2024/CVE-2024-383xx/CVE-2024-38352.json diff --git a/CVE-2024/CVE-2024-361xx/CVE-2024-36115.json b/CVE-2024/CVE-2024-361xx/CVE-2024-36115.json new file mode 100644 index 00000000000..ffb8fee48d4 --- /dev/null +++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36115.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-36115", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-06-19T18:15:10.597", + "lastModified": "2024-06-19T18:15:10.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in the fact that the artifact's content is served via the same origin (protocol/host/port) as the Admin UI. If the artifact contains HTML content with javascript inside, the javascript is executed within the same origin. Therefore, if an authenticated user is viewing the artifacts content, the javascript inside can access the browser's local storage where the user's password (aka 'token-secret') is stored. It is especially dangerous in scenarios where Reposilite is configured to mirror third party repositories, like the Maven Central Repository. Since anyone can publish an artifact to Maven Central under its own name, such malicious packages can be used to attack the Reposilite instance. This issue may lead to the full Reposilite instance compromise. If this attack is performed against the admin user, it's possible to use the admin API to modify settings and artifacts on the instance. In the worst case scenario, an attacker would be able to obtain the Remote code execution on all systems that use artifacts from Reposilite. It's important to note that the attacker does not need to lure a victim user to use a malicious artifact, but just open a link in the browser. This link can be silently loaded among the other HTML content, making this attack unnoticeable. Even if the Reposilite instance is located in an isolated environment, such as behind a VPN or in the local network, this attack is still possible as it can be performed from the admin browser. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-072." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dzikoysk/reposilite/commit/279a472015ec675c1da449d902dc82e4dd578484", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dzikoysk/reposilite/commit/d11609f427aba255e0f6f54b1105d5d20ab043cf", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-9w8w-34vr-65j2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-361xx/CVE-2024-36116.json b/CVE-2024/CVE-2024-361xx/CVE-2024-36116.json new file mode 100644 index 00000000000..0d1f14e2f38 --- /dev/null +++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36116.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-36116", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-06-19T18:15:10.910", + "lastModified": "2024-06-19T18:15:10.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server's file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as '/../../../anything.txt', so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the '$workspace$/plugins' directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-361xx/CVE-2024-36117.json b/CVE-2024/CVE-2024-361xx/CVE-2024-36117.json new file mode 100644 index 00000000000..7cdcf67269e --- /dev/null +++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36117.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-36117", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-06-19T18:15:11.220", + "lastModified": "2024-06-19T18:15:11.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38352.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38352.json new file mode 100644 index 00000000000..489806cc825 --- /dev/null +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38352.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2024-38352", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-06-19T18:15:11.507", + "lastModified": "2024-06-19T18:15:11.507", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: CVE was assigned in error." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4369.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4369.json index 94486ed8e7c..f4d252c9078 100644 --- a/CVE-2024/CVE-2024-43xx/CVE-2024-4369.json +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4369.json @@ -2,7 +2,7 @@ "id": "CVE-2024-4369", "sourceIdentifier": "secalert@redhat.com", "published": "2024-05-01T00:15:06.890", - "lastModified": "2024-06-19T06:15:11.227", + "lastModified": "2024-06-19T18:15:11.820", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:3881", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:3889", "source": "secalert@redhat.com" diff --git a/README.md b/README.md index c30c4650cb6..1395cd8fde2 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-19T18:00:18.503584+00:00 +2024-06-19T20:00:19.790114+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-19T17:15:57.863000+00:00 +2024-06-19T18:15:11.820000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -254596 +254600 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `4` -- [CVE-2024-32030](CVE-2024/CVE-2024-320xx/CVE-2024-32030.json) (`2024-06-19T17:15:57.863`) +- [CVE-2024-36115](CVE-2024/CVE-2024-361xx/CVE-2024-36115.json) (`2024-06-19T18:15:10.597`) +- [CVE-2024-36116](CVE-2024/CVE-2024-361xx/CVE-2024-36116.json) (`2024-06-19T18:15:10.910`) +- [CVE-2024-36117](CVE-2024/CVE-2024-361xx/CVE-2024-36117.json) (`2024-06-19T18:15:11.220`) +- [CVE-2024-38352](CVE-2024/CVE-2024-383xx/CVE-2024-38352.json) (`2024-06-19T18:15:11.507`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-4369](CVE-2024/CVE-2024-43xx/CVE-2024-4369.json) (`2024-06-19T18:15:11.820`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8fdf1d5269f..d29e3f0fd16 100644 --- a/_state.csv +++ b/_state.csv @@ -249855,7 +249855,7 @@ CVE-2024-32027,0,0,5f3c09d170bbd26a1e397a298c9a92805316ba30164f013dc8cd02f515dcd CVE-2024-32028,0,0,a16d36bcfaa5cccbb6282aecd03e18b80c66f8151e3c2f08a8edd43b521f9227,2024-04-15T13:15:31.997000 CVE-2024-32029,0,0,1e834dc3a71ee261fc468b623f57a7d125b56bad8bd02c617d5a0b814be0d9b3,2024-05-30T16:15:10.050000 CVE-2024-3203,0,0,5eb7ad499de8259c7320c0effe5b5c52900c8ef3ec49c4b6655249cca33556b2,2024-05-17T02:39:46.670000 -CVE-2024-32030,1,1,fd0b78de9a3262b9c8f29bead6cae209f5e2258b9ecfd9525e4f9a70cbf64a74,2024-06-19T17:15:57.863000 +CVE-2024-32030,0,0,fd0b78de9a3262b9c8f29bead6cae209f5e2258b9ecfd9525e4f9a70cbf64a74,2024-06-19T17:15:57.863000 CVE-2024-32035,0,0,9f9419e7b7ca688ca6c807b99c4196d3fdd26d305c290e1d723cf412a79167b9,2024-04-16T13:24:07.103000 CVE-2024-32036,0,0,4358f457ff05e2fb3005eccdac6fca8cb869be3ffa209c190e441f2c4aed7dbe,2024-04-16T23:15:09.173000 CVE-2024-32038,0,0,02c9bf2213ac1ff691fd8ed35a9ee3f7c3440196b5d0ceb851835e775a533fbd,2024-04-19T16:19:49.043000 @@ -252301,6 +252301,9 @@ CVE-2024-3611,0,0,b6a9e7e031fc264aaf6cc25eb2de4637a54a3c74ff1ad6ab29710fbea0fb99 CVE-2024-36110,0,0,60de6d063a43c2488fb7938eb212a9d443b4f1b9215af12070cdde5c64f618d1,2024-05-29T13:02:09.280000 CVE-2024-36112,0,0,fd8205b7c79aea233d5b23b835a6806c74e0d450d4ed81f7488de46ba99ce9ca,2024-05-29T13:02:09.280000 CVE-2024-36114,0,0,cd6667af901bf4e55598a9890cfbf772045b36365134bac1827f2ee46e0e9bfd,2024-05-30T13:15:41.297000 +CVE-2024-36115,1,1,77ffb340facd4eb973eac52381e2f6a69c57f16112d9a1e9c8a11631b93721bf,2024-06-19T18:15:10.597000 +CVE-2024-36116,1,1,97d02985e00df6f7d772ee84aa2631c7ca3d05edfa8f47e4715c606bf2662bd4,2024-06-19T18:15:10.910000 +CVE-2024-36117,1,1,3a38fcb17cdffee17f9ebc04549ce42d49dd9d7c61932ea40dda2b103f15627b,2024-06-19T18:15:11.220000 CVE-2024-36118,0,0,33d8fbf029e8489b5c9f0a8940761bdd6087754b4000c59931582a52c8a8908f,2024-05-30T18:18:58.870000 CVE-2024-36119,0,0,df322ac6443fcc8a013c93b7e5a35f3678792028e0c0bb1f44fa863251664f98,2024-05-31T13:01:46.727000 CVE-2024-3612,0,0,d6528427cbb589467c111cbd40a18dd09640d3302d8baf887860f351407e958e,2024-05-17T02:40:01.520000 @@ -253033,6 +253036,7 @@ CVE-2024-3834,0,0,a6e69ceb5a64ba9dfba23cdfa4c02e2549bf746772815229f9a627159689f7 CVE-2024-38347,0,0,1db5df6f7760b01b56d52993df383797c5f4798c0cdb9cb68f64a4daf639125b,2024-06-18T17:15:52.583000 CVE-2024-38348,0,0,94cbfe55a7243d30de59c6d5a0b267d7b83aa88d8592807a6edbb2ea3d15f4b0,2024-06-18T17:15:52.677000 CVE-2024-38351,0,0,e713168365103b037ea0e97b0ff1c8370226a2ff3430694f8a53a77f591bce4f,2024-06-18T17:15:52.777000 +CVE-2024-38352,1,1,13a6e81e4d4d40a0591843c161ee638c75aac348990bf4d2603a4c2fb8cf2a30,2024-06-19T18:15:11.507000 CVE-2024-3837,0,0,5046b04f6fff161407832d91f839d6c01f3dcf30bcf75f620bfd7221b5de1c27,2024-05-03T03:16:29.010000 CVE-2024-3838,0,0,bd55ca068ebe4472845bce1f3d037932d27279da54b129864c942318cbf6c399,2024-04-23T18:15:15.410000 CVE-2024-3839,0,0,5078cfd1c7c68c41b30fd8b0c9c6a095120ec81bc8166ccecb75ba3c8be530b5,2024-05-03T04:15:09.127000 @@ -253552,7 +253556,7 @@ CVE-2024-4365,0,0,9806433296206bcec148d9648ab2fc91142327d17ef07e64e0ad9e5ff3907a CVE-2024-4366,0,0,c04cea9d73579a737d5c3d200547b1e50e3a1d3ac8e5c0e3a1d88c878c2e9d6a,2024-05-24T13:03:05.093000 CVE-2024-4367,0,0,c21edbb80531231ffca1d343d0a559592c99f935f8e88145cc03f35a6a006b04,2024-06-10T17:16:33.380000 CVE-2024-4368,0,0,e238366009859277dd7e92e4325028250a78f7d3fa28b20672c01083b2417648,2024-06-10T18:15:36.693000 -CVE-2024-4369,0,0,750c540dee2d4c40a38f06990cf466b3dc0fe3843b58e99a1d691067211642f2,2024-06-19T06:15:11.227000 +CVE-2024-4369,0,1,50920fdcee19aa19b0b40029a8eb79df3e2175cd7214593e13e1ad35efa56c2f,2024-06-19T18:15:11.820000 CVE-2024-4370,0,0,069da1b0ae5c656e192af67776d4fb05a1e574a802cd3af79b4e6cc7490b0dbc,2024-05-15T16:40:19.330000 CVE-2024-4371,0,0,6cec3438f9da16aaaf81036d5252f279057c04fa33a9a5b8c9aee6667c7b57b7,2024-06-13T18:35:19.777000 CVE-2024-4372,0,0,88e318f3c277cb3db68d033332d7a1ea039944347227497506fc7085644cb64e,2024-05-21T12:37:59.687000