admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-23T16:00:27.253113+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-23 16:00:30 +00:00
parent 87e5698245
commit c6df2ed809
26 changed files with 773 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-476xx/CVE-2022-47614.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47614",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-23T15:15:08.983",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <=\u00a03.9.7 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mstore-api/wordpress-mstore-api-plugin-3-9-7-sql-injection?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-236xx/CVE-2023-23679.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23679",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-23T15:15:09.063",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-best-help-desk-support-plugin-plugin-2-7-7-idor-leading-to-ticket-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2023/CVE-2023-259xx/CVE-2023-25978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25978",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-13T16:15:12.693",
"lastModified": "2023-06-13T16:54:51.953",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T14:42:31.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mindutopia:protected_posts_logout_button:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.5",
"matchCriteriaId": "F295D911-6760-4A7E-AC05-78277FE0EE5B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/protected-posts-logout-button/wordpress-protected-posts-logout-button-plugin-1-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-274xx/CVE-2023-27427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27427",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-23T13:15:10.130",
"lastModified": "2023-06-23T13:15:10.130",
"vulnStatus": "Received",
"lastModified": "2023-06-23T15:14:22.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

47
CVE-2023/CVE-2023-283xx/CVE-2023-28303.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28303",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-13T17:15:14.380",
"lastModified": "2023-06-13T18:27:48.060",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T14:51:07.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -34,10 +34,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:snip_\\&_sketch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0",
"versionEndExcluding": "10.2008.3001.0",
"matchCriteriaId": "661C32EB-E403-468C-8F52-0C8BE34BA9A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:snipping_tool:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.2302.20.0",
"matchCriteriaId": "29C9FAA7-38AB-43FF-ACBB-BA96E5123A62"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-287xx/CVE-2023-28751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28751",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-23T13:15:10.277",
"lastModified": "2023-06-23T13:15:10.277",
"vulnStatus": "Received",
"lastModified": "2023-06-23T15:14:22.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-291xx/CVE-2023-29100.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29100",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-23T13:15:10.350",
"lastModified": "2023-06-23T13:15:10.350",
"vulnStatus": "Received",
"lastModified": "2023-06-23T15:14:22.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

10
CVE-2023/CVE-2023-319xx/CVE-2023-31975.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-31975",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T13:15:18.590",
"lastModified": "2023-06-23T12:15:09.623",
"lastModified": "2023-06-23T15:15:09.137",
"vulnStatus": "Modified",
"descriptions": [
{
@ -120,6 +120,14 @@
"url": "http://www.openwall.com/lists/oss-security/2023/06/23/4",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/23/8",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/23/9",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yasm/yasm/issues/210",
"source": "cve@mitre.org",

4
CVE-2023/CVE-2023-325xx/CVE-2023-32580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32580",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-23T13:15:10.427",
"lastModified": "2023-06-23T13:15:10.427",
"vulnStatus": "Received",
"lastModified": "2023-06-23T15:14:22.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-335xx/CVE-2023-33515.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-33515",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-14T21:15:09.663",
"lastModified": "2023-06-14T21:27:19.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T14:58:35.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softexpert:excellence_suite:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "62D0714D-601D-42D9-8B9A-3EA87815EF4D"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@williamamorim256/stored-xss-found-in-se-suite-version-2-1-9-understanding-and-addressing-the-issue-cve-2023-33515-d59990eac324",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

4
CVE-2023/CVE-2023-33xx/CVE-2023-3302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3302",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-23T13:15:10.517",
"lastModified": "2023-06-23T13:15:10.517",
"vulnStatus": "Received",
"lastModified": "2023-06-23T15:14:22.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3303.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3303",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-23T13:15:10.587",
"lastModified": "2023-06-23T13:15:10.587",
"vulnStatus": "Received",
"lastModified": "2023-06-23T15:14:22.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3304.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3304",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-06-23T13:15:10.663",
"lastModified": "2023-06-23T13:15:10.663",
"vulnStatus": "Received",
"lastModified": "2023-06-23T15:14:22.530",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

63
CVE-2023/CVE-2023-344xx/CVE-2023-34464.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-34464",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-23T15:15:09.200",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user's rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/53e8292a31ec70fba5e1d705a4ac443658b9e6df",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp7h-f9f5-x4q7",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-20290",
"source": "security-advisories@github.com"
}
]
}

70
CVE-2023/CVE-2023-351xx/CVE-2023-35143.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-35143",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-06-14T13:15:11.957",
"lastModified": "2023-06-14T15:30:58.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T15:11:48.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:maven_repository_server:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.10",
"matchCriteriaId": "CCFFDF0D-FB5B-4926-9AAF-490CF77D6161"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/14/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3156",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-351xx/CVE-2023-35144.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-35144",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-06-14T13:15:12.013",
"lastModified": "2023-06-14T15:30:58.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T15:18:22.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:maven_repository_server:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.10",
"matchCriteriaId": "CCFFDF0D-FB5B-4926-9AAF-490CF77D6161"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/14/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2951",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-351xx/CVE-2023-35145.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-35145",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-06-14T13:15:12.067",
"lastModified": "2023-06-14T15:30:58.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T15:24:30.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:sonargraph_integration:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "5.0.1",
"matchCriteriaId": "4372E86A-2EF9-4E77-BDA0-C9E570C81FA2"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/14/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3155",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-351xx/CVE-2023-35147.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-35147",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-06-14T13:15:12.167",
"lastModified": "2023-06-14T15:30:58.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-23T15:30:53.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "3.0.12",
"matchCriteriaId": "8C6ACF0F-A36C-468E-AFBA-F0004DCC931F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/14/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3099",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-358xx/CVE-2023-35840.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35840",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-19T01:15:08.710",
"lastModified": "2023-06-20T07:12:55.493",
"lastModified": "2023-06-23T15:15:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -19,6 +19,14 @@
{
"url": "https://github.com/Studio-42/elFinder/security/advisories/GHSA-wm5g-p99q-66g4",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/afine-com/CVE-2023-35840",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-35840",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36271.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36271",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.027",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/681#BUG2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36272.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36272",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.103",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/681#BUG1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36273.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36273",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.160",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/677#BUG1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36274.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36274",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.213",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/LibreDWG/libredwg/issues/677#BUG2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36288.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36288",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.323",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-admin-dashboard-via-configure-parameter-in-QloApps-1-6-0-b6303661ac6a47e4b7a6f23cf2818a52?pvs=4",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-362xx/CVE-2023-36289.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-36289",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T15:15:10.537",
"lastModified": "2023-06-23T15:49:09.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-POST-Request-via-email_create-and-back-parameter-in-QloApps-1-6-0-e05548203d744daf9047d82fc94b19b7?pvs=4",
"source": "cve@mitre.org"
}
]
}

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-23T14:00:26.879408+00:00
2023-06-23T16:00:27.253113+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-23T13:55:51.820000+00:00
2023-06-23T15:49:09.940000+00:00
```
### Last Data Feed Release
@ -29,59 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218372
218381
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `9`
* [CVE-2023-28065](CVE-2023/CVE-2023-280xx/CVE-2023-28065.json) (`2023-06-23T12:15:09.340`)
* [CVE-2023-29860](CVE-2023/CVE-2023-298xx/CVE-2023-29860.json) (`2023-06-23T12:15:09.420`)
* [CVE-2023-30258](CVE-2023/CVE-2023-302xx/CVE-2023-30258.json) (`2023-06-23T12:15:09.473`)
* [CVE-2023-30260](CVE-2023/CVE-2023-302xx/CVE-2023-30260.json) (`2023-06-23T12:15:09.520`)
* [CVE-2023-30362](CVE-2023/CVE-2023-303xx/CVE-2023-30362.json) (`2023-06-23T12:15:09.573`)
* [CVE-2023-34012](CVE-2023/CVE-2023-340xx/CVE-2023-34012.json) (`2023-06-23T12:15:09.687`)
* [CVE-2023-34021](CVE-2023/CVE-2023-340xx/CVE-2023-34021.json) (`2023-06-23T12:15:09.760`)
* [CVE-2023-35048](CVE-2023/CVE-2023-350xx/CVE-2023-35048.json) (`2023-06-23T12:15:09.833`)
* [CVE-2023-27427](CVE-2023/CVE-2023-274xx/CVE-2023-27427.json) (`2023-06-23T13:15:10.130`)
* [CVE-2023-28751](CVE-2023/CVE-2023-287xx/CVE-2023-28751.json) (`2023-06-23T13:15:10.277`)
* [CVE-2023-29100](CVE-2023/CVE-2023-291xx/CVE-2023-29100.json) (`2023-06-23T13:15:10.350`)
* [CVE-2023-32580](CVE-2023/CVE-2023-325xx/CVE-2023-32580.json) (`2023-06-23T13:15:10.427`)
* [CVE-2023-3302](CVE-2023/CVE-2023-33xx/CVE-2023-3302.json) (`2023-06-23T13:15:10.517`)
* [CVE-2023-3303](CVE-2023/CVE-2023-33xx/CVE-2023-3303.json) (`2023-06-23T13:15:10.587`)
* [CVE-2023-3304](CVE-2023/CVE-2023-33xx/CVE-2023-3304.json) (`2023-06-23T13:15:10.663`)
* [CVE-2022-47614](CVE-2022/CVE-2022-476xx/CVE-2022-47614.json) (`2023-06-23T15:15:08.983`)
* [CVE-2023-23679](CVE-2023/CVE-2023-236xx/CVE-2023-23679.json) (`2023-06-23T15:15:09.063`)
* [CVE-2023-34464](CVE-2023/CVE-2023-344xx/CVE-2023-34464.json) (`2023-06-23T15:15:09.200`)
* [CVE-2023-36271](CVE-2023/CVE-2023-362xx/CVE-2023-36271.json) (`2023-06-23T15:15:10.027`)
* [CVE-2023-36272](CVE-2023/CVE-2023-362xx/CVE-2023-36272.json) (`2023-06-23T15:15:10.103`)
* [CVE-2023-36273](CVE-2023/CVE-2023-362xx/CVE-2023-36273.json) (`2023-06-23T15:15:10.160`)
* [CVE-2023-36274](CVE-2023/CVE-2023-362xx/CVE-2023-36274.json) (`2023-06-23T15:15:10.213`)
* [CVE-2023-36288](CVE-2023/CVE-2023-362xx/CVE-2023-36288.json) (`2023-06-23T15:15:10.323`)
* [CVE-2023-36289](CVE-2023/CVE-2023-362xx/CVE-2023-36289.json) (`2023-06-23T15:15:10.537`)
### CVEs modified in the last Commit
Recently modified CVEs: `83`
Recently modified CVEs: `16`
* [CVE-2023-28799](CVE-2023/CVE-2023-287xx/CVE-2023-28799.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-28800](CVE-2023/CVE-2023-288xx/CVE-2023-28800.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-2989](CVE-2023/CVE-2023-29xx/CVE-2023-2989.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-2990](CVE-2023/CVE-2023-29xx/CVE-2023-2990.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-2991](CVE-2023/CVE-2023-29xx/CVE-2023-2991.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-32571](CVE-2023/CVE-2023-325xx/CVE-2023-32571.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-36354](CVE-2023/CVE-2023-363xx/CVE-2023-36354.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-36355](CVE-2023/CVE-2023-363xx/CVE-2023-36355.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-36356](CVE-2023/CVE-2023-363xx/CVE-2023-36356.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-36357](CVE-2023/CVE-2023-363xx/CVE-2023-36357.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-36358](CVE-2023/CVE-2023-363xx/CVE-2023-36358.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-36359](CVE-2023/CVE-2023-363xx/CVE-2023-36359.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-28094](CVE-2023/CVE-2023-280xx/CVE-2023-28094.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-30347](CVE-2023/CVE-2023-303xx/CVE-2023-30347.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-32320](CVE-2023/CVE-2023-323xx/CVE-2023-32320.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-34553](CVE-2023/CVE-2023-345xx/CVE-2023-34553.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-35131](CVE-2023/CVE-2023-351xx/CVE-2023-35131.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-35132](CVE-2023/CVE-2023-351xx/CVE-2023-35132.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-35133](CVE-2023/CVE-2023-351xx/CVE-2023-35133.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-3128](CVE-2023/CVE-2023-31xx/CVE-2023-3128.json) (`2023-06-23T13:03:39.067`)
* [CVE-2023-27083](CVE-2023/CVE-2023-270xx/CVE-2023-27083.json) (`2023-06-23T13:03:44.217`)
* [CVE-2023-3239](CVE-2023/CVE-2023-32xx/CVE-2023-3239.json) (`2023-06-23T13:28:51.677`)
* [CVE-2023-3237](CVE-2023/CVE-2023-32xx/CVE-2023-3237.json) (`2023-06-23T13:35:23.420`)
* [CVE-2023-3238](CVE-2023/CVE-2023-32xx/CVE-2023-3238.json) (`2023-06-23T13:39:37.757`)
* [CVE-2023-34540](CVE-2023/CVE-2023-345xx/CVE-2023-34540.json) (`2023-06-23T13:55:51.820`)
* [CVE-2023-25978](CVE-2023/CVE-2023-259xx/CVE-2023-25978.json) (`2023-06-23T14:42:31.170`)
* [CVE-2023-28303](CVE-2023/CVE-2023-283xx/CVE-2023-28303.json) (`2023-06-23T14:51:07.207`)
* [CVE-2023-33515](CVE-2023/CVE-2023-335xx/CVE-2023-33515.json) (`2023-06-23T14:58:35.857`)
* [CVE-2023-35143](CVE-2023/CVE-2023-351xx/CVE-2023-35143.json) (`2023-06-23T15:11:48.207`)
* [CVE-2023-27427](CVE-2023/CVE-2023-274xx/CVE-2023-27427.json) (`2023-06-23T15:14:22.530`)
* [CVE-2023-28751](CVE-2023/CVE-2023-287xx/CVE-2023-28751.json) (`2023-06-23T15:14:22.530`)
* [CVE-2023-29100](CVE-2023/CVE-2023-291xx/CVE-2023-29100.json) (`2023-06-23T15:14:22.530`)
* [CVE-2023-32580](CVE-2023/CVE-2023-325xx/CVE-2023-32580.json) (`2023-06-23T15:14:22.530`)
* [CVE-2023-3302](CVE-2023/CVE-2023-33xx/CVE-2023-3302.json) (`2023-06-23T15:14:22.530`)
* [CVE-2023-3303](CVE-2023/CVE-2023-33xx/CVE-2023-3303.json) (`2023-06-23T15:14:22.530`)
* [CVE-2023-3304](CVE-2023/CVE-2023-33xx/CVE-2023-3304.json) (`2023-06-23T15:14:22.530`)
* [CVE-2023-31975](CVE-2023/CVE-2023-319xx/CVE-2023-31975.json) (`2023-06-23T15:15:09.137`)
* [CVE-2023-35840](CVE-2023/CVE-2023-358xx/CVE-2023-35840.json) (`2023-06-23T15:15:09.707`)
* [CVE-2023-35144](CVE-2023/CVE-2023-351xx/CVE-2023-35144.json) (`2023-06-23T15:18:22.670`)
* [CVE-2023-35145](CVE-2023/CVE-2023-351xx/CVE-2023-35145.json) (`2023-06-23T15:24:30.130`)
* [CVE-2023-35147](CVE-2023/CVE-2023-351xx/CVE-2023-35147.json) (`2023-06-23T15:30:53.490`)
## Download and Usage