Auto-Update: 2023-05-02T06:00:23.783014+00:00

2025-06-21 17:41:05 +00:00 · 2023-05-02 08:00:26 +02:00 · 2023-05-02 08:00:26 +02:00 · c7b8e2c5af
commit c7b8e2c5af
parent d90903b18d
5 changed files with 84 additions and 18 deletions
--- a/CVE-2022/CVE-2022-280xx/CVE-2022-28005.json
+++ b/CVE-2022/CVE-2022-280xx/CVE-2022-28005.json
@ -2,12 +2,12 @@
  "id": "CVE-2022-28005",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-05-06T15:15:08.787",
-  "lastModified": "2022-05-18T14:06:50.950",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-05-02T04:15:46.873",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\\SYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\\Windows\\System32."
+      "value": "An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that uses backslash characters), leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\\SYSTEM on Windows installations. NOTE: this issue exists because of an incomplete fix for CVE-2022-48482."
    },
    {
      "lang": "es",
@ -94,6 +94,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://www.3cx.com/blog/change-log/phone-system-change-log/",
      "source": "cve@mitre.org",
--- a/CVE-2022/CVE-2022-484xx/CVE-2022-48482.json
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48482.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2022-48482",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-02T05:15:27.407",
+  "lastModified": "2023-05-02T05:15:27.407",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.3cx.com/blog/change-log/phone-system-change-log/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-484xx/CVE-2022-48483.json
+++ b/CVE-2022/CVE-2022-484xx/CVE-2022-48483.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2022-48483",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-02T05:15:28.057",
+  "lastModified": "2023-05-02T05:15:28.057",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.3cx.com/blog/change-log/phone-system-change-log/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-2247",
+  "sourceIdentifier": "security@octopus.com",
+  "published": "2023-05-02T05:15:28.113",
+  "lastModified": "2023-05-02T05:15:28.113",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://advisories.octopus.com/post/2023/sa2023-07/",
+      "source": "security@octopus.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-05-02T04:00:24.870613+00:00
+2023-05-02T06:00:23.783014+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-05-02T03:15:08.717000+00:00
+2023-05-02T05:15:28.113000+00:00
 ```

 ### Last Data Feed Release
@ -29,29 +29,23 @@ Download and Changelog: [Click](releases/latest)
 ### Total Number of included CVEs

 ```plain
-213878
+213881
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `3`

-* [CVE-2013-10026](CVE-2013/CVE-2013-100xx/CVE-2013-10026.json) (`2023-05-02T02:15:27.267`)
-* [CVE-2014-125100](CVE-2014/CVE-2014-1251xx/CVE-2014-125100.json) (`2023-05-02T02:15:27.423`)
+* [CVE-2022-48482](CVE-2022/CVE-2022-484xx/CVE-2022-48482.json) (`2023-05-02T05:15:27.407`)
+* [CVE-2022-48483](CVE-2022/CVE-2022-484xx/CVE-2022-48483.json) (`2023-05-02T05:15:28.057`)
+* [CVE-2023-2247](CVE-2023/CVE-2023-22xx/CVE-2023-2247.json) (`2023-05-02T05:15:28.113`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `8`
+Recently modified CVEs: `1`

-* [CVE-2023-2004](CVE-2023/CVE-2023-20xx/CVE-2023-2004.json) (`2023-05-02T03:15:08.203`)
-* [CVE-2023-2033](CVE-2023/CVE-2023-20xx/CVE-2023-2033.json) (`2023-05-02T03:15:08.350`)
-* [CVE-2023-2133](CVE-2023/CVE-2023-21xx/CVE-2023-2133.json) (`2023-05-02T03:15:08.423`)
-* [CVE-2023-2134](CVE-2023/CVE-2023-21xx/CVE-2023-2134.json) (`2023-05-02T03:15:08.497`)
-* [CVE-2023-2135](CVE-2023/CVE-2023-21xx/CVE-2023-2135.json) (`2023-05-02T03:15:08.573`)
-* [CVE-2023-2136](CVE-2023/CVE-2023-21xx/CVE-2023-2136.json) (`2023-05-02T03:15:08.647`)
-* [CVE-2023-2137](CVE-2023/CVE-2023-21xx/CVE-2023-2137.json) (`2023-05-02T03:15:08.717`)
-* [CVE-2023-27495](CVE-2023/CVE-2023-274xx/CVE-2023-27495.json) (`2023-05-02T02:07:27.720`)
+* [CVE-2022-28005](CVE-2022/CVE-2022-280xx/CVE-2022-28005.json) (`2023-05-02T04:15:46.873`)


 ## Download and Usage