admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-16T07:00:25.109349+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-16 07:00:28 +00:00
parent a67439a459
commit dcf3351ada
6 changed files with 233 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
CVE-2023/CVE-2023-225xx/CVE-2023-22526.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-22526",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:07.933",
"lastModified": "2024-01-16T05:15:07.933",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center.\r\n\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\r\n\r\nAtlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release\r\n Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\r\n Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\r\n\r\nSee the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).\r\n\r\nThis vulnerability was discovered by m1sn0w and reported via our Bug Bounty program"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@atlassian.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615",
"source": "security@atlassian.com"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93516",
"source": "security@atlassian.com"
}
]
}

47
CVE-2023/CVE-2023-225xx/CVE-2023-22527.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-22527",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:08.290",
"lastModified": "2024-01-16T05:15:08.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Summary of Vulnerability\r\nA template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.\r\n\r\nMost recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian\u2019s January Security Bulletin.\r\n\r\nSee \u201cWhat You Need to Do\u201d for detailed instructions.\r\n \r\n{panel:bgColor=#deebff}\r\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.\r\n{panel}\r\nAffected Versions\r\n||Product||Affected Versions||\r\n|Confluence Data Center and Server| 8.0.x\r\n 8.1.x\r\n 8.2.x\r\n 8.3.x\r\n 8.4.x\r\n 8.5.0\r\n 8.5.1\r\n 8.5.2\r\n 8.5.3|\r\nFixed Versions\r\n||Product||Fixed Versions||\r\n|Confluence Data Center and Server|8.5.4 (LTS)|\r\n|Confluence Data Center| 8.6.0 or later (Data Center Only)\r\n 8.7.1 or later (Data Center Only)|\r\nWhat You Need To Do\r\nImmediately patch to a fixed version\r\n\r\nAtlassian recommends that you patch each of your affected installations to the latest version. The listed Fixed Versions are no longer the most up-to-date versions and do not protect your instance from other non-critical vulnerabilities as outlined in Atlassian\u2019s January Security Bulletin.\r\n||Product||Fixed Versions||Latest Versions||\r\n|Confluence Data Center and Server| 8.5.4 (LTS)| 8.5.5 (LTS)\r\n|Confluence Data Center| 8.6.0 or later (Data Center Only)\r\n 8.7.1 or later (Data Center Only)| 8.6.3 or later (Data Center Only)\r\n 8.7.2 or later (Data Center Only)\r\n\r\nFor additional details, please see full advisory."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@atlassian.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615",
"source": "security@atlassian.com"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93833",
"source": "security@atlassian.com"
}
]
}

43
CVE-2024/CVE-2024-216xx/CVE-2024-21672.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21672",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:08.537",
"lastModified": "2024-01-16T05:15:08.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of\u00a0CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives)."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@atlassian.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-94064",
"source": "security@atlassian.com"
}
]
}

43
CVE-2024/CVE-2024-216xx/CVE-2024-21673.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21673",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:08.730",
"lastModified": "2024-01-16T05:15:08.730",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of\u00a0CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives )."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@atlassian.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-94065",
"source": "security@atlassian.com"
}
]
}

43
CVE-2024/CVE-2024-216xx/CVE-2024-21674.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21674",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-01-16T05:15:08.910",
"lastModified": "2024-01-16T05:15:08.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server.\n\nRemote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction.\n\nAtlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\n* Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release\n* Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release\n* Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release\n\nSee the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives )."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@atlassian.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-94066",
"source": "security@atlassian.com"
}
]
}

18
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-16T05:00:24.211239+00:00
2024-01-16T07:00:25.109349+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-16T04:15:08.067000+00:00
2024-01-16T05:15:08.910000+00:00
```
### Last Data Feed Release
@ -29,22 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235950
235955
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `5`
* [CVE-2024-22362](CVE-2024/CVE-2024-223xx/CVE-2024-22362.json) (`2024-01-16T04:15:07.993`)
* [CVE-2024-22428](CVE-2024/CVE-2024-224xx/CVE-2024-22428.json) (`2024-01-16T04:15:08.067`)
* [CVE-2023-22526](CVE-2023/CVE-2023-225xx/CVE-2023-22526.json) (`2024-01-16T05:15:07.933`)
* [CVE-2023-22527](CVE-2023/CVE-2023-225xx/CVE-2023-22527.json) (`2024-01-16T05:15:08.290`)
* [CVE-2024-21672](CVE-2024/CVE-2024-216xx/CVE-2024-21672.json) (`2024-01-16T05:15:08.537`)
* [CVE-2024-21673](CVE-2024/CVE-2024-216xx/CVE-2024-21673.json) (`2024-01-16T05:15:08.730`)
* [CVE-2024-21674](CVE-2024/CVE-2024-216xx/CVE-2024-21674.json) (`2024-01-16T05:15:08.910`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
* [CVE-2022-34364](CVE-2022/CVE-2022-343xx/CVE-2022-34364.json) (`2024-01-16T04:15:07.733`)
## Download and Usage