From ecec29dcc929a7f61dafbb636056d9cbbafd2d1f Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Tue, 20 Feb 2024 09:00:33 +0000
Subject: [PATCH] Auto-Update: 2024-02-20T09:00:29.547030+00:00

---
 CVE-2023/CVE-2023-443xx/CVE-2023-44308.json | 55 +++++++++++++++++++++
 CVE-2024/CVE-2024-222xx/CVE-2024-22234.json | 43 ++++++++++++++++
 CVE-2024/CVE-2024-251xx/CVE-2024-25149.json | 55 +++++++++++++++++++++
 CVE-2024/CVE-2024-251xx/CVE-2024-25150.json | 55 +++++++++++++++++++++
 CVE-2024/CVE-2024-259xx/CVE-2024-25973.json | 32 ++++++++++++
 CVE-2024/CVE-2024-259xx/CVE-2024-25974.json | 32 ++++++++++++
 README.md                                   | 16 +++---
 7 files changed, 282 insertions(+), 6 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44308.json
 create mode 100644 CVE-2024/CVE-2024-222xx/CVE-2024-22234.json
 create mode 100644 CVE-2024/CVE-2024-251xx/CVE-2024-25149.json
 create mode 100644 CVE-2024/CVE-2024-251xx/CVE-2024-25150.json
 create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25973.json
 create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25974.json

diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44308.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44308.json
new file mode 100644
index 00000000000..092855612db
--- /dev/null
+++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44308.json
@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-44308",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2024-02-20T07:15:08.033",
+  "lastModified": "2024-02-20T07:15:08.033",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect parameter."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-601"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44308",
+      "source": "security@liferay.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22234.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22234.json
new file mode 100644
index 00000000000..9c19bc76511
--- /dev/null
+++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22234.json
@@ -0,0 +1,43 @@
+{
+  "id": "CVE-2024-22234",
+  "sourceIdentifier": "security@vmware.com",
+  "published": "2024-02-20T07:15:09.967",
+  "lastModified": "2024-02-20T07:15:09.967",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n  *  The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n  *  The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n  *  The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n  *  The application only uses isFullyAuthenticated\u00a0via  Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or  HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html \n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@vmware.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://spring.io/security/cve-2024-22234",
+      "source": "security@vmware.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25149.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25149.json
new file mode 100644
index 00000000000..a8595795537
--- /dev/null
+++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25149.json
@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-25149",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2024-02-20T07:15:10.557",
+  "lastModified": "2024-02-20T07:15:10.557",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the \"Limit membership to members of the parent site\" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149",
+      "source": "security@liferay.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25150.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25150.json
new file mode 100644
index 00000000000..fecbbe06c3c
--- /dev/null
+++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25150.json
@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-25150",
+  "sourceIdentifier": "security@liferay.com",
+  "published": "2024-02-20T08:15:07.290",
+  "lastModified": "2024-02-20T08:15:07.290",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@liferay.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@liferay.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-201"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150",
+      "source": "security@liferay.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25973.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25973.json
new file mode 100644
index 00000000000..272711c13bf
--- /dev/null
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25973.json
@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-25973",
+  "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
+  "published": "2024-02-20T08:15:07.717",
+  "lastModified": "2024-02-20T08:15:07.717",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities.\u00a0An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://r.sec-consult.com/openolat",
+      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25974.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25974.json
new file mode 100644
index 00000000000..3bae548ba25
--- /dev/null
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25974.json
@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-25974",
+  "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
+  "published": "2024-02-20T08:15:07.823",
+  "lastModified": "2024-02-20T08:15:07.823",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://r.sec-consult.com/openolat",
+      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 2ceee5b4249..52f66223f2a 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-02-20T07:00:25.674495+00:00
+2024-02-20T09:00:29.547030+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-02-20T06:15:07.680000+00:00
+2024-02-20T08:15:07.823000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,15 +29,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-238921
+238927
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `6`
 
-* [CVE-2022-45320](CVE-2022/CVE-2022-453xx/CVE-2022-45320.json) (`2024-02-20T05:15:07.613`)
-* [CVE-2023-5190](CVE-2023/CVE-2023-51xx/CVE-2023-5190.json) (`2024-02-20T06:15:07.680`)
+* [CVE-2023-44308](CVE-2023/CVE-2023-443xx/CVE-2023-44308.json) (`2024-02-20T07:15:08.033`)
+* [CVE-2024-22234](CVE-2024/CVE-2024-222xx/CVE-2024-22234.json) (`2024-02-20T07:15:09.967`)
+* [CVE-2024-25149](CVE-2024/CVE-2024-251xx/CVE-2024-25149.json) (`2024-02-20T07:15:10.557`)
+* [CVE-2024-25150](CVE-2024/CVE-2024-251xx/CVE-2024-25150.json) (`2024-02-20T08:15:07.290`)
+* [CVE-2024-25973](CVE-2024/CVE-2024-259xx/CVE-2024-25973.json) (`2024-02-20T08:15:07.717`)
+* [CVE-2024-25974](CVE-2024/CVE-2024-259xx/CVE-2024-25974.json) (`2024-02-20T08:15:07.823`)
 
 
 ### CVEs modified in the last Commit