admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-09 03:57:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-16T10:00:29.267260+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-16 10:00:32 +00:00
parent 999f609d0c
commit f90f04a59c
11 changed files with 568 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-24xx/CVE-2023-2431.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2431",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-06-16T08:15:08.770",
"lastModified": "2023-06-16T08:15:08.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/118690",
"source": "jordan@liggitt.net"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10",
"source": "jordan@liggitt.net"
}
]
}

55
CVE-2023/CVE-2023-259xx/CVE-2023-25963.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25963",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-16T09:15:09.430",
"lastModified": "2023-06-16T09:15:09.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <=\u00a02.0.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/js-jobs/wordpress-js-job-manager-plugin-2-0-0-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-260xx/CVE-2023-26013.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26013",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-16T09:15:09.587",
"lastModified": "2023-06-16T09:15:09.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <=\u00a03.0.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/strong-testimonials/wordpress-strong-testimonials-plugin-3-0-2-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-265xx/CVE-2023-26541.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-26541",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-06-16T09:15:09.653",
"lastModified": "2023-06-16T09:15:09.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <=\u00a01.5.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/asmember/wordpress-asmember-plugin-1-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-27xx/CVE-2023-2783.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2783",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-06-16T09:15:09.720",
"lastModified": "2023-06-16T09:15:09.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to\u00a0modify the contents of the post sent by the Apps.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-27xx/CVE-2023-2784.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2784",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-06-16T09:15:09.787",
"lastModified": "2023-06-16T09:15:09.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-27xx/CVE-2023-2786.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2786",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-06-16T09:15:09.853",
"lastModified": "2023-06-16T09:15:09.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to properly check the\u00a0permissions when executing commands allowing a member with no permissions\u00a0to post a message in a channel to actually post it by executing channel commands.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-27xx/CVE-2023-2787.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2787",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-06-16T09:15:09.920",
"lastModified": "2023-06-16T09:15:09.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates/",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-27xx/CVE-2023-2788.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2788",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-06-16T09:15:09.993",
"lastModified": "2023-06-16T09:15:09.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates/",
"source": "responsibledisclosure@mattermost.com"
}
]
}

55
CVE-2023/CVE-2023-27xx/CVE-2023-2791.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2791",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2023-06-16T09:15:10.060",
"lastModified": "2023-06-16T09:15:10.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates/",
"source": "responsibledisclosure@mattermost.com"
}
]
}

21
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-16T08:00:28.277489+00:00
2023-06-16T10:00:29.267260+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-16T07:15:08.840000+00:00
2023-06-16T09:15:10.060000+00:00
```
### Last Data Feed Release
@ -29,16 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217904
217914
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `10`
* [CVE-2023-34154](CVE-2023/CVE-2023-341xx/CVE-2023-34154.json) (`2023-06-16T07:15:08.457`)
* [CVE-2023-34157](CVE-2023/CVE-2023-341xx/CVE-2023-34157.json) (`2023-06-16T07:15:08.680`)
* [CVE-2023-34165](CVE-2023/CVE-2023-341xx/CVE-2023-34165.json) (`2023-06-16T07:15:08.840`)
* [CVE-2023-2431](CVE-2023/CVE-2023-24xx/CVE-2023-2431.json) (`2023-06-16T08:15:08.770`)
* [CVE-2023-25963](CVE-2023/CVE-2023-259xx/CVE-2023-25963.json) (`2023-06-16T09:15:09.430`)
* [CVE-2023-26013](CVE-2023/CVE-2023-260xx/CVE-2023-26013.json) (`2023-06-16T09:15:09.587`)
* [CVE-2023-26541](CVE-2023/CVE-2023-265xx/CVE-2023-26541.json) (`2023-06-16T09:15:09.653`)
* [CVE-2023-2783](CVE-2023/CVE-2023-27xx/CVE-2023-2783.json) (`2023-06-16T09:15:09.720`)
* [CVE-2023-2784](CVE-2023/CVE-2023-27xx/CVE-2023-2784.json) (`2023-06-16T09:15:09.787`)
* [CVE-2023-2786](CVE-2023/CVE-2023-27xx/CVE-2023-2786.json) (`2023-06-16T09:15:09.853`)
* [CVE-2023-2787](CVE-2023/CVE-2023-27xx/CVE-2023-2787.json) (`2023-06-16T09:15:09.920`)
* [CVE-2023-2788](CVE-2023/CVE-2023-27xx/CVE-2023-2788.json) (`2023-06-16T09:15:09.993`)
* [CVE-2023-2791](CVE-2023/CVE-2023-27xx/CVE-2023-2791.json) (`2023-06-16T09:15:10.060`)
### CVEs modified in the last Commit