admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-183xx/CVE-2019-18346.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

161 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-18346",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-12-04T18:15:16.167",
"lastModified": "2019-12-14T08:15:14.100",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de tipo CSRF en DAViCal versiones hasta la versi\u00f3n 1.1.8. Si un usuario autenticado visita una p\u00e1gina web controlada por parte del atacante, el atacante puede enviar peticiones arbitrarias en el nombre del usuario para la aplicaci\u00f3n. Si el usuario atacado es un administrador, el atacante podr\u00eda, por ejemplo, agregar un nuevo usuario administrador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:davical:davical:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.8",
"matchCriteriaId": "97CF0994-E6FF-4DB3-A621-DE189FFC1243"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/155629/DAViCal-CalDAV-Server-1.1.8-Cross-Site-Request-Forgery.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2019/Dec/17",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2019/Dec/18",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2019/Dec/19",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gitlab.com/davical-project/davical/blob/master/ChangeLog",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00016.html",
"source": "cve@mitre.org"
},
{
"url": "https://seclists.org/bugtraq/2019/Dec/30",
"source": "cve@mitre.org"
},
{
"url": "https://www.davical.org/",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.debian.org/security/2019/dsa-4582",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink