admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-528xx/CVE-2024-52812.json
cad-safe-bot 7ab230f046 Auto-Update: 2025-03-16T03:00:19.723046+00:00
2025-03-16 03:03:50 +00:00

88 lines
3.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-52812",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-10T18:15:29.207",
"lastModified": "2025-03-10T18:15:29.207",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue."
},
{
"lang": "es",
"value": "LF Edge eKuiper es un motor de procesamiento de flujo y an\u00e1lisis de datos de Internet de las cosas. Antes de la versi\u00f3n 2.0.8, un usuario con derechos para modificar el servicio (por ejemplo, el rol kuiperUser) puede inyectar un payload de cross-site scripting en el par\u00e1metro `id` de la regla. Luego, despu\u00e9s de que cualquier usuario con acceso a este servicio (por ejemplo, administrador) intente realizar modificaciones con la regla (actualizar, ejecutar, detener, eliminar), un payload act\u00faa en el navegador de la v\u00edctima. La versi\u00f3n 2.0.8 soluciona el problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L681",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L716",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L735",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L794",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L809",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L824",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lf-edge/ekuiper/releases/tag/v2.0.8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink