admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-239xx/CVE-2024-23952.json
cad-safe-bot 6086612163 Auto-Update: 2025-02-13T19:00:46.575167+00:00
2025-02-13 19:04:13 +00:00

157 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-23952",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-14T12:15:47.293",
"lastModified": "2025-02-13T18:17:06.317",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.\n \nUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. \u00a0\nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1."
},
{
"lang": "es",
"value": "Este es un duplicado de CVE-2023-46104. Con rangos de versi\u00f3n CVE correctos para Apache Superset afectado. El consumo incontrolado de recursos puede ser provocado por un atacante autenticado que carga un ZIP malicioso para importar bases de datos, paneles o conjuntos de datos. Esta vulnerabilidad existe en las versiones de Apache Superset hasta la 2.1.2 inclusive y en las versiones 3.0.0, 3.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@apache.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.3",
"matchCriteriaId": "F7B317CC-A16E-41A7-886C-7B53D1C9599A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.2",
"matchCriteriaId": "23576169-716C-4703-BFB2-7F061CEED2CF"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/14/2",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/14/3",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx",
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/14/2",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/14/3",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink