Skip to content

Commit

Permalink
Auto-Update: 2024-11-17T13:00:19.171396+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Nov 17, 2024
1 parent 90a86df commit 4dc7ba8
Show file tree
Hide file tree
Showing 8 changed files with 430 additions and 7 deletions.
60 changes: 60 additions & 0 deletions CVE-2020/CVE-2020-257xx/CVE-2020-25720.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"id": "CVE-2020-25720",
"sourceIdentifier": "[email protected]",
"published": "2024-11-17T11:15:04.320",
"lastModified": "2024-11-17T11:15:04.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2020-25720",
"source": "[email protected]"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305954",
"source": "[email protected]"
}
]
}
68 changes: 68 additions & 0 deletions CVE-2023/CVE-2023-06xx/CVE-2023-0657.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{
"id": "CVE-2023-0657",
"sourceIdentifier": "[email protected]",
"published": "2024-11-17T11:15:05.300",
"lastModified": "2024-11-17T11:15:05.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-273"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:1867",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1868",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0657",
"source": "[email protected]"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728",
"source": "[email protected]"
}
]
}
60 changes: 60 additions & 0 deletions CVE-2023/CVE-2023-14xx/CVE-2023-1419.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"id": "CVE-2023-1419",
"sourceIdentifier": "[email protected]",
"published": "2024-11-17T11:15:05.593",
"lastModified": "2024-11-17T11:15:05.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-233"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1419",
"source": "[email protected]"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178722",
"source": "[email protected]"
}
]
}
88 changes: 88 additions & 0 deletions CVE-2023/CVE-2023-46xx/CVE-2023-4639.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
{
"id": "CVE-2023-4639",
"sourceIdentifier": "[email protected]",
"published": "2024-11-17T11:15:05.840",
"lastModified": "2024-11-17T11:15:05.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:1674",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1675",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1676",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1677",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2763",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2764",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3919",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4639",
"source": "[email protected]"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022",
"source": "[email protected]"
}
]
}
64 changes: 64 additions & 0 deletions CVE-2023/CVE-2023-61xx/CVE-2023-6110.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"id": "CVE-2023-6110",
"sourceIdentifier": "[email protected]",
"published": "2024-11-17T11:15:06.097",
"lastModified": "2024-11-17T11:15:06.097",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:2737",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2769",
"source": "[email protected]"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6110",
"source": "[email protected]"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212960",
"source": "[email protected]"
},
{
"url": "https://code.engineering.redhat.com/gerrit/gitweb?p=python-openstackclient.git;a=commit;h=7a7c364bdd7b2cd2b56e73724110710a68d58abf",
"source": "[email protected]"
},
{
"url": "https://review.opendev.org/c/openstack/python-openstackclient/+/888697",
"source": "[email protected]"
}
]
}
Loading

0 comments on commit 4dc7ba8

Please sign in to comment.