Auto-Update: 2024-10-14T20:00:18.001794+00:00

CVE-2023/CVE-2023-458xx/CVE-2023-45817.json

@@ -0,0 +1,16 @@
+{
+  "id": "CVE-2023-45817",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T18:15:03.630",
+  "lastModified": "2024-10-14T18:15:03.630",
+  "vulnStatus": "Rejected",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9823. Reason: This candidate is a reservation duplicate of CVE-2024-9823. Notes: All CVE users should reference CVE-2024-9823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}

CVE-2023/CVE-2023-480xx/CVE-2023-48082.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2023-48082",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T19:15:10.780",
+  "lastModified": "2024-10-14T19:15:10.780",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.nagios.com/change-log/",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-465xx/CVE-2024-46528.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-46528",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T18:15:03.847",
+  "lastModified": "2024-10-14T18:15:03.847",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://kubesphere.com",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere/",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-469xx/CVE-2024-46980.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-46980",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T18:15:03.947",
+  "lastModified": "2024-10-14T18:15:03.947",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Enalean/tuleap/commit/dd94a799982cd78ab06142008d745edf9e8fd494",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-9fc9-47h6-82jj",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=dd94a799982cd78ab06142008d745edf9e8fd494",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/tracker/?aid=39689",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-469xx/CVE-2024-46988.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-46988",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T18:15:04.173",
+  "lastModified": "2024-10-14T18:15:04.173",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-280"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-g76g-hc92-96xw",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/tracker/?aid=39686",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-477xx/CVE-2024-47766.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-47766",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T18:15:04.387",
+  "lastModified": "2024-10-14T18:15:04.387",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-280"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hx",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=529d11b70796589767dd27a40ebadf3eaf8f5674",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/tracker/?aid=39736",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-477xx/CVE-2024-47767.json

@@ -0,0 +1,84 @@
+{
+  "id": "CVE-2024-47767",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T18:15:04.593",
+  "lastModified": "2024-10-14T18:15:04.593",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-280"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Enalean/tuleap/commit/16d9efccb2fad8e10343be2604e94c9058ef2c89",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/Enalean/tuleap/commit/e5ce81279766115dc0f126a11d6b5065b5db7eec",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/Enalean/tuleap/commit/f89d7093d2c576ad5e2b35a6a096fcdaf563d1df",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-j342-v27q-329v",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=16d9efccb2fad8e10343be2604e94c9058ef2c89",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=e5ce81279766115dc0f126a11d6b5065b5db7eec",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=f89d7093d2c576ad5e2b35a6a096fcdaf563d1df",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://tuleap.net/plugins/tracker/?aid=39728",
+      "source": "[email protected]"
+    }
+  ]
+}