Auto-Update: 2023-12-21T21:00:24.563922+00:00

fkie-cad · Dec 21, 2023 · 663d2c6 · 663d2c6
1 parent fbf355c
commit 663d2c6
Show file tree

Hide file tree

Showing 52 changed files with 4,296 additions and 174 deletions.
diff --git a/CVE-2022/CVE-2022-230xx/CVE-2022-23096.json b/CVE-2022/CVE-2022-230xx/CVE-2022-23096.json
@@ -2,8 +2,8 @@
   "id": "CVE-2022-23096",
   "sourceIdentifier": "[email protected]",
   "published": "2022-01-28T16:15:07.897",
-  "lastModified": "2023-10-31T08:15:07.387",
-  "vulnStatus": "Modified",
+  "lastModified": "2023-12-21T20:11:00.837",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
@@ -132,7 +132,10 @@
     },
     {
       "url": "https://security.gentoo.org/glsa/202310-21",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Third Party Advisory"
+      ]
     },
     {
       "url": "https://www.debian.org/security/2022/dsa-5231",

diff --git a/CVE-2022/CVE-2022-230xx/CVE-2022-23097.json b/CVE-2022/CVE-2022-230xx/CVE-2022-23097.json
@@ -2,8 +2,8 @@
   "id": "CVE-2022-23097",
   "sourceIdentifier": "[email protected]",
   "published": "2022-01-28T16:15:07.943",
-  "lastModified": "2023-10-31T08:15:07.503",
-  "vulnStatus": "Modified",
+  "lastModified": "2023-12-21T20:10:57.727",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
@@ -132,7 +132,10 @@
     },
     {
       "url": "https://security.gentoo.org/glsa/202310-21",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Third Party Advisory"
+      ]
     },
     {
       "url": "https://www.debian.org/security/2022/dsa-5231",

diff --git a/CVE-2022/CVE-2022-230xx/CVE-2022-23098.json b/CVE-2022/CVE-2022-230xx/CVE-2022-23098.json
@@ -2,8 +2,8 @@
   "id": "CVE-2022-23098",
   "sourceIdentifier": "[email protected]",
   "published": "2022-01-28T16:15:07.990",
-  "lastModified": "2023-10-31T08:15:07.567",
-  "vulnStatus": "Modified",
+  "lastModified": "2023-12-21T19:26:25.640",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
@@ -132,7 +132,10 @@
     },
     {
       "url": "https://security.gentoo.org/glsa/202310-21",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Third Party Advisory"
+      ]
     },
     {
       "url": "https://www.debian.org/security/2022/dsa-5231",

diff --git a/CVE-2022/CVE-2022-403xx/CVE-2022-40312.json b/CVE-2022/CVE-2022-403xx/CVE-2022-40312.json
@@ -2,16 +2,40 @@
   "id": "CVE-2022-40312",
   "sourceIdentifier": "[email protected]",
   "published": "2023-12-18T15:15:08.623",
-  "lastModified": "2023-12-18T17:24:19.373",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-12-21T19:17:59.067",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
       "value": "Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform.This issue affects GiveWP \u2013 Donation Plugin and Fundraising Platform: from n/a through 2.25.1.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de Cross-Site Request Forgery (SSRF) en GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform. Este problema afecta a GiveWP \u2013 Donation Plugin and Fundraising Platform: desde n/a hasta 2.25.1."
     }
   ],
   "metrics": {
     "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      },
       {
         "source": "[email protected]",
         "type": "Secondary",
@@ -46,10 +70,31 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*",
+              "versionEndIncluding": "2.25.1",
+              "matchCriteriaId": "6C4CDACF-6460-44AF-9F00-0D5E5E54E3E0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Third Party Advisory"
+      ]
     }
   ]
 }
diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22508.json
@@ -2,7 +2,7 @@
   "id": "CVE-2023-22508",
   "sourceIdentifier": "[email protected]",
   "published": "2023-07-18T23:15:09.297",
-  "lastModified": "2023-07-31T17:12:30.293",
+  "lastModified": "2023-12-21T20:11:44.330",
   "vulnStatus": "Analyzed",
   "descriptions": [
     {
@@ -92,9 +92,9 @@
             {
               "vulnerable": true,
               "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "8.0.0",
+              "versionStartIncluding": "7.20.0",
               "versionEndExcluding": "8.2.0",
-              "matchCriteriaId": "0CFB6784-FD6E-4346-BC1E-3A53DFAAD9B0"
+              "matchCriteriaId": "7D5FBFE8-F97B-4E6B-B6AB-7EF9955B66BA"
             },
             {
               "vulnerable": true,
@@ -113,9 +113,9 @@
             {
               "vulnerable": true,
               "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "8.0.0",
+              "versionStartIncluding": "7.20.0",
               "versionEndExcluding": "8.2.0",
-              "matchCriteriaId": "61ABEF8D-B940-44CF-845B-238A23DBEA02"
+              "matchCriteriaId": "CBBB9EBB-FFFA-4AE8-BA5A-D06D6D9A309E"
             }
           ]
         }

diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30867.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30867.json
@@ -2,16 +2,53 @@
   "id": "CVE-2023-30867",
   "sourceIdentifier": "[email protected]",
   "published": "2023-12-15T13:15:07.223",
-  "lastModified": "2023-12-15T13:41:51.403",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-12-21T19:58:39.513",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
       "value": "In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc. The sql syntax :select * from table where jobName like '%jobName%'. However, the jobName field may receive illegal parameters, leading to SQL injection. This could potentially result in information leakage.\n\nMitigation:\n\nUsers are recommended to upgrade to version 2.1.2, which fixes the issue.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "En la plataforma Streampark, cuando los usuarios inician sesi\u00f3n en el sistema y utilizan ciertas funciones, algunas p\u00e1ginas proporcionan una b\u00fasqueda difusa basada en nombres, como nombres de trabajos, nombres de funciones, etc. La sintaxis SQL: select* de la tabla donde '%jobName%' gusta. Sin embargo, el campo jobName puede recibir par\u00e1metros no v\u00e1lidos, lo que provocar\u00e1 una inyecci\u00f3n de SQL. Esto podr\u00eda resultar potencialmente en una fuga de informaci\u00f3n. Mitigaci\u00f3n: se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.2, que soluciona el problema."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
   "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    },
     {
       "source": "[email protected]",
       "type": "Secondary",
@@ -23,10 +60,33 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "2.0.0",
+              "versionEndExcluding": "2.1.2",
+              "matchCriteriaId": "A5A4CCCF-F382-4FF8-AB13-9BE1B2B9757B"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://lists.apache.org/thread/bhdzh6hnh04yyf3g203bbyvxryd720o2",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Mailing List",
+        "Vendor Advisory"
+      ]
     }
   ]
 }
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32747.json
@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32747",
+  "sourceIdentifier": "[email protected]",
+  "published": "2023-12-21T19:15:08.160",
+  "lastModified": "2023-12-21T19:15:08.160",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/woocommerce-bookings/wordpress-woocommerce-bookings-plugin-1-15-78-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
+      "source": "[email protected]"
+    }
+  ]
+}
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32799.json
@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32799",
+  "sourceIdentifier": "[email protected]",
+  "published": "2023-12-21T19:15:08.520",
+  "lastModified": "2023-12-21T19:15:08.520",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
+      "source": "[email protected]"
+    }
+  ]
+}