Skip to content

Commit

Permalink
- Synchronized data.
Browse files Browse the repository at this point in the history
  • Loading branch information
@cve-team
cve-team committed Dec 13, 2018
1 parent 87f7107 commit b58d7e7
Show file tree
Hide file tree
Showing 5 changed files with 288 additions and 286 deletions.
145 changes: 73 additions & 72 deletions 2018/14xxx/CVE-2018-14623.json
View file
Original file line number Diff line number Diff line change
@@ -1,79 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-14623",
"ASSIGNER": "psampaio@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Foreman Project",
"product": {
"product_data": [
{
"product_name": "katello",
"version": {
"version_data": [
{
"version_value": "3.10 and older"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89"
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-14623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"description": [
{
"lang": "eng",
"value": "CWE-209"
}
]
"product" : {
"product_data" : [
{
"product_name" : "katello",
"version" : {
"version_data" : [
{
"version_value" : "3.10 and older"
}
]
}
}
]
},
"vendor_name" : "The Foreman Project"
}
]
},
"references": {
"reference_data": [
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623",
"refsource": "CONFIRM"
"vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-89"
}
]
},
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-209"
}
]
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623"
}
]
}
}
115 changes: 58 additions & 57 deletions 2018/15xxx/CVE-2018-15754.json
View file
Original file line number Diff line number Diff line change
@@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-12-10T12:00:00.000Z",
"ID": "CVE-2018-15754",
"STATE": "PUBLIC",
"TITLE": "UAA issues tokens across identity providers if users with matching usernames exist"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-12-10T12:00:00.000Z",
"ID" : "CVE-2018-15754",
"STATE" : "PUBLIC",
"TITLE" : "UAA issues tokens across identity providers if users with matching usernames exist"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "UAA",
"version": {
"version_data": [
"product_name" : "UAA",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "all versions",
"version_value": "66.0"
"affected" : "<",
"version_name" : "all versions",
"version_value" : "66.0"
},
{
"affected": ">=",
"version_name": "all versions",
"version_value": "60.0"
"affected" : ">=",
"version_name" : "all versions",
"version_value" : "60.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
"vendor_name" : "Cloud Foundry"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "This issue was responsibly reported by the UAA team of Pivotal.\n\n"
"lang" : "eng",
"value" : "This issue was responsibly reported by the UAA team of Pivotal.\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Cloud Foundry UAA, all versions in v60.x, v61.x, v62.x, v63.x, and v64.x contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider."
"lang" : "eng",
"value" : "Cloud Foundry UAA, all versions in v60.x, v61.x, v62.x, v63.x, and v64.x contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 4.2,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper Authentication"
"lang" : "eng",
"value" : "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2018-15754"
"name" : "https://www.cloudfoundry.org/blog/cve-2018-15754",
"refsource" : "CONFIRM",
"url" : "https://www.cloudfoundry.org/blog/cve-2018-15754"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}
Loading

0 comments on commit b58d7e7

Please sign in to comment.