diff --git a/data/couchdb/BIT-couchdb-2023-45725.json b/data/couchdb/BIT-couchdb-2023-45725.json new file mode 100644 index 000000000..ac328b2d4 --- /dev/null +++ b/data/couchdb/BIT-couchdb-2023-45725.json @@ -0,0 +1,54 @@ +{ + "schema_version": "1.5.0", + "id": "BIT-couchdb-2023-45725", + "details": "Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.These design document functions are: *   list *   show *   rewrite *   updateAn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an \"update\" function.For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document.Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers", + "aliases": [ + "CVE-2023-45725" + ], + "affected": [ + { + "package": { + "ecosystem": "Bitnami", + "name": "couchdb", + "purl": "pkg:bitnami/couchdb" + }, + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" + } + ], + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.3.2" + } + ] + } + ] + } + ], + "database_specific": { + "severity": "Medium", + "cpes": [ + "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*" + ] + }, + "references": [ + { + "type": "WEB", + "url": "https://docs.couchdb.org/en/stable/cve/2023-45725.html" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/pqjq9zt8vq9rsobkc1cow9sqm9vozlrg" + } + ], + "published": "2023-12-21T07:17:08.474Z", + "modified": "2023-12-21T07:45:04.169Z" +} \ No newline at end of file diff --git a/data/dotnet-sdk/BIT-dotnet-sdk-2022-23267.json b/data/dotnet-sdk/BIT-dotnet-sdk-2022-23267.json index f77a7a279..5b9efc7eb 100644 --- a/data/dotnet-sdk/BIT-dotnet-sdk-2022-23267.json +++ b/data/dotnet-sdk/BIT-dotnet-sdk-2022-23267.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-sdk-2022-23267", - "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.", + "details": ".NET and Visual Studio Denial of Service Vulnerability", "aliases": [ "CVE-2022-23267" ], @@ -77,5 +77,5 @@ } ], "published": "2023-11-06T08:56:09.649Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet-sdk/BIT-dotnet-sdk-2022-29117.json b/data/dotnet-sdk/BIT-dotnet-sdk-2022-29117.json index 2eaa2a344..6bc25d392 100644 --- a/data/dotnet-sdk/BIT-dotnet-sdk-2022-29117.json +++ b/data/dotnet-sdk/BIT-dotnet-sdk-2022-29117.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-sdk-2022-29117", - "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", + "details": ".NET and Visual Studio Denial of Service Vulnerability", "aliases": [ "CVE-2022-29117" ], @@ -77,5 +77,5 @@ } ], "published": "2023-11-06T08:55:44.268Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet-sdk/BIT-dotnet-sdk-2022-29145.json b/data/dotnet-sdk/BIT-dotnet-sdk-2022-29145.json index 5276d7437..49e34cdd4 100644 --- a/data/dotnet-sdk/BIT-dotnet-sdk-2022-29145.json +++ b/data/dotnet-sdk/BIT-dotnet-sdk-2022-29145.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-sdk-2022-29145", - "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.", + "details": ".NET and Visual Studio Denial of Service Vulnerability", "aliases": [ "CVE-2022-29145" ], @@ -77,5 +77,5 @@ } ], "published": "2023-11-06T08:55:35.467Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet-sdk/BIT-dotnet-sdk-2022-30184.json b/data/dotnet-sdk/BIT-dotnet-sdk-2022-30184.json index b2b853823..99af39117 100644 --- a/data/dotnet-sdk/BIT-dotnet-sdk-2022-30184.json +++ b/data/dotnet-sdk/BIT-dotnet-sdk-2022-30184.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-sdk-2022-30184", - "details": ".NET and Visual Studio Information Disclosure Vulnerability.", + "details": ".NET and Visual Studio Information Disclosure Vulnerability", "aliases": [ "CVE-2022-30184" ], @@ -62,5 +62,5 @@ } ], "published": "2023-11-06T08:55:27.570Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet-sdk/BIT-dotnet-sdk-2022-38013.json b/data/dotnet-sdk/BIT-dotnet-sdk-2022-38013.json index 6ca94d656..48ac35bc5 100644 --- a/data/dotnet-sdk/BIT-dotnet-sdk-2022-38013.json +++ b/data/dotnet-sdk/BIT-dotnet-sdk-2022-38013.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-sdk-2022-38013", - "details": ".NET Core and Visual Studio Denial of Service Vulnerability.", + "details": ".NET Core and Visual Studio Denial of Service Vulnerability", "aliases": [ "CVE-2022-38013" ], @@ -86,5 +86,5 @@ } ], "published": "2023-11-06T08:55:06.770Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet-sdk/BIT-dotnet-sdk-2022-41032.json b/data/dotnet-sdk/BIT-dotnet-sdk-2022-41032.json index 004406b5f..c4620183b 100644 --- a/data/dotnet-sdk/BIT-dotnet-sdk-2022-41032.json +++ b/data/dotnet-sdk/BIT-dotnet-sdk-2022-41032.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-sdk-2022-41032", - "details": "NuGet Client Elevation of Privilege Vulnerability.", + "details": "NuGet Client Elevation of Privilege Vulnerability", "aliases": [ "CVE-2022-41032" ], @@ -70,5 +70,5 @@ } ], "published": "2023-11-06T08:54:59.055Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet/BIT-dotnet-2022-23267.json b/data/dotnet/BIT-dotnet-2022-23267.json index fa3ee29a6..bceca834f 100644 --- a/data/dotnet/BIT-dotnet-2022-23267.json +++ b/data/dotnet/BIT-dotnet-2022-23267.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-2022-23267", - "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.", + "details": ".NET and Visual Studio Denial of Service Vulnerability", "aliases": [ "CVE-2022-23267" ], @@ -77,5 +77,5 @@ } ], "published": "2023-11-06T08:55:55.078Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet/BIT-dotnet-2022-29117.json b/data/dotnet/BIT-dotnet-2022-29117.json index 5bb696589..0fb42b12f 100644 --- a/data/dotnet/BIT-dotnet-2022-29117.json +++ b/data/dotnet/BIT-dotnet-2022-29117.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-2022-29117", - "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.", + "details": ".NET and Visual Studio Denial of Service Vulnerability", "aliases": [ "CVE-2022-29117" ], @@ -77,5 +77,5 @@ } ], "published": "2023-11-06T08:55:29.782Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet/BIT-dotnet-2022-29145.json b/data/dotnet/BIT-dotnet-2022-29145.json index a2a033f0c..496d547ed 100644 --- a/data/dotnet/BIT-dotnet-2022-29145.json +++ b/data/dotnet/BIT-dotnet-2022-29145.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-2022-29145", - "details": ".NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.", + "details": ".NET and Visual Studio Denial of Service Vulnerability", "aliases": [ "CVE-2022-29145" ], @@ -77,5 +77,5 @@ } ], "published": "2023-11-06T08:55:21.672Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet/BIT-dotnet-2022-30184.json b/data/dotnet/BIT-dotnet-2022-30184.json index 502bf8923..46fa58dc1 100644 --- a/data/dotnet/BIT-dotnet-2022-30184.json +++ b/data/dotnet/BIT-dotnet-2022-30184.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-2022-30184", - "details": ".NET and Visual Studio Information Disclosure Vulnerability.", + "details": ".NET and Visual Studio Information Disclosure Vulnerability", "aliases": [ "CVE-2022-30184" ], @@ -62,5 +62,5 @@ } ], "published": "2023-11-06T08:55:14.156Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet/BIT-dotnet-2022-38013.json b/data/dotnet/BIT-dotnet-2022-38013.json index 5518855fc..1d0ec6d3d 100644 --- a/data/dotnet/BIT-dotnet-2022-38013.json +++ b/data/dotnet/BIT-dotnet-2022-38013.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-2022-38013", - "details": ".NET Core and Visual Studio Denial of Service Vulnerability.", + "details": ".NET Core and Visual Studio Denial of Service Vulnerability", "aliases": [ "CVE-2022-38013" ], @@ -86,5 +86,5 @@ } ], "published": "2023-11-06T08:54:57.374Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/dotnet/BIT-dotnet-2022-41032.json b/data/dotnet/BIT-dotnet-2022-41032.json index ff61856e5..79d02b942 100644 --- a/data/dotnet/BIT-dotnet-2022-41032.json +++ b/data/dotnet/BIT-dotnet-2022-41032.json @@ -1,7 +1,7 @@ { "schema_version": "1.5.0", "id": "BIT-dotnet-2022-41032", - "details": "NuGet Client Elevation of Privilege Vulnerability.", + "details": "NuGet Client Elevation of Privilege Vulnerability", "aliases": [ "CVE-2022-41032" ], @@ -70,5 +70,5 @@ } ], "published": "2023-11-06T08:54:46.261Z", - "modified": "2023-11-08T07:44:02.038Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/mlflow/BIT-mlflow-2023-6909.json b/data/mlflow/BIT-mlflow-2023-6909.json new file mode 100644 index 000000000..35caf30bc --- /dev/null +++ b/data/mlflow/BIT-mlflow-2023-6909.json @@ -0,0 +1,54 @@ +{ + "schema_version": "1.5.0", + "id": "BIT-mlflow-2023-6909", + "details": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.", + "aliases": [ + "CVE-2023-6909" + ], + "affected": [ + { + "package": { + "ecosystem": "Bitnami", + "name": "mlflow", + "purl": "pkg:bitnami/mlflow" + }, + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" + } + ], + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.9.2" + } + ] + } + ] + } + ], + "database_specific": { + "severity": "High", + "cpes": [ + "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*" + ] + }, + "references": [ + { + "type": "WEB", + "url": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1" + }, + { + "type": "WEB", + "url": "https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850" + } + ], + "published": "2023-12-21T07:21:40.198Z", + "modified": "2023-12-21T07:45:04.169Z" +} \ No newline at end of file diff --git a/data/postgresql/BIT-postgresql-2023-39417.json b/data/postgresql/BIT-postgresql-2023-39417.json index 620595f8b..97f6c65e2 100644 --- a/data/postgresql/BIT-postgresql-2023-39417.json +++ b/data/postgresql/BIT-postgresql-2023-39417.json @@ -151,8 +151,20 @@ { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2023:7785" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7883" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7884" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7885" } ], "published": "2023-11-06T08:59:59.278Z", - "modified": "2023-12-14T07:45:59.314Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/postgresql/BIT-postgresql-2023-39418.json b/data/postgresql/BIT-postgresql-2023-39418.json index bd37b684f..bc2edf2ca 100644 --- a/data/postgresql/BIT-postgresql-2023-39418.json +++ b/data/postgresql/BIT-postgresql-2023-39418.json @@ -67,8 +67,20 @@ { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2023:7785" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7883" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7884" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7885" } ], "published": "2023-11-06T08:59:50.258Z", - "modified": "2023-12-14T07:45:59.314Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/postgresql/BIT-postgresql-2023-5868.json b/data/postgresql/BIT-postgresql-2023-5868.json index aa8c5d15b..35827f321 100644 --- a/data/postgresql/BIT-postgresql-2023-5868.json +++ b/data/postgresql/BIT-postgresql-2023-5868.json @@ -151,8 +151,20 @@ { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-5868/" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7883" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7884" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7885" } ], "published": "2023-12-14T07:27:34.844Z", - "modified": "2023-12-14T07:45:59.314Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/postgresql/BIT-postgresql-2023-5869.json b/data/postgresql/BIT-postgresql-2023-5869.json index 3e9d855d7..737370749 100644 --- a/data/postgresql/BIT-postgresql-2023-5869.json +++ b/data/postgresql/BIT-postgresql-2023-5869.json @@ -183,8 +183,20 @@ { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2023:7878" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7883" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7884" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7885" } ], "published": "2023-12-14T07:27:26.069Z", - "modified": "2023-12-20T07:44:57.018Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file diff --git a/data/postgresql/BIT-postgresql-2023-5870.json b/data/postgresql/BIT-postgresql-2023-5870.json index 6c760336d..a32c08936 100644 --- a/data/postgresql/BIT-postgresql-2023-5870.json +++ b/data/postgresql/BIT-postgresql-2023-5870.json @@ -151,8 +151,20 @@ { "type": "WEB", "url": "https://www.postgresql.org/support/security/CVE-2023-5870/" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7883" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7884" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:7885" } ], "published": "2023-12-14T07:27:17.875Z", - "modified": "2023-12-14T07:45:59.314Z" + "modified": "2023-12-21T07:45:04.169Z" } \ No newline at end of file