Skip to content

Commit

Permalink
2 changes (1 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2024-36466
      - 1 updated CVEs: CVE-2024-0854
  • Loading branch information
cvelistV5 Github Action committed Nov 28, 2024
1 parent 16a3ba2 commit 1349e44
Show file tree
Hide file tree
Showing 4 changed files with 202 additions and 17 deletions.
22 changes: 14 additions & 8 deletions cves/2024/0xxx/CVE-2024-0854.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "synology",
"dateReserved": "2024-01-24T09:27:37.396Z",
"datePublished": "2024-01-24T10:08:55.529Z",
"dateUpdated": "2024-08-01T18:18:18.791Z"
"dateUpdated": "2024-11-28T07:18:01.233Z"
},
"containers": {
"cna": {
Expand All @@ -17,7 +17,7 @@
"descriptions": [
{
"lang": "en",
"description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
"description": "URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601",
"type": "CWE"
}
Expand All @@ -38,7 +38,13 @@
{
"version": "7.1",
"status": "affected",
"lessThan": "7.1.*",
"lessThan": "7.1.1-42962-7",
"versionType": "semver"
},
{
"version": "7.0",
"status": "affected",
"lessThan": "7.0.1-42218-7",
"versionType": "semver"
},
{
Expand All @@ -60,7 +66,7 @@
"descriptions": [
{
"lang": "en",
"value": "URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors."
"value": "URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors."
}
],
"metrics": [
Expand All @@ -74,15 +80,15 @@
],
"cvssV3_1": {
"version": "3.1",
"baseScore": 4.1,
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
Expand All @@ -107,7 +113,7 @@
"providerMetadata": {
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology",
"dateUpdated": "2024-01-24T10:08:55.529Z"
"dateUpdated": "2024-11-28T07:18:01.233Z"
}
},
"adp": [
Expand Down
158 changes: 158 additions & 0 deletions cves/2024/36xxx/CVE-2024-36466.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-36466",
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"state": "PUBLISHED",
"assignerShortName": "Zabbix",
"dateReserved": "2024-05-28T11:21:24.947Z",
"datePublished": "2024-11-28T07:19:48.806Z",
"dateUpdated": "2024-11-28T07:19:48.806Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.32rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.31",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.17rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.16",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"status": "affected",
"version": "7.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zabbix wants to thank Márk Rákóczi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform."
}
],
"datePublic": "2024-07-02T13:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.<br>"
}
],
"value": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-196",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-196 Session Credential Falsification through Forging"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix",
"dateUpdated": "2024-11-28T07:19:48.806Z"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-25635"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Zabbix frontend takeover when SSO is being used",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disabling SSO authentication method"
}
],
"value": "Disabling SSO authentication method"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
18 changes: 9 additions & 9 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
{
"fetchTime": "2024-11-28T07:14:44.389Z",
"fetchTime": "2024-11-28T07:27:29.262Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-11925",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11925",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11925.json",
"dateUpdated": "2024-11-28T07:14:07.539Z"
"cveId": "CVE-2024-36466",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-36466",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/36xxx/CVE-2024-36466.json",
"dateUpdated": "2024-11-28T07:19:48.806Z"
}
],
"updated": [
{
"cveId": "CVE-2023-0142",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-0142",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/0xxx/CVE-2023-0142.json",
"dateUpdated": "2024-11-28T07:13:01.416Z"
"cveId": "CVE-2024-0854",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0854",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0854.json",
"dateUpdated": "2024-11-28T07:18:01.233Z"
}
],
"error": []
Expand Down
21 changes: 21 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,25 @@
[
{
"fetchTime": "2024-11-28T07:27:29.262Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-36466",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-36466",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/36xxx/CVE-2024-36466.json",
"dateUpdated": "2024-11-28T07:19:48.806Z"
}
],
"updated": [
{
"cveId": "CVE-2024-0854",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0854",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0854.json",
"dateUpdated": "2024-11-28T07:18:01.233Z"
}
],
"error": []
},
{
"fetchTime": "2024-11-28T07:14:44.389Z",
"numberOfChanges": 2,
Expand Down

0 comments on commit 1349e44

Please sign in to comment.