Skip to content

Commit

Permalink
2 changes (2 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2024-12838, CVE-2024-12839
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Dec 31, 2024
1 parent e164c6e commit 404313b
Show file tree
Hide file tree
Showing 4 changed files with 308 additions and 11 deletions.
134 changes: 134 additions & 0 deletions cves/2024/12xxx/CVE-2024-12838.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-12838",
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"state": "PUBLISHED",
"assignerShortName": "twcert",
"dateReserved": "2024-12-20T03:29:52.945Z",
"datePublished": "2024-12-31T01:24:48.680Z",
"dateUpdated": "2024-12-31T01:24:48.680Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CGFIDO",
"vendor": "Changing Information Technology",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0.0.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-31T01:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators."
}
],
"value": "The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302 Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert",
"dateUpdated": "2024-12-31T01:24:48.680Z"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8332-2100f-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8333-32cf8-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to version 1.2.0 or later.</span>\n\n<br>"
}
],
"value": "Update to version 1.2.0 or later."
}
],
"source": {
"advisory": "TVN-202412008",
"discovery": "EXTERNAL"
},
"title": "Changing Information Technology CGFIDO - Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
143 changes: 143 additions & 0 deletions cves/2024/12xxx/CVE-2024-12839.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-12839",
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"state": "PUBLISHED",
"assignerShortName": "twcert",
"dateReserved": "2024-12-20T03:29:54.215Z",
"datePublished": "2024-12-31T01:32:11.422Z",
"dateUpdated": "2024-12-31T01:32:11.422Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CGFIDO",
"vendor": "Changing Information Technology",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-31T01:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device."
}
],
"value": "The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device."
}
],
"impacts": [
{
"capecId": "CAPEC-98",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-98 Phishing"
}
]
},
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert",
"dateUpdated": "2024-12-31T01:32:11.422Z"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8334-8b836-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8335-e4a3f-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "&nbsp; Update to version 1.2.2 or later"
}
],
"value": "Update to version 1.2.2 or later"
}
],
"source": {
"advisory": "TVN-202412009",
"discovery": "EXTERNAL"
},
"title": "Changing Information Technology CGFIDO - Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
22 changes: 11 additions & 11 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
{
"fetchTime": "2024-12-30T23:51:36.591Z",
"fetchTime": "2024-12-31T01:34:52.764Z",
"numberOfChanges": 2,
"new": [],
"updated": [
"new": [
{
"cveId": "CVE-2024-12752",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12752",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12752.json",
"dateUpdated": "2024-12-30T23:48:49.695Z"
"cveId": "CVE-2024-12838",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12838",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12838.json",
"dateUpdated": "2024-12-31T01:24:48.680Z"
},
{
"cveId": "CVE-2024-46542",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-46542",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/46xxx/CVE-2024-46542.json",
"dateUpdated": "2024-12-30T23:50:06.199Z"
"cveId": "CVE-2024-12839",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12839",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12839.json",
"dateUpdated": "2024-12-31T01:32:11.422Z"
}
],
"updated": [],
"error": []
}
20 changes: 20 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,24 @@
[
{
"fetchTime": "2024-12-31T01:34:52.764Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-12838",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12838",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12838.json",
"dateUpdated": "2024-12-31T01:24:48.680Z"
},
{
"cveId": "CVE-2024-12839",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12839",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12839.json",
"dateUpdated": "2024-12-31T01:32:11.422Z"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-12-30T23:51:36.591Z",
"numberOfChanges": 2,
Expand Down

0 comments on commit 404313b

Please sign in to comment.