-
Notifications
You must be signed in to change notification settings - Fork 206
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 8 new CVEs: CVE-2024-56215, CVE-2024-56217, CVE-2024-56219, CVE-2024-56225, CVE-2024-56227, CVE-2024-56235, CVE-2024-56256, CVE-2024-56265 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Dec 31, 2024
1 parent
9fa0802
commit 5129b2e
Showing
10 changed files
with
1,211 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,142 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-56215", | ||
| "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Patchstack", | ||
| "dateReserved": "2024-12-18T19:03:54.297Z", | ||
| "datePublished": "2024-12-31T10:17:30.410Z", | ||
| "dateUpdated": "2024-12-31T10:17:30.410Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "defaultStatus": "unaffected", | ||
| "packageName": "pta-member-directory", | ||
| "product": "Member Directory and Contact Form", | ||
| "vendor": "Stephen Sherrard", | ||
| "versions": [ | ||
| { | ||
| "changes": [ | ||
| { | ||
| "at": "1.8.0", | ||
| "status": "unaffected" | ||
| } | ||
| ], | ||
| "lessThanOrEqual": "1.7.0", | ||
| "status": "affected", | ||
| "version": "n/a", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "user": "00000000-0000-4000-9000-000000000000", | ||
| "value": "Mika (Patchstack Alliance)" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Member Directory and Contact Form: from n/a through 1.7.0.</p>" | ||
| } | ||
| ], | ||
| "value": "Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0." | ||
| } | ||
| ], | ||
| "impacts": [ | ||
| { | ||
| "capecId": "CAPEC-180", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 4.3, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "LOW", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-862", | ||
| "description": "CWE-862 Missing Authorization", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "shortName": "Patchstack", | ||
| "dateUpdated": "2024-12-31T10:17:30.410Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "vdb-entry" | ||
| ], | ||
| "url": "https://patchstack.com/database/wordpress/plugin/pta-member-directory/vulnerability/wordpress-member-directory-and-contact-form-plugin-1-7-0-broken-access-control-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "solutions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Update the WordPress Member Directory and Contact Form wordpress plugin to the latest available version (at least 1.8.0)." | ||
| } | ||
| ], | ||
| "value": "Update the WordPress Member Directory and Contact Form wordpress plugin to the latest available version (at least 1.8.0)." | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "title": "WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,142 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-56217", | ||
| "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Patchstack", | ||
| "dateReserved": "2024-12-18T19:03:54.298Z", | ||
| "datePublished": "2024-12-31T10:21:50.815Z", | ||
| "dateUpdated": "2024-12-31T10:21:50.815Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "defaultStatus": "unaffected", | ||
| "packageName": "download-manager", | ||
| "product": "Download Manager", | ||
| "vendor": "W3 Eden, Inc.", | ||
| "versions": [ | ||
| { | ||
| "changes": [ | ||
| { | ||
| "at": "3.3.04", | ||
| "status": "unaffected" | ||
| } | ||
| ], | ||
| "lessThanOrEqual": "3.3.03", | ||
| "status": "affected", | ||
| "version": "n/a", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "user": "00000000-0000-4000-9000-000000000000", | ||
| "value": "Rafie Muhammad (Patchstack)" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Download Manager: from n/a through 3.3.03.</p>" | ||
| } | ||
| ], | ||
| "value": "Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03." | ||
| } | ||
| ], | ||
| "impacts": [ | ||
| { | ||
| "capecId": "CAPEC-180", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "LOW", | ||
| "baseScore": 4.3, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "NONE", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-862", | ||
| "description": "CWE-862 Missing Authorization", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "shortName": "Patchstack", | ||
| "dateUpdated": "2024-12-31T10:21:50.815Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "vdb-entry" | ||
| ], | ||
| "url": "https://patchstack.com/database/wordpress/plugin/download-manager/vulnerability/wordpress-download-manager-plugin-3-3-03-broken-access-control-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "solutions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Update the WordPress Download Manager wordpress plugin to the latest available version (at least 3.3.04)." | ||
| } | ||
| ], | ||
| "value": "Update the WordPress Download Manager wordpress plugin to the latest available version (at least 3.3.04)." | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "title": "WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.