-
Notifications
You must be signed in to change notification settings - Fork 206
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 11 new CVEs: CVE-2023-48775, CVE-2023-50850, CVE-2024-55991, CVE-2024-56031, CVE-2024-56039, CVE-2024-56046, CVE-2024-56064, CVE-2024-56067, CVE-2024-56068, CVE-2024-56071, CVE-2024-56205 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Dec 31, 2024
1 parent
723707d
commit 53e6f90
Showing
13 changed files
with
1,606 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,142 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2023-48775", | ||
| "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Patchstack", | ||
| "dateReserved": "2023-11-18T22:25:22.703Z", | ||
| "datePublished": "2024-12-31T12:47:06.401Z", | ||
| "dateUpdated": "2024-12-31T12:47:06.401Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "collectionURL": "https://wordpress.org/plugins", | ||
| "defaultStatus": "unaffected", | ||
| "packageName": "wp-cleanfix", | ||
| "product": "WP Cleanfix", | ||
| "vendor": "Gfazioli", | ||
| "versions": [ | ||
| { | ||
| "changes": [ | ||
| { | ||
| "at": "5.7.0", | ||
| "status": "unaffected" | ||
| } | ||
| ], | ||
| "lessThanOrEqual": "5.6.2", | ||
| "status": "affected", | ||
| "version": "n/a", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "user": "00000000-0000-4000-9000-000000000000", | ||
| "value": "Abdi Pranata (Patchstack Alliance)" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WP Cleanfix: from n/a through 5.6.2.</p>" | ||
| } | ||
| ], | ||
| "value": "Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2." | ||
| } | ||
| ], | ||
| "impacts": [ | ||
| { | ||
| "capecId": "CAPEC-180", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 5.3, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-862", | ||
| "description": "CWE-862 Missing Authorization", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "shortName": "Patchstack", | ||
| "dateUpdated": "2024-12-31T12:47:06.401Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "vdb-entry" | ||
| ], | ||
| "url": "https://patchstack.com/database/wordpress/plugin/wp-cleanfix/vulnerability/wordpress-wp-cleanfix-plugin-5-5-0-broken-access-control-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "solutions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "No patched version is available. No reply from the vendor." | ||
| } | ||
| ], | ||
| "value": "No patched version is available. No reply from the vendor." | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "title": "WordPress WP CleanFix plugin <= 5.6.2 - Broken Access Control vulnerability", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2023-50850", | ||
| "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "Patchstack", | ||
| "dateReserved": "2023-12-14T17:19:02.630Z", | ||
| "datePublished": "2024-12-31T12:46:10.776Z", | ||
| "dateUpdated": "2024-12-31T12:46:10.776Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "affected": [ | ||
| { | ||
| "defaultStatus": "unaffected", | ||
| "product": "WooCommerce Subscriptions", | ||
| "vendor": "Woo", | ||
| "versions": [ | ||
| { | ||
| "changes": [ | ||
| { | ||
| "at": "5.8.0", | ||
| "status": "unaffected" | ||
| } | ||
| ], | ||
| "lessThan": "5.8.0", | ||
| "status": "affected", | ||
| "version": "n/a", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "type": "finder", | ||
| "user": "00000000-0000-4000-9000-000000000000", | ||
| "value": "Rafie Muhammad (Patchstack)" | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.</p>" | ||
| } | ||
| ], | ||
| "value": "Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0." | ||
| } | ||
| ], | ||
| "impacts": [ | ||
| { | ||
| "capecId": "CAPEC-180", | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "attackComplexity": "LOW", | ||
| "attackVector": "NETWORK", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 4.3, | ||
| "baseSeverity": "MEDIUM", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "NONE", | ||
| "privilegesRequired": "LOW", | ||
| "scope": "UNCHANGED", | ||
| "userInteraction": "NONE", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", | ||
| "version": "3.1" | ||
| }, | ||
| "format": "CVSS", | ||
| "scenarios": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "GENERAL" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "cweId": "CWE-862", | ||
| "description": "CWE-862 Missing Authorization", | ||
| "lang": "en", | ||
| "type": "CWE" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", | ||
| "shortName": "Patchstack", | ||
| "dateUpdated": "2024-12-31T12:46:10.776Z" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "tags": [ | ||
| "vdb-entry" | ||
| ], | ||
| "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-subscriptions/vulnerability/wordpress-woo-subscriptions-plugin-5-8-0-broken-access-control-vulnerability?_s_id=cve" | ||
| } | ||
| ], | ||
| "solutions": [ | ||
| { | ||
| "lang": "en", | ||
| "supportingMedia": [ | ||
| { | ||
| "base64": false, | ||
| "type": "text/html", | ||
| "value": "Update the WordPress WooCommerce Subscriptions plugin to the latest available version (at least 5.8.0)." | ||
| } | ||
| ], | ||
| "value": "Update the WordPress WooCommerce Subscriptions plugin to the latest available version (at least 5.8.0)." | ||
| } | ||
| ], | ||
| "source": { | ||
| "discovery": "EXTERNAL" | ||
| }, | ||
| "title": "WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability", | ||
| "x_generator": { | ||
| "engine": "Vulnogram 0.2.0" | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.