From a2b98763a1d33d30289124ff403f1709929c1cfe Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Tue, 31 Dec 2024 02:06:59 +0000 Subject: [PATCH] 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2024-13040 - 0 updated CVEs: --- cves/2024/13xxx/CVE-2024-13040.json | 132 ++++++++++++++++++++++++++++ cves/delta.json | 18 ++-- cves/deltaLog.json | 14 +++ 3 files changed, 152 insertions(+), 12 deletions(-) create mode 100644 cves/2024/13xxx/CVE-2024-13040.json diff --git a/cves/2024/13xxx/CVE-2024-13040.json b/cves/2024/13xxx/CVE-2024-13040.json new file mode 100644 index 000000000000..82f4bbb086fe --- /dev/null +++ b/cves/2024/13xxx/CVE-2024-13040.json @@ -0,0 +1,132 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-13040", + "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", + "state": "PUBLISHED", + "assignerShortName": "twcert", + "dateReserved": "2024-12-30T02:15:41.237Z", + "datePublished": "2024-12-31T01:35:20.576Z", + "dateUpdated": "2024-12-31T01:35:20.576Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "product": "QOCA aim", + "vendor": "Quanta Computer", + "versions": [ + { + "status": "affected", + "version": "0" + } + ] + } + ], + "datePublic": "2024-12-31T01:33:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation." + } + ], + "value": "The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation." + } + ], + "impacts": [ + { + "capecId": "CAPEC-233", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-233 Privilege Escalation" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-639", + "description": "CWE-639 Authorization Bypass Through User-Controlled Key", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", + "shortName": "twcert", + "dateUpdated": "2024-12-31T01:35:20.576Z" + }, + "references": [ + { + "tags": [ + "third-party-advisory" + ], + "url": "https://www.twcert.org.tw/tw/cp-132-8336-aa03b-1.html" + }, + { + "tags": [ + "third-party-advisory" + ], + "url": "https://www.twcert.org.tw/en/cp-139-8337-7899f-2.html" + } + ], + "solutions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Contact the vendor to obtain an update.\n\n
" + } + ], + "value": "Contact the vendor to obtain an update." + } + ], + "source": { + "advisory": "TVN-202412010", + "discovery": "EXTERNAL" + }, + "title": "Quanta Computer QOCA aim - Authorization Bypass", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index 00cea4ff07cd..55f429990bdd 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,18 +1,12 @@ { - "fetchTime": "2024-12-31T01:34:52.764Z", - "numberOfChanges": 2, + "fetchTime": "2024-12-31T02:06:46.757Z", + "numberOfChanges": 1, "new": [ { - "cveId": "CVE-2024-12838", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12838", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12838.json", - "dateUpdated": "2024-12-31T01:24:48.680Z" - }, - { - "cveId": "CVE-2024-12839", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12839", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12839.json", - "dateUpdated": "2024-12-31T01:32:11.422Z" + "cveId": "CVE-2024-13040", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13040", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13040.json", + "dateUpdated": "2024-12-31T01:35:20.576Z" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index b9b2972aa0dd..eb1b9f149b52 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,18 @@ [ + { + "fetchTime": "2024-12-31T02:06:46.757Z", + "numberOfChanges": 1, + "new": [ + { + "cveId": "CVE-2024-13040", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13040", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13040.json", + "dateUpdated": "2024-12-31T01:35:20.576Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2024-12-31T01:34:52.764Z", "numberOfChanges": 2,