Publish Advisories

GHSA-qf8f-27cp-gw76 GHSA-r6fm-r8h7-c67g
github · Oct 21, 2023 · dcb228b · dcb228b
1 parent db99562
commit dcb228b
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 0 deletions.
diff --git a/advisories/unreviewed/2023/10/GHSA-qf8f-27cp-gw76/GHSA-qf8f-27cp-gw76.json b/advisories/unreviewed/2023/10/GHSA-qf8f-27cp-gw76/GHSA-qf8f-27cp-gw76.json
@@ -21,10 +21,22 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5631"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/roundcube/roundcubemail/issues/9168"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613"
     },
+    {
+      "type": "WEB",
+      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.15"
@@ -36,6 +48,14 @@
     {
       "type": "WEB",
       "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://roundcube.net/news/2023/10/16/security-update-1.6.4-released"
+    },
+    {
+      "type": "WEB",
+      "url": "https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15"
     }
   ],
   "database_specific": {

diff --git a/advisories/unreviewed/2023/10/GHSA-r6fm-r8h7-c67g/GHSA-r6fm-r8h7-c67g.json b/advisories/unreviewed/2023/10/GHSA-r6fm-r8h7-c67g/GHSA-r6fm-r8h7-c67g.json
@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r6fm-r8h7-c67g",
+  "modified": "2023-10-21T21:30:25Z",
+  "published": "2023-10-21T21:30:25Z",
+  "aliases": [
+    "CVE-2023-46067"
+  ],
+  "details": "Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46067"
+    },
+    {
+      "type": "WEB",
+      "url": "https://patchstack.com/database/vulnerability/rocket-font/wordpress-rocket-font-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}