Skip to content

Commit

Permalink
Update CVE and NVD data
Browse files Browse the repository at this point in the history
  • Loading branch information
GSD-automation committed Mar 31, 2024
1 parent 1926d3a commit 69fccad
Show file tree
Hide file tree
Showing 33 changed files with 1,894 additions and 6 deletions.
6 changes: 5 additions & 1 deletion 2023/35xxx/GSD-2023-35936.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@
}
],
"id": "CVE-2023-35936",
"lastModified": "2024-03-30T02:15:07.750",
"lastModified": "2024-03-31T03:15:07.323",
"metrics": {
"cvssMetricV31": [
{
Expand Down Expand Up @@ -222,6 +222,10 @@
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/JGRJHU2FTSGTHHRTNDF7STEKLKKA25JN/"
},
{
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/LYP3FKDS3KAYMQUZVVL73IUI4CWSKLKP/"
},
{
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/QI6RBP6ZKVC2OOCV6SU2FUHPMAXDDJFU/"
Expand Down
6 changes: 5 additions & 1 deletion 2023/38xxx/GSD-2023-38745.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@
}
],
"id": "CVE-2023-38745",
"lastModified": "2024-03-30T02:15:07.900",
"lastModified": "2024-03-31T03:15:07.507",
"metrics": {
"cvssMetricV31": [
{
Expand Down Expand Up @@ -187,6 +187,10 @@
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGRJHU2FTSGTHHRTNDF7STEKLKKA25JN/"
},
{
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYP3FKDS3KAYMQUZVVL73IUI4CWSKLKP/"
},
{
"source": "[email protected]",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI6RBP6ZKVC2OOCV6SU2FUHPMAXDDJFU/"
Expand Down
45 changes: 45 additions & 0 deletions 2023/41xxx/GSD-2023-41724.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,51 @@
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. "
}
],
"id": "CVE-2023-41724",
"lastModified": "2024-03-31T02:15:07.660",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-31T02:15:07.660",
"references": [
{
"source": "[email protected]",
"url": "https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Received"
}
}
}
}
45 changes: 45 additions & 0 deletions 2023/46xxx/GSD-2023-46808.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,51 @@
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. "
}
],
"id": "CVE-2023-46808",
"lastModified": "2024-03-31T02:15:08.757",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-31T02:15:08.757",
"references": [
{
"source": "[email protected]",
"url": "https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Received"
}
}
}
}
49 changes: 49 additions & 0 deletions 2024/0xxx/GSD-2024-0367.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,55 @@
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button Link') in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"id": "CVE-2024-0367",
"lastModified": "2024-03-30T05:15:34.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-30T05:15:34.243",
"references": [
{
"source": "[email protected]",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045122%40unlimited-elements-for-elementor&new=3045122%40unlimited-elements-for-elementor&sfp_email=&sfph_mail="
},
{
"source": "[email protected]",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47853750-0bf1-4df3-9c56-c6852543cfad?source=cve"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Received"
}
}
}
}
53 changes: 53 additions & 0 deletions 2024/1xxx/GSD-2024-1051.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,59 @@
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"id": "CVE-2024-1051",
"lastModified": "2024-03-30T05:15:34.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-30T05:15:34.537",
"references": [
{
"source": "[email protected]",
"url": "https://plugins.svn.wordpress.org/list-category-posts/trunk/include/lcp-catlistdisplayer.php"
},
{
"source": "[email protected]",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055332%40list-category-posts&new=3055332%40list-category-posts&sfp_email=&sfph_mail="
},
{
"source": "[email protected]",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a58cba26-a57e-4170-95bb-54ea7cfdb10c?source=cve"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Received"
}
}
}
}
49 changes: 49 additions & 0 deletions 2024/1xxx/GSD-2024-1238.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,55 @@
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"id": "CVE-2024-1238",
"lastModified": "2024-03-30T05:15:34.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-30T05:15:34.720",
"references": [
{
"source": "[email protected]",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054091%40elementskit-lite&new=3054091%40elementskit-lite&sfp_email=&sfph_mail=#file18"
},
{
"source": "[email protected]",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf195cca-4e07-41ff-bf26-9ad5fca3635d?source=cve"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Received"
}
}
}
}
61 changes: 61 additions & 0 deletions 2024/1xxx/GSD-2024-1522.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,67 @@
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "I have activated the CORS because I had a development ui that uses another port number then I forgot to remove it.\n\nSo what I just did is :\n- First removed the cors configuration that allows everyone to access it :\nbefore:\n```python\n sio = socketio.AsyncServer(async_mode=\"asgi\", cors_allowed_origins=\"*\", ping_timeout=1200, ping_interval=30) # Enable CORS for every one\n```\nafter:\n```python\n cert_file_path = lollms_paths.personal_certificates/\"cert.pem\"\n key_file_path = lollms_paths.personal_certificates/\"key.pem\"\n if os.path.exists(cert_file_path) and os.path.exists(key_file_path):\n is_https = True\n else:\n is_https = False \n\n # Create a Socket.IO server\n sio = socketio.AsyncServer(async_mode=\"asgi\", cors_allowed_origins=config.allowed_origins+[f\"https://localhost:{config['port']}\" if is_https else f\"http://localhost:{config['port']}\"], ping_timeout=1200, ping_interval=30) # Enable CORS for selected origins\n```\n\n- Second, I have updated lollms to have two modes (a headless mode and a ui mode).\nAnd updated the /execute_code to block if the server is headless or is exposed\n```python\[email protected](\"/execute_code\")\nasync def execute_code(request: Request):\n \"\"\"\n Executes Python code and returns the output.\n\n :param request: The HTTP request object.\n :return: A JSON response with the status of the operation.\n \"\"\"\n if lollmsElfServer.config.headless_server_mode:\n return {\"status\":False,\"error\":\"Code execution is blocked when in headless mode for obvious security reasons!\"}\n\n if lollmsElfServer.config.host==\"0.0.0.0\":\n return {\"status\":False,\"error\":\"Code execution is blocked when the server is exposed outside for very obvipous reasons!\"}\n\n try:\n data = (await request.json())\n code = data[\"code\"]\n discussion_id = int(data.get(\"discussion_id\",\"unknown_discussion\"))\n message_id = int(data.get(\"message_id\",\"unknown_message\"))\n language = data.get(\"language\",\"python\")\n \n\n\n if language==\"python\":\n ASCIIColors.info(\"Executing python code:\")\n ASCIIColors.yellow(code)\n return execute_python(code, discussion_id, message_id)\n if language==\"javascript\":\n ASCIIColors.info(\"Executing javascript code:\")\n ASCIIColors.yellow(code)\n return execute_javascript(code, discussion_id, message_id)\n if language in [\"html\",\"html5\",\"svg\"]:\n ASCIIColors.info(\"Executing javascript code:\")\n ASCIIColors.yellow(code)\n return execute_html(code, discussion_id, message_id)\n \n elif language==\"latex\":\n ASCIIColors.info(\"Executing latex code:\")\n ASCIIColors.yellow(code)\n return execute_latex(code, discussion_id, message_id)\n elif language in [\"bash\",\"shell\",\"cmd\",\"powershell\"]:\n ASCIIColors.info(\"Executing shell code:\")\n ASCIIColors.yellow(code)\n return execute_bash(code, discussion_id, message_id)\n elif language in [\"mermaid\"]:\n ASCIIColors.info(\"Executing mermaid code:\")\n ASCIIColors.yellow(code)\n return execute_mermaid(code, discussion_id, message_id)\n elif language in [\"graphviz\",\"dot\"]:\n ASCIIColors.info(\"Executing graphviz code:\")\n ASCIIColors.yellow(code)\n return execute_graphviz(code, discussion_id, message_id)\n return {\"status\": False, \"error\": \"Unsupported language\", \"execution_time\": 0}\n except Exception as ex:\n trace_exception(ex)\n lollmsElfServer.error(ex)\n return {\"status\":False,\"error\":str(ex)}\n```\n\nI also added an optional https mode and looking forward to add a full authentication with cookies and a personal session etc.\n\n\nAll updates will be in V 9.1 \n\n\nAgain, thanks alot for your work. I will make it harder next time, but if you find more bugs, just be my guest :)"
}
],
"id": "CVE-2024-1522",
"lastModified": "2024-03-30T18:15:45.930",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "[email protected]",
"type": "Secondary"
}
]
},
"published": "2024-03-30T18:15:45.930",
"references": [
{
"source": "[email protected]",
"url": "https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b"
},
{
"source": "[email protected]",
"url": "https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Received",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "[email protected]",
"type": "Secondary"
}
]
}
}
}
}
Loading

0 comments on commit 69fccad

Please sign in to comment.