From 58a6099749aceebc0ad6f59e6987f4fefaddb200 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 21 Aug 2022 08:47:30 +0000 Subject: [PATCH] Auto Generated CVE annotations [Sun Aug 21 08:47:30 UTC 2022] :robot: --- cves/2021/CVE-2021-43734.yaml | 9 ++++++--- cves/2022/CVE-2022-29349.yaml | 5 ++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/cves/2021/CVE-2021-43734.yaml b/cves/2021/CVE-2021-43734.yaml index 34199a02aa..e8347c9cb5 100644 --- a/cves/2021/CVE-2021-43734.yaml +++ b/cves/2021/CVE-2021-43734.yaml @@ -4,16 +4,19 @@ info: name: kkFileview v4.0.0 - Directory Traversal author: arafatansari severity: high + description: | + kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host. reference: - https://github.com/kekingcn/kkFileView/issues/304 - https://nvd.nist.gov/vuln/detail/CVE-2021-43734 - description: | - kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host. classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2021-43734 + cwe-id: CWE-22 metadata: - verified: true shodan-query: http.html:"kkFileView" + verified: "true" tags: cve,cve2021,kkfileview,traversal requests: diff --git a/cves/2022/CVE-2022-29349.yaml b/cves/2022/CVE-2022-29349.yaml index 59bc35fb0f..995ce7a728 100644 --- a/cves/2022/CVE-2022-29349.yaml +++ b/cves/2022/CVE-2022-29349.yaml @@ -10,10 +10,13 @@ info: - https://github.com/kekingcn/kkFileView/issues/347 - https://nvd.nist.gov/vuln/detail/CVE-2022-29349 classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2022-29349 + cwe-id: CWE-79 metadata: - verified: true shodan-query: http.html:"kkFileView" + verified: "true" tags: cve,cve2022,kkFileView,xss requests: