Auto Generated CVE annotations [Wed Apr 19 16:20:17 UTC 2023] 🤖

2023-04-19 16:20:17 +00:00 · 2023-04-19 16:20:17 +00:00 · 9a258b906a
parent 9f9fae5513
commit 9a258b906a
14 changed files with 30 additions and 23 deletions
--- a/cves/2017/CVE-2017-12637.yaml
+++ b/cves/2017/CVE-2017-12637.yaml
@ -9,6 +9,7 @@ info:
    - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
    - https://web.archive.org/web/20170807202056/http://www.sh0w.top/index.php/archives/7/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-12637
+    - http://www.sh0w.top/index.php/archives/7/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
--- a/cves/2018/CVE-2018-11231.yaml
+++ b/cves/2018/CVE-2018-11231.yaml
@ -9,9 +9,10 @@ info:
  reference:
    - https://web.archive.org/web/20220331072310/http://foreversong.cn/archives/1183
    - https://nvd.nist.gov/vuln/detail/CVE-2018-11231
+    - http://foreversong.cn/archives/1183
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 8.10
+    cvss-score: 8.1
    cve-id: CVE-2018-11231
    cwe-id: CWE-89
  tags: cve,cve2018,opencart,sqli
--- a/cves/2018/CVE-2018-20462.yaml
+++ b/cves/2018/CVE-2018-20462.yaml
@ -9,6 +9,7 @@ info:
    - https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt
    - https://wpvulndb.com/vulnerabilities/9196
    - https://nvd.nist.gov/vuln/detail/CVE-2018-20462
+    - https://www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E5%8F%8D%E5%B0%84%E6%80%A7XSS
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
--- a/cves/2018/CVE-2018-7467.yaml
+++ b/cves/2018/CVE-2018-7467.yaml
@ -9,6 +9,7 @@ info:
    - https://packetstormsecurity.com/files/146604/AxxonSoft-Axxon-Next-Directory-Traversal.html
    - https://github.com/sullo/advisory-archives/blob/master/axxonsoft-next-CVE-2018-7467.txt
    - https://nvd.nist.gov/vuln/detail/CVE-2018-7467
+    - http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
--- a/cves/2020/CVE-2020-17505.yaml
+++ b/cves/2020/CVE-2020-17505.yaml
@ -8,6 +8,7 @@ info:
  reference:
    - http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17505
+    - https://blog.max0x4141.com/post/artica_proxy/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
--- a/cves/2020/CVE-2020-17506.yaml
+++ b/cves/2020/CVE-2020-17506.yaml
@ -8,6 +8,7 @@ info:
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17506
    - http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html
+    - https://blog.max0x4141.com/post/artica_proxy/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
--- a/cves/2021/CVE-2021-24917.yaml
+++ b/cves/2021/CVE-2021-24917.yaml
@ -3,17 +3,18 @@ id: CVE-2021-24917
 info:
  name: WordPress WPS Hide Login <1.9.1 - Information Disclosure
  author: akincibor
-  severity: medium
+  severity: high
  description: WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location.
  reference:
    - https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24917
+    - https://wordpress.org/support/topic/bypass-security-issue/
  remediation: Fixed in version 1.9.1.
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-    cvss-score: 5.3
-    cwe-id: CWE-200
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
    cve-id: CVE-2021-24917
+    cwe-id: CWE-863
  metadata:
    verified: "true"
  tags: cve2021,wp,wordpress,wp-plugin,unauth,wpscan,cve
--- a/cves/2022/CVE-2022-0968.yaml
+++ b/cves/2022/CVE-2022-0968.yaml
@ -6,12 +6,12 @@ info:
  severity: medium
  description: |
    Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request.
-  remediation: First name and last name input should be limited to 50 characters or maximum 100 characters.
  reference:
    - https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e/
    - https://github.com/advisories/GHSA-5fxv-xx5p-g2fv
    - https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0968
+  remediation: First name and last name input should be limited to 50 characters or maximum 100 characters.
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 5.5
--- a/cves/2022/CVE-2022-1162.yaml
+++ b/cves/2022/CVE-2022-1162.yaml
@ -5,12 +5,12 @@ info:
  author: GitLab Red Team
  severity: critical
  description: GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Affected versions are 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2.
-  remediation: Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the reference section below.
  reference:
    - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
    - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1162.json
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1162
    - https://nvd.nist.gov/vuln/detail/cve-2022-1162
+  remediation: Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the reference section below.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
--- a/cves/2022/CVE-2022-2633.yaml
+++ b/cves/2022/CVE-2022-2633.yaml
@ -3,7 +3,7 @@ id: CVE-2022-2633
 info:
  name: All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
  author: theamanrawat
-  severity: medium
+  severity: high
  description: |
    WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.
  reference:
@ -12,12 +12,12 @@ info:
    - https://wordpress.org/plugins/all-in-one-video-gallery/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2633
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-    cvss-score: 5.3
-    cwe-id: CWE-918
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
+    cvss-score: 8.2
    cve-id: CVE-2022-2633
+    cwe-id: CWE-610
  metadata:
-    verified: true
+    verified: "true"
  tags: cve2022,wp-plugin,unauth,ssrf,wpscan,cve,wordpress,wp,all-in-one-video-gallery

 requests:
--- a/cves/2022/CVE-2022-29153.yaml
+++ b/cves/2022/CVE-2022-29153.yaml
@ -6,12 +6,12 @@ info:
  severity: high
  description: |
    HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
-  remediation: 1) HTTP + interval health check configuration provides a disable_redirects option to prohibit this behavior. 2) Fixed in 1.9.17, 1.10.10, and 1.11.5.
  reference:
    - https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
    - https://github.com/hashicorp/consul/pull/12685
    - https://developer.hashicorp.com/consul/docs/discovery/checks
    - https://nvd.nist.gov/vuln/detail/CVE-2022-29153
+  remediation: 1) HTTP + interval health check configuration provides a disable_redirects option to prohibit this behavior. 2) Fixed in 1.9.17, 1.10.10, and 1.11.5.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
    cvss-score: 7.5
--- a/cves/2022/CVE-2022-43140.yaml
+++ b/cves/2022/CVE-2022-43140.yaml
@ -3,21 +3,21 @@ id: CVE-2022-43140
 info:
  name: kkFileView 4.1.0 - Server-Side Request Forgery
  author: Co5mos
-  severity: medium
+  severity: high
  description: |
    kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  reference:
    - https://github.com/kekingcn/kkFileView/issues/392
    - https://nvd.nist.gov/vuln/detail/CVE-2022-43140
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-    cvss-score: 5.3
-    cwe-id: CWE-918
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+    cvss-score: 7.5
    cve-id: CVE-2022-43140
+    cwe-id: CWE-918
  metadata:
-    verified: "true"
-    shodan-query: http.html:"kkFileView"
    fofa-query: app="kkFileView"
+    shodan-query: http.html:"kkFileView"
+    verified: "true"
  tags: cve,cve2022,ssrf,kkFileview

 requests:
--- a/cves/2022/CVE-2022-43769.yaml
+++ b/cves/2022/CVE-2022-43769.yaml
@ -11,10 +11,10 @@ info:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-43769
  remediation: Upgrade to 9.4 with Service Pack 9.4.0.1. For version 9.3, recommend updating to Service Pack 9.3.0.2.
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
-    cvss-score: 10.0
-    cwe-id: CWE-77
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.2
    cve-id: CVE-2022-43769
+    cwe-id: CWE-94
  metadata:
    shodan-query: http.favicon.hash:1749354953
    verified: "true"
--- a/cves/2022/CVE-2022-47986.yaml
+++ b/cves/2022/CVE-2022-47986.yaml
@ -6,12 +6,12 @@ info:
  severity: critical
  description: |
    IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.
-  remediation: The obsolete API call was removed in 4.4.2 PL2. This vulnerability can be remediated by upgrading to either 4.4.2 PL2 or 5.x.
  reference:
    - https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/
    - https://www.ibm.com/support/pages/node/6952319
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/243512
    - https://nvd.nist.gov/vuln/detail/CVE-2022-47986
+  remediation: The obsolete API call was removed in 4.4.2 PL2. This vulnerability can be remediated by upgrading to either 4.4.2 PL2 or 5.x.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8