Vulnerability-Lookup

CVE-2024-31400 (GCVE-0-2024-31400)

Vulnerability from cvelistv5 – Published: 2024-06-11 04:26 – Updated: 2024-11-08 21:24

Summary

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Insertion of Sensitive Information Into Sent Data
CWE-922 - Insecure Storage of Sensitive Information

Assigner

jpcert

References

2 references

URL	Tags
https://cs.cybozu.co.jp/2024/007901.html
https://jvn.jp/en/jp/JVN28869536/

Impacted products

1 product

Vendor	Product	Version
Cybozu, Inc.	Cybozu Garoon	Affected: 5.0.0 to 5.15.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-31400",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T15:46:12.890944Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-922",
                "description": "CWE-922 Insecure Storage of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T21:24:53.210Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:56.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2024/007901.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN28869536/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Garoon",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.0 to 5.15.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insertion of Sensitive Information Into Sent Data",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-11T04:26:31.583Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://cs.cybozu.co.jp/2024/007901.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN28869536/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-31400",
    "datePublished": "2024-06-11T04:26:31.583Z",
    "dateReserved": "2024-04-03T09:14:19.134Z",
    "dateUpdated": "2024-11-08T21:24:53.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-31400",
      "date": "2026-06-03",
      "epss": "0.00482",
      "percentile": "0.65488"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.\"}, {\"lang\": \"es\", \"value\": \"Existe un problema de inserci\\u00f3n de informaci\\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.0.0 a 5.15.0. Si se aprovecha esta vulnerabilidad, es posible que se dejen datos no deseados en el correo reenviado.\"}]",
      "id": "CVE-2024-31400",
      "lastModified": "2024-11-21T09:13:27.470",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}]}",
      "published": "2024-06-11T05:15:53.130",
      "references": "[{\"url\": \"https://cs.cybozu.co.jp/2024/007901.html\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://jvn.jp/en/jp/JVN28869536/\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://cs.cybozu.co.jp/2024/007901.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://jvn.jp/en/jp/JVN28869536/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-922\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-31400\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-06-11T05:15:53.130\",\"lastModified\":\"2025-08-05T15:37:51.570\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.\"},{\"lang\":\"es\",\"value\":\"Existe un problema de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.0.0 a 5.15.0. Si se aprovecha esta vulnerabilidad, es posible que se dejen datos no deseados en el correo reenviado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"B8D99372-8B06-4254-AE73-F124E4F098F7\"}]}]}],\"references\":[{\"url\":\"https://cs.cybozu.co.jp/2024/007901.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN28869536/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cs.cybozu.co.jp/2024/007901.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN28869536/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cs.cybozu.co.jp/2024/007901.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN28869536/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:52:56.946Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31400\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-11T15:46:12.890944Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-922\", \"description\": \"CWE-922 Insecure Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-11T15:46:20.602Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Cybozu, Inc.\", \"product\": \"Cybozu Garoon\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.0 to 5.15.0\"}]}], \"references\": [{\"url\": \"https://cs.cybozu.co.jp/2024/007901.html\"}, {\"url\": \"https://jvn.jp/en/jp/JVN28869536/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Insertion of Sensitive Information Into Sent Data\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-06-11T04:26:31.583Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-31400\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T21:24:53.210Z\", \"dateReserved\": \"2024-04-03T09:14:19.134Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-06-11T04:26:31.583Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2024-29673

Vulnerability from cnvd - Published: 2024-07-05

Title

Cybozu Garoon信息泄露漏洞（CNVD-2024-29673）

Description

Cybozu Garoon是日本才望子（Cybozu）公司的一套门户型OA办公系统。该系统提供门户、E-mail、书签、日程安排、公告栏、文件管理等功能 Cybozu Garoon存在信息泄露漏洞。该漏洞源于电子邮件对于敏感信息保护不足，攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Cybozu Garoon信息泄露漏洞（CNVD-2024-29673）的补丁

Patch Description

Cybozu Garoon是日本才望子（Cybozu）公司的一套门户型OA办公系统。该系统提供门户、E-mail、书签、日程安排、公告栏、文件管理等功能 Cybozu Garoon存在信息泄露漏洞。该漏洞源于电子邮件对于敏感信息保护不足，攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://cs.cybozu.co.jp/2024/007901.html

Reference

https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000047.html

Impacted products

Name
Cybozu Cybozu Garoon >=5.0.0，<=5.15.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-31400",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-31400"
    }
  },
  "description": "Cybozu Garoon\u662f\u65e5\u672c\u624d\u671b\u5b50\uff08Cybozu\uff09\u516c\u53f8\u7684\u4e00\u5957\u95e8\u6237\u578bOA\u529e\u516c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u95e8\u6237\u3001E-mail\u3001\u4e66\u7b7e\u3001\u65e5\u7a0b\u5b89\u6392\u3001\u516c\u544a\u680f\u3001\u6587\u4ef6\u7ba1\u7406\u7b49\u529f\u80fd\n\nCybozu Garoon\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7535\u5b50\u90ae\u4ef6\u5bf9\u4e8e\u654f\u611f\u4fe1\u606f\u4fdd\u62a4\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cs.cybozu.co.jp/2024/007901.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-29673",
  "openTime": "2024-07-05",
  "patchDescription": "Cybozu Garoon\u662f\u65e5\u672c\u624d\u671b\u5b50\uff08Cybozu\uff09\u516c\u53f8\u7684\u4e00\u5957\u95e8\u6237\u578bOA\u529e\u516c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u95e8\u6237\u3001E-mail\u3001\u4e66\u7b7e\u3001\u65e5\u7a0b\u5b89\u6392\u3001\u516c\u544a\u680f\u3001\u6587\u4ef6\u7ba1\u7406\u7b49\u529f\u80fd\r\n\r\nCybozu Garoon\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7535\u5b50\u90ae\u4ef6\u5bf9\u4e8e\u654f\u611f\u4fe1\u606f\u4fdd\u62a4\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cybozu Garoon\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2024-29673\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cybozu Cybozu Garoon \u003e=5.0.0\uff0c\u003c=5.15.0"
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000047.html",
  "serverity": "\u4e2d",
  "submitTime": "2024-05-16",
  "title": "Cybozu Garoon\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2024-29673\uff09"
}

FKIE_CVE-2024-31400

Vulnerability from fkie_nvd - Published: 2024-06-11 05:15 - Updated: 2025-08-05 15:37

Severity

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.

References

URL	Tags
vultures@jpcert.or.jp	https://cs.cybozu.co.jp/2024/007901.html	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN28869536/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cs.cybozu.co.jp/2024/007901.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN28869536/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	cybozu	garoon	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8D99372-8B06-4254-AE73-F124E4F098F7",
              "versionEndExcluding": "6.0.0",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail."
    },
    {
      "lang": "es",
      "value": "Existe un problema de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.0.0 a 5.15.0. Si se aprovecha esta vulnerabilidad, es posible que se dejen datos no deseados en el correo reenviado."
    }
  ],
  "id": "CVE-2024-31400",
  "lastModified": "2025-08-05T15:37:51.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-06-11T05:15:53.130",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cs.cybozu.co.jp/2024/007901.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN28869536/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cs.cybozu.co.jp/2024/007901.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN28869536/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-922"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-9WMC-X46M-582F

Vulnerability from github – Published: 2024-06-11 06:31 – Updated: 2024-11-09 00:30

Details

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.

Severity

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-31400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-922"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T05:15:53Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.",
  "id": "GHSA-9wmc-x46m-582f",
  "modified": "2024-11-09T00:30:41Z",
  "published": "2024-06-11T06:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31400"
    },
    {
      "type": "WEB",
      "url": "https://cs.cybozu.co.jp/2024/007901.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN28869536"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-31400

Vulnerability from gsd - Updated: 2024-04-04 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-31400

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-31400"
      ],
      "id": "GSD-2024-31400",
      "modified": "2024-04-04T05:02:26.606338Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-31400",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

JVNDB-2024-000047

Vulnerability from jvndb - Published: 2024-05-13 15:19 - Updated:2024-05-13 15:19

Severity

6.9 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Summary

Multiple vulnerabilities in Cybozu Garoon

Details

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * [CyVDB-3167] Improper handling of data in Mail (CWE-231) - CVE-2024-31397 * [CyVDB-3221] Improper restriction on the output of some API (CWE-201) - CVE-2024-31398 * [CyVDB-3238] Excessive resource consumption in Mail (CWE-1050) - CVE-2024-31399 * [CyVDB-3439] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2024-31401 * [CyVDB-3441] Improper restriction on some operation in Shared To-Dos (CWE-863) - CVE-2024-31402 * [CyVDB-3402] Information disclosure in Mail (CWE-201) - CVE-2024-31400 * [CyVDB-3151] Improper restriction on browsing and operation in Memo (CWE-863) - CVE-2024-31403 * [CyVDB-3471] Browse restriction bypass in Scheduler (CWE-201) - CVE-2024-31404 CVE-2024-31401 @bttthuan reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2024-31403 Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. CVE-2024-31397, CVE-2024-31398, CVE-2024-31399, CVE-2024-31400, CVE-2024-31402, CVE-2024-31404 Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN28869536/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31397
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31398
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31399
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31400
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31401
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31402
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31403
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-31404
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Cybozu, Inc.

Cybozu Garoon

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000047.html",
  "dc:date": "2024-05-13T15:19+09:00",
  "dcterms:issued": "2024-05-13T15:19+09:00",
  "dcterms:modified": "2024-05-13T15:19+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-3167] Improper handling of data in Mail (CWE-231) - CVE-2024-31397\r\n* [CyVDB-3221] Improper restriction on the output of some API (CWE-201) - CVE-2024-31398\r\n* [CyVDB-3238] Excessive resource consumption in Mail (CWE-1050) - CVE-2024-31399\r\n* [CyVDB-3439] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2024-31401\r\n* [CyVDB-3441] Improper restriction on some operation in Shared To-Dos (CWE-863) - CVE-2024-31402\r\n* [CyVDB-3402] Information disclosure in Mail (CWE-201) - CVE-2024-31400\r\n* [CyVDB-3151] Improper restriction on browsing and operation in Memo (CWE-863) - CVE-2024-31403\r\n* [CyVDB-3471] Browse restriction bypass in Scheduler (CWE-201) - CVE-2024-31404\r\n\r\nCVE-2024-31401\r\n@bttthuan reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2024-31403\r\nYuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2024-31397, CVE-2024-31398, CVE-2024-31399, CVE-2024-31400, CVE-2024-31402, CVE-2024-31404\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000047.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.9",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000047",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN28869536/index.html",
      "@id": "JVN#28869536",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31397",
      "@id": "CVE-2024-31397",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31398",
      "@id": "CVE-2024-31398",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31399",
      "@id": "CVE-2024-31399",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31400",
      "@id": "CVE-2024-31400",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31401",
      "@id": "CVE-2024-31401",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31402",
      "@id": "CVE-2024-31402",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31403",
      "@id": "CVE-2024-31403",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-31404",
      "@id": "CVE-2024-31404",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-31400 (GCVE-0-2024-31400)

CNVD-2024-29673

FKIE_CVE-2024-31400

GHSA-9WMC-X46M-582F

GSD-2024-31400

JVNDB-2024-000047

Tags

Sightings

Nomenclature