CVE-2023-26482 (GCVE-0-2023-26482)
Vulnerability from cvelistv5 – Published: 2023-03-30 18:27 – Updated: 2025-02-11 18:54
VLAI?
Summary
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation.
Severity ?
9.1 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Affected:
< 24.0.10
Affected: >= 25.0.0, < 25.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj"
},
{
"name": "https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:54:30.467700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:54:35.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 24.0.10"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T18:27:17.333Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj"
},
{
"name": "https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60"
}
],
"source": {
"advisory": "GHSA-h3c9-cmh8-7qpj",
"discovery": "UNKNOWN"
},
"title": "Scope of workflow operations is not validated in nextcloud server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26482",
"datePublished": "2023-03-30T18:27:17.333Z",
"dateReserved": "2023-02-23T23:22:58.574Z",
"dateUpdated": "2025-02-11T18:54:35.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"18.0.0\", \"versionEndExcluding\": \"20.0.14.12\", \"matchCriteriaId\": \"F96F0D08-EE3D-4796-A6AC-B63E53770F60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"21.0.0\", \"versionEndExcluding\": \"21.0.9.10\", \"matchCriteriaId\": \"BFCBAD36-04D2-47EC-836E-35EFC1D6E060\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"22.0.0\", \"versionEndExcluding\": \"22.2.10.10\", \"matchCriteriaId\": \"C5886100-3157-4377-8681-381720CFDA8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"23.0.0\", \"versionEndExcluding\": \"23.0.12.5\", \"matchCriteriaId\": \"F2FEEE2E-6BF9-4332-99A3-690EF68D884F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"24.0.0\", \"versionEndExcluding\": \"24.0.10\", \"matchCriteriaId\": \"302FFA48-9204-4112-BF23-6182ED62F193\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"24.0.0\", \"versionEndExcluding\": \"24.0.10\", \"matchCriteriaId\": \"3D2D0CEB-437C-4ABA-9915-EFCB776E7ADC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"25.0.0\", \"versionEndExcluding\": \"25.0.4\", \"matchCriteriaId\": \"282F04F1-B4E4-4DC2-82CA-55DB39A3F373\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"25.0.0\", \"versionEndExcluding\": \"25.0.4\", \"matchCriteriaId\": \"E14A1D06-7AB2-40C2-806F-7EE34595DAF7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation.\"}]",
"id": "CVE-2023-26482",
"lastModified": "2024-11-21T07:51:36.513",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 9.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2023-03-30T19:15:06.523",
"references": "[{\"url\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-26482\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-03-30T19:15:06.523\",\"lastModified\":\"2024-11-21T07:51:36.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"20.0.14.12\",\"matchCriteriaId\":\"F96F0D08-EE3D-4796-A6AC-B63E53770F60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"21.0.0\",\"versionEndExcluding\":\"21.0.9.10\",\"matchCriteriaId\":\"BFCBAD36-04D2-47EC-836E-35EFC1D6E060\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"22.0.0\",\"versionEndExcluding\":\"22.2.10.10\",\"matchCriteriaId\":\"C5886100-3157-4377-8681-381720CFDA8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"23.0.0\",\"versionEndExcluding\":\"23.0.12.5\",\"matchCriteriaId\":\"F2FEEE2E-6BF9-4332-99A3-690EF68D884F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"24.0.0\",\"versionEndExcluding\":\"24.0.10\",\"matchCriteriaId\":\"302FFA48-9204-4112-BF23-6182ED62F193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"24.0.0\",\"versionEndExcluding\":\"24.0.10\",\"matchCriteriaId\":\"3D2D0CEB-437C-4ABA-9915-EFCB776E7ADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"25.0.0\",\"versionEndExcluding\":\"25.0.4\",\"matchCriteriaId\":\"282F04F1-B4E4-4DC2-82CA-55DB39A3F373\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"25.0.0\",\"versionEndExcluding\":\"25.0.4\",\"matchCriteriaId\":\"E14A1D06-7AB2-40C2-806F-7EE34595DAF7\"}]}]}],\"references\":[{\"url\":\"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj\", \"name\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60\", \"name\": \"https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:53:53.652Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-26482\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-11T18:54:30.467700Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-11T18:54:20.096Z\"}}], \"cna\": {\"title\": \"Scope of workflow operations is not validated in nextcloud server\", \"source\": {\"advisory\": \"GHSA-h3c9-cmh8-7qpj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nextcloud\", \"product\": \"security-advisories\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 24.0.10\"}, {\"status\": \"affected\", \"version\": \"\u003e= 25.0.0, \u003c 25.0.4\"}]}], \"references\": [{\"url\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj\", \"name\": \"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60\", \"name\": \"https://github.com/nextcloud/server/commit/5a06b50b10cc9278bbe68bbf897a0c4aeb0c4e60\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-03-30T18:27:17.333Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-26482\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-11T18:54:35.797Z\", \"dateReserved\": \"2023-02-23T23:22:58.574Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-03-30T18:27:17.333Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…