csaf_certbund - wid-sec-w-2024-3678

wid-sec-w-2024-3678

Vulnerability from csaf_certbund

Published

2024-12-10 23:00

Modified

2024-12-10 23:00

Summary

Atlassian Confluence: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Confluence ist eine kommerzielle Wiki-Software.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence ausnutzen, um einen Denial of Service Angriff durchzuführen, Daten zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Confluence ist eine kommerzielle Wiki-Software.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Atlassian Confluence ausnutzen, um einen Denial of Service Angriff durchzuführen, Daten zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Linux\n- Sonstiges\n- UNIX\n- Windows",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3678 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3678.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3678 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3678",
         },
         {
            category: "external",
            summary: "Atlassian Security Bulletin December 2024 vom 2024-12-10",
            url: "https://confluence.atlassian.com/security/security-bulletin-december-10-2024-1476624803.html",
         },
      ],
      source_lang: "en-US",
      title: "Atlassian Confluence: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-12-10T23:00:00.000+00:00",
         generator: {
            date: "2024-12-11T12:11:58.065+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.10",
            },
         },
         id: "WID-SEC-W-2024-3678",
         initial_release_date: "2024-12-10T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-12-10T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<8.9.8",
                        product: {
                           name: "Atlassian Confluence <8.9.8",
                           product_id: "T039314",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.9.8",
                        product: {
                           name: "Atlassian Confluence 8.9.8",
                           product_id: "T039314-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:atlassian:confluence:8.9.8",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<9.2.0 (LTS)",
                        product: {
                           name: "Atlassian Confluence <9.2.0 (LTS)",
                           product_id: "T039753",
                        },
                     },
                     {
                        category: "product_version",
                        name: "9.2.0 (LTS)",
                        product: {
                           name: "Atlassian Confluence 9.2.0 (LTS)",
                           product_id: "T039753-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:atlassian:confluence:9.2.0_%2528lts%2529",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<8.5.17",
                        product: {
                           name: "Atlassian Confluence <8.5.17",
                           product_id: "T039755",
                        },
                     },
                     {
                        category: "product_version",
                        name: "8.5.17",
                        product: {
                           name: "Atlassian Confluence 8.5.17",
                           product_id: "T039755-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:atlassian:confluence:8.5.17",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<9.1.0",
                        product: {
                           name: "Atlassian Confluence <9.1.0",
                           product_id: "T039756",
                        },
                     },
                     {
                        category: "product_version",
                        name: "9.1.0",
                        product: {
                           name: "Atlassian Confluence 9.1.0",
                           product_id: "T039756-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:atlassian:confluence:9.1.0",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.19.29 (LTS)",
                        product: {
                           name: "Atlassian Confluence <7.19.29 (LTS)",
                           product_id: "T039757",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.19.29 (LTS)",
                        product: {
                           name: "Atlassian Confluence 7.19.29 (LTS)",
                           product_id: "T039757-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:atlassian:confluence:7.19.29_%2528lts%2529",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Confluence",
               },
            ],
            category: "vendor",
            name: "Atlassian",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-3517",
         notes: [
            {
               category: "description",
               text: "Es existiert eine Schwachstelle in Atlassian Confluence. Diese besteht im Zusammenhang mit der Minimatch-Abhängigkeit im Confluence Data Center. Ein entfernter, anonymer Angreifer kann das ausnutzen, um einen Denial of Service zu verursachen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039755",
               "T039314",
               "T039757",
               "T039756",
               "T039753",
            ],
         },
         release_date: "2024-12-10T23:00:00.000+00:00",
         title: "CVE-2022-3517",
      },
      {
         cve: "CVE-2022-46175",
         notes: [
            {
               category: "description",
               text: "Es existiert eine Schwachstelle in Atlassian Confluence. Diese besteht in der Komponente \"json5\" und ist auf einen Fehler zurückzuführen, der eine Prototype Pollution ermöglicht. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren.",
            },
         ],
         product_status: {
            known_affected: [
               "T039755",
               "T039314",
               "T039757",
               "T039756",
               "T039753",
            ],
         },
         release_date: "2024-12-10T23:00:00.000+00:00",
         title: "CVE-2022-46175",
      },
      {
         cve: "CVE-2023-45859",
         notes: [
            {
               category: "description",
               text: "Es existiert eine Schwachstelle in Atlassian Confluence. Das Problem besteht in der Hazelcast Komponente aufgrund einer fehlenden Berechtigungsprüfung, die es erlaubt, auf im Cluster gespeicherte Daten zuzugreifen. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039755",
               "T039314",
               "T039757",
               "T039756",
               "T039753",
            ],
         },
         release_date: "2024-12-10T23:00:00.000+00:00",
         title: "CVE-2023-45859",
      },
      {
         cve: "CVE-2024-25710",
         notes: [
            {
               category: "description",
               text: "Es existiert eine Schwachstelle in Atlassian Confluence. Diese besteht in der Apache Commons Komponente im Compress-Subsystem aufgrund eines Endlosschleifenproblems und eines Speichermangel-Fehlers für bestimmte Dateitypen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.",
            },
         ],
         product_status: {
            known_affected: [
               "T039755",
               "T039314",
               "T039757",
               "T039756",
               "T039753",
            ],
         },
         release_date: "2024-12-10T23:00:00.000+00:00",
         title: "CVE-2024-25710",
      },
   ],
}

CVE-2022-46175 (GCVE-0-2022-46175)

Vulnerability from cvelistv5

Published

2022-12-24 00:00

Modified

2024-08-03 14:24

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H

Summary

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.

References

▼	URL	Tags
	https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h
	https://github.com/json5/json5/issues/199
	https://github.com/json5/json5/issues/295
	https://github.com/json5/json5/pull/298
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html	mailing-list

Impacted products

	Vendor	Product	Version
	json5	json5	Version: < 2.2.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:24:03.459Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/json5/json5/issues/199",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/json5/json5/issues/295",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/json5/json5/pull/298",
               },
               {
                  name: "FEDORA-2023-e7297a4aeb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/",
               },
               {
                  name: "[debian-lts-announce] 20231125 [SECURITY] [DLA 3665-1] node-json5 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "json5",
               vendor: "json5",
               versions: [
                  {
                     status: "affected",
                     version: "< 2.2.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1321",
                     description: "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-11-26T00:06:12.132080",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               url: "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
            },
            {
               url: "https://github.com/json5/json5/issues/199",
            },
            {
               url: "https://github.com/json5/json5/issues/295",
            },
            {
               url: "https://github.com/json5/json5/pull/298",
            },
            {
               name: "FEDORA-2023-e7297a4aeb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/",
            },
            {
               name: "[debian-lts-announce] 20231125 [SECURITY] [DLA 3665-1] node-json5 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html",
            },
         ],
         source: {
            advisory: "GHSA-9c47-m6qq-7p4h",
            discovery: "UNKNOWN",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2022-46175",
      datePublished: "2022-12-24T00:00:00",
      dateReserved: "2022-11-28T00:00:00",
      dateUpdated: "2024-08-03T14:24:03.459Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-3517 (GCVE-0-2022-3517)

Vulnerability from cvelistv5

Published

2022-10-17 00:00

Modified

2024-08-03 01:14

Severity ?

Summary

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

References

▼	URL	Tags
	https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6
	https://github.com/grafana/grafana-image-renderer/issues/329
	https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	minimatch	Version: minimatch versions prior to 3.0.5

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:14:02.557Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/grafana/grafana-image-renderer/issues/329",
               },
               {
                  name: "[debian-lts-announce] 20230115 [SECURITY] [DLA 3271-1] node-minimatch security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html",
               },
               {
                  name: "FEDORA-2023-ce8943223c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/",
               },
               {
                  name: "FEDORA-2023-18fd476362",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "minimatch",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "minimatch versions prior to 3.0.5",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-21T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6",
            },
            {
               url: "https://github.com/grafana/grafana-image-renderer/issues/329",
            },
            {
               name: "[debian-lts-announce] 20230115 [SECURITY] [DLA 3271-1] node-minimatch security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html",
            },
            {
               name: "FEDORA-2023-ce8943223c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/",
            },
            {
               name: "FEDORA-2023-18fd476362",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2022-3517",
      datePublished: "2022-10-17T00:00:00",
      dateReserved: "2022-10-14T00:00:00",
      dateUpdated: "2024-08-03T01:14:02.557Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-25710 (GCVE-0-2024-25710)

Vulnerability from cvelistv5

Published

2024-02-19 08:33

Modified

2025-02-13 17:40

Severity ?

8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

References

▼	URL	Tags
	https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf	vendor-advisory
	http://www.openwall.com/lists/oss-security/2024/02/19/1
	https://security.netapp.com/advisory/ntap-20240307-0010/

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Commons Compress	Version: 1.3 ≤ 1.25.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-25710",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-02-20T16:19:19.175447Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-05T17:21:44.416Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T23:52:05.369Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/02/19/1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240307-0010/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://repo.maven.apache.org/maven2/",
               defaultStatus: "unaffected",
               packageName: "org.apache.commons:commons-compress",
               product: "Apache Commons Compress",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     lessThanOrEqual: "1.25.0",
                     status: "affected",
                     version: "1.3",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "reporter",
               value: "Yakov Shafranovich, Amazon Web Services",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.<p>This issue affects Apache Commons Compress: from 1.3 through 1.25.0.</p><p>Users are recommended to upgrade to version 1.26.0 which fixes the issue.</p>",
                  },
               ],
               value: "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.\n\nUsers are recommended to upgrade to version 1.26.0 which fixes the issue.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     text: "important",
                  },
                  type: "Textual description of severity",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-835",
                     description: "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-03-07T17:06:33.636Z",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
            },
            {
               url: "http://www.openwall.com/lists/oss-security/2024/02/19/1",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240307-0010/",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2024-25710",
      datePublished: "2024-02-19T08:33:40.627Z",
      dateReserved: "2024-02-10T23:44:45.963Z",
      dateUpdated: "2025-02-13T17:40:53.785Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-45859 (GCVE-0-2023-45859)

Vulnerability from cvelistv5

Published

2024-02-28 00:00

Modified

2024-11-29 16:42

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Summary

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.

References

▼	URL	Tags
	https://github.com/hazelcast/hazelcast/pull/25509
	https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "LOW",
                     baseScore: 7.6,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "LOW",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-45859",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-03-01T18:45:07.416874Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-922",
                        description: "CWE-922 Insecure Storage of Sensitive Information",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-29T16:42:41.602Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T20:29:32.492Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/hazelcast/hazelcast/pull/25509",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-28T22:00:24.680854",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/hazelcast/hazelcast/pull/25509",
            },
            {
               url: "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-45859",
      datePublished: "2024-02-28T00:00:00",
      dateReserved: "2023-10-14T00:00:00",
      dateUpdated: "2024-11-29T16:42:41.602Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2024-3678

Vulnerability from csaf_certbund

CVE-2022-46175 (GCVE-0-2022-46175)

Vulnerability from cvelistv5

CVE-2022-3517 (GCVE-0-2022-3517)

Vulnerability from cvelistv5

CVE-2024-25710 (GCVE-0-2024-25710)

Vulnerability from cvelistv5

CVE-2023-45859 (GCVE-0-2023-45859)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature