CWE-708
Incorrect Ownership Assignment
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.
CVE-2021-26248 (GCVE-0-2021-26248)
Vulnerability from cvelistv5
Published
2021-11-19 18:37
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "All 5.x.x"
}
]
},
{
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "5.x.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708 Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T18:37:35",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Incorrect Ownership Assignment",
"workarounds": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-26248",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Incorrect Ownership Assignment"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708 Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-26248",
"datePublished": "2021-11-19T18:37:35",
"dateReserved": "2021-11-11T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32689 (GCVE-0-2021-32689)
Vulnerability from cvelistv5
Published
2021-07-12 18:45
Modified
2024-08-03 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and 11.3.0. As a workaround, don't allow users to choose usernames themselves. This is the default behaviour of Nextcloud, but some user providers may allow doing so.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Version: < 11.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xv6f-344w-895c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/spreed/pull/5633"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1200700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/spreed/releases/tag/v11.2.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/spreed/releases/tag/v11.3.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 11.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and 11.3.0. As a workaround, don\u0027t allow users to choose usernames themselves. This is the default behaviour of Nextcloud, but some user providers may allow doing so."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T18:45:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xv6f-344w-895c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/spreed/pull/5633"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1200700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/spreed/releases/tag/v11.2.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/spreed/releases/tag/v11.3.0"
}
],
"source": {
"advisory": "GHSA-xv6f-344w-895c",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Talk not properly disassociating users from chats after account deletion",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32689",
"STATE": "PUBLIC",
"TITLE": "Nextcloud Talk not properly disassociating users from chats after account deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 11.2.2"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and 11.3.0. As a workaround, don\u0027t allow users to choose usernames themselves. This is the default behaviour of Nextcloud, but some user providers may allow doing so."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708: Incorrect Ownership Assignment"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xv6f-344w-895c",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xv6f-344w-895c"
},
{
"name": "https://github.com/nextcloud/spreed/pull/5633",
"refsource": "MISC",
"url": "https://github.com/nextcloud/spreed/pull/5633"
},
{
"name": "https://hackerone.com/reports/1200700",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1200700"
},
{
"name": "https://github.com/nextcloud/spreed/releases/tag/v11.2.2",
"refsource": "MISC",
"url": "https://github.com/nextcloud/spreed/releases/tag/v11.2.2"
},
{
"name": "https://github.com/nextcloud/spreed/releases/tag/v11.3.0",
"refsource": "MISC",
"url": "https://github.com/nextcloud/spreed/releases/tag/v11.3.0"
}
]
},
"source": {
"advisory": "GHSA-xv6f-344w-895c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32689",
"datePublished": "2021-07-12T18:45:15",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32726 (GCVE-0-2021-32726)
Vulnerability from cvelistv5
Published
2021-07-12 19:45
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Version: < 19.0.13 Version: >= 20.0.0, < 20.0.11 Version: >= 21.0.0, < 21.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6qr9-c846-j8mg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/server/pull/27532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1202590"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003c 19.0.13"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-11T00:09:37",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6qr9-c846-j8mg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/27532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1202590"
},
{
"name": "GLSA-202208-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-17"
}
],
"source": {
"advisory": "GHSA-6qr9-c846-j8mg",
"discovery": "UNKNOWN"
},
"title": "Webauthn tokens not removed after user has been deleted",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32726",
"STATE": "PUBLIC",
"TITLE": "Webauthn tokens not removed after user has been deleted"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "security-advisories",
"version": {
"version_data": [
{
"version_value": "\u003c 19.0.13"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.11"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.0.3"
}
]
}
}
]
},
"vendor_name": "nextcloud"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708: Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6qr9-c846-j8mg",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6qr9-c846-j8mg"
},
{
"name": "https://github.com/nextcloud/server/pull/27532",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/pull/27532"
},
{
"name": "https://hackerone.com/reports/1202590",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1202590"
},
{
"name": "GLSA-202208-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-17"
}
]
},
"source": {
"advisory": "GHSA-6qr9-c846-j8mg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32726",
"datePublished": "2021-07-12T19:45:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:54.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22189 (GCVE-0-2022-22189)
Vulnerability from cvelistv5
Published
2022-04-14 15:50
Modified
2024-09-16 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Contrail Service Orchestration |
Version: 6.0.0 < 6.0.0 Patch v3 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"On-premises"
],
"product": "Contrail Service Orchestration",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "6.0.0 Patch v3",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"product": "Contrail Service Orchestration",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "6.0.0",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:49",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69498"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: On-premises: Contrail Service Orchestration 6.0.0 Patch v3, 6.1.0, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69498",
"defect": [
"CXU-56990"
],
"discovery": "USER"
},
"title": "Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
"ID": "CVE-2022-22189",
"STATE": "PUBLIC",
"TITLE": "Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contrail Service Orchestration",
"version": {
"version_data": [
{
"platform": "On-premises",
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.0.0 Patch v3"
},
{
"version_affected": "!\u003c",
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-708: Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69498",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69498"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: On-premises: Contrail Service Orchestration 6.0.0 Patch v3, 6.1.0, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69498",
"defect": [
"CXU-56990"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22189",
"datePublished": "2022-04-14T15:50:49.176336Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T23:36:26.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33737 (GCVE-0-2022-33737)
Vulnerability from cvelistv5
Published
2022-07-06 15:09
Modified
2024-08-03 08:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | OpenVPN Access Server |
Version: from version 2.10.0 and before 2.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "from version 2.10.0 and before 2.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T15:09:08",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2022-33737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "from version 2.10.0 and before 2.11.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708: Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2022-33737",
"datePublished": "2022-07-06T15:09:08",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20043 (GCVE-0-2023-20043)
Vulnerability from cvelistv5
Published
2023-01-19 01:36
Modified
2024-08-02 08:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.
This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco CX Cloud Agent |
Version: 0.9 Version: 0.0.1 Version: 0.0.2 Version: 0.9.2 Version: 0.9.3 Version: 1.1 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.0.0 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cxagent-gOq9QjqZ",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco CX Cloud Agent",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.0.1"
},
{
"status": "affected",
"version": "0.0.2"
},
{
"status": "affected",
"version": "0.9.2"
},
{
"status": "affected",
"version": "0.9.3"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.\r\n\r This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "Incorrect Ownership Assignment",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:37.051Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cxagent-gOq9QjqZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ"
}
],
"source": {
"advisory": "cisco-sa-cxagent-gOq9QjqZ",
"defects": [
"CSCwa73699"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20043",
"datePublished": "2023-01-19T01:36:37.287Z",
"dateReserved": "2022-10-27T18:47:50.317Z",
"dateUpdated": "2024-08-02T08:57:35.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20044 (GCVE-0-2023-20044)
Vulnerability from cvelistv5
Published
2023-01-19 01:37
Modified
2024-11-21 21:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.
This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco CX Cloud Agent |
Version: 0.9 Version: 0.0.1 Version: 0.0.2 Version: 0.9.2 Version: 0.9.3 Version: 1.1 Version: 1.10 Version: 1.11 Version: 1.12 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.0.0 Version: 2.0 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cxagent-gOq9QjqZ",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-30T15:26:55.117610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T21:40:09.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco CX Cloud Agent",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.0.1"
},
{
"status": "affected",
"version": "0.0.2"
},
{
"status": "affected",
"version": "0.9.2"
},
{
"status": "affected",
"version": "0.9.3"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges.\r\n\r This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "Incorrect Ownership Assignment",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:37.385Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cxagent-gOq9QjqZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ"
}
],
"source": {
"advisory": "cisco-sa-cxagent-gOq9QjqZ",
"defects": [
"CSCwd51828"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20044",
"datePublished": "2023-01-19T01:37:06.676Z",
"dateReserved": "2022-10-27T18:47:50.317Z",
"dateUpdated": "2024-11-21T21:40:09.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29122 (GCVE-0-2023-29122)
Vulnerability from cvelistv5
Published
2024-11-05 15:24
Modified
2024-11-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
Under certain conditions, access to service libraries is granted to account they should not have access to.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Enel X | JuiceBox Pro 3.0 22kW Cellular |
Version: 0 < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:enel_x:juicebox_pro3.0_22kw_cellular:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "juicebox_pro3.0_22kw_cellular",
"vendor": "enel_x",
"versions": [
{
"lessThanOrEqual": "2.1.1.0_JB3VU096A",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T18:57:41.194180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T18:58:24.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Internal Service\u0027s Libraries"
],
"product": "JuiceBox Pro 3.0 22kW Cellular",
"vendor": "Enel X",
"versions": [
{
"lessThanOrEqual": "2.1.1.0_JB3VU096A",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Artem Ivachev (PCAutomotive)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Under certain conditions, access to service libraries is granted to account they should not have access to."
}
],
"value": "Under certain conditions, access to service libraries is granted to account they should not have access to."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:24:43.416Z",
"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"shortName": "ASRG"
},
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect file ownership of privileged service\u0027s libraries in Enel X JuiceBox",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
"assignerShortName": "ASRG",
"cveId": "CVE-2023-29122",
"datePublished": "2024-11-05T15:24:43.416Z",
"dateReserved": "2023-03-31T10:22:52.668Z",
"dateUpdated": "2024-11-05T18:58:24.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4008 (GCVE-0-2023-4008)
Vulnerability from cvelistv5
Published
2023-08-03 06:31
Modified
2024-10-03 06:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:10.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #415942",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415942"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4008",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:44:36.361443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:44:49.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.0.8",
"status": "affected",
"version": "15.9",
"versionType": "semver"
},
{
"lessThan": "16.1.3",
"status": "affected",
"version": "16.1",
"versionType": "semver"
},
{
"lessThan": "16.2.2",
"status": "affected",
"version": "16.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was discovered internally by a GitLab team member."
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T06:23:13.999Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #415942",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/415942"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.2.2, 16.1.3, 16.0.8 or above."
}
],
"title": "Incorrect Ownership Assignment in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4008",
"datePublished": "2023-08-03T06:31:21.677Z",
"dateReserved": "2023-07-31T07:13:53.508Z",
"dateUpdated": "2024-10-03T06:23:13.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41881 (GCVE-0-2023-41881)
Vulnerability from cvelistv5
Published
2023-10-11 19:30
Modified
2024-09-17 14:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
},
{
"name": "https://github.com/vantage6/vantage6/pull/748",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/pull/748"
},
{
"name": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T13:49:13.313630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:02:51.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vantage6",
"vendor": "vantage6",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T19:30:43.808Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
},
{
"name": "https://github.com/vantage6/vantage6/pull/748",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6/pull/748"
},
{
"name": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
}
],
"source": {
"advisory": "GHSA-rf54-7qrr-96j6",
"discovery": "UNKNOWN"
},
"title": "Deleting a collaboration should also delete linked resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41881",
"datePublished": "2023-10-11T19:30:43.808Z",
"dateReserved": "2023-09-04T16:31:48.224Z",
"dateUpdated": "2024-09-17T14:02:51.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Policy
Description:
- Periodically review the privileges and their owners.
Mitigation
Phase: Testing
Description:
- Use automated tools to check for privilege settings.
No CAPEC attack patterns related to this CWE.