ALT Vulnerability
This commit is contained in:
parent
c1f11120ea
commit
4df1560603
@ -134,7 +134,7 @@
|
||||
{
|
||||
"ID": "CVE-2023-23583",
|
||||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"CWE": "NVD-CWE-noinfo",
|
||||
"CWE": "CWE-1281",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-23583",
|
||||
"Impact": "High",
|
||||
"Public": "20231114"
|
||||
|
||||
@ -1315,8 +1315,10 @@
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2024-31456",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"CWE": "CWE-89",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-31456",
|
||||
"Impact": "None",
|
||||
"Impact": "Low",
|
||||
"Public": "20240507"
|
||||
}
|
||||
],
|
||||
|
||||
@ -675,7 +675,7 @@
|
||||
{
|
||||
"ID": "CVE-2023-23583",
|
||||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"CWE": "NVD-CWE-noinfo",
|
||||
"CWE": "CWE-1281",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-23583",
|
||||
"Impact": "High",
|
||||
"Public": "20231114"
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -140,7 +140,7 @@
|
||||
{
|
||||
"ID": "CVE-2023-23583",
|
||||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"CWE": "NVD-CWE-noinfo",
|
||||
"CWE": "CWE-1281",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-23583",
|
||||
"Impact": "High",
|
||||
"Public": "20231114"
|
||||
|
||||
@ -49,7 +49,7 @@
|
||||
"Description": "This update upgrades glpi to version 10.0.16-alt1. \nSecurity Fix(es):\n\n * CVE-2024-37147: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.\n\n * CVE-2024-37148: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.\n\n * CVE-2024-37149: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "Low",
|
||||
"Severity": "High",
|
||||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||||
"Issued": {
|
||||
"Date": "2024-07-25"
|
||||
@ -61,20 +61,26 @@
|
||||
"CVEs": [
|
||||
{
|
||||
"ID": "CVE-2024-37147",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
||||
"CWE": "NVD-CWE-noinfo",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37147",
|
||||
"Impact": "None",
|
||||
"Impact": "Low",
|
||||
"Public": "20240710"
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2024-37148",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
|
||||
"CWE": "CWE-89",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37148",
|
||||
"Impact": "None",
|
||||
"Impact": "High",
|
||||
"Public": "20240710"
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2024-37149",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"CWE": "CWE-94",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37149",
|
||||
"Impact": "None",
|
||||
"Impact": "High",
|
||||
"Public": "20240710"
|
||||
}
|
||||
],
|
||||
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -77,8 +77,10 @@
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2024-31456",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"CWE": "CWE-89",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-31456",
|
||||
"Impact": "None",
|
||||
"Impact": "Low",
|
||||
"Public": "20240507"
|
||||
}
|
||||
],
|
||||
|
||||
@ -60,7 +60,7 @@
|
||||
{
|
||||
"ID": "CVE-2023-23583",
|
||||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"CWE": "NVD-CWE-noinfo",
|
||||
"CWE": "CWE-1281",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-23583",
|
||||
"Impact": "High",
|
||||
"Public": "20231114"
|
||||
|
||||
@ -55,8 +55,10 @@
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2024-31456",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"CWE": "CWE-89",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-31456",
|
||||
"Impact": "None",
|
||||
"Impact": "Low",
|
||||
"Public": "20240507"
|
||||
}
|
||||
],
|
||||
|
||||
@ -42,7 +42,7 @@
|
||||
"Description": "This update upgrades glpi to version 10.0.16-alt1. \nSecurity Fix(es):\n\n * CVE-2024-37147: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.\n\n * CVE-2024-37148: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.\n\n * CVE-2024-37149: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "Low",
|
||||
"Severity": "High",
|
||||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||||
"Issued": {
|
||||
"Date": "2024-07-15"
|
||||
@ -54,20 +54,26 @@
|
||||
"CVEs": [
|
||||
{
|
||||
"ID": "CVE-2024-37147",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
|
||||
"CWE": "NVD-CWE-noinfo",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37147",
|
||||
"Impact": "None",
|
||||
"Impact": "Low",
|
||||
"Public": "20240710"
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2024-37148",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
|
||||
"CWE": "CWE-89",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37148",
|
||||
"Impact": "None",
|
||||
"Impact": "High",
|
||||
"Public": "20240710"
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2024-37149",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"CWE": "CWE-94",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-37149",
|
||||
"Impact": "None",
|
||||
"Impact": "High",
|
||||
"Public": "20240710"
|
||||
}
|
||||
],
|
||||
|
||||
@ -334,7 +334,7 @@
|
||||
{
|
||||
"ID": "CVE-2023-23583",
|
||||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"CWE": "NVD-CWE-noinfo",
|
||||
"CWE": "CWE-1281",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-23583",
|
||||
"Impact": "High",
|
||||
"Public": "20231114"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user