Skip to content

Commit

Permalink
2 changes (1 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2024-13897
      - 1 updated CVEs: CVE-2022-1586
  • Loading branch information
cvelistV5 Github Action committed Mar 6, 2025
1 parent 4f6e796 commit 32af103
Show file tree
Hide file tree
Showing 2 changed files with 115 additions and 15 deletions.
39 changes: 24 additions & 15 deletions cves/2022/1xxx/CVE-2022-1586.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,16 @@
"cveId": "CVE-2022-1586",
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"dateUpdated": "2024-08-03T00:10:03.645Z",
"dateReserved": "2022-05-05T00:00:00",
"datePublished": "2022-05-16T00:00:00"
"dateUpdated": "2025-03-06T08:18:54.168Z",
"dateReserved": "2022-05-05T00:00:00.000Z",
"datePublished": "2022-05-16T00:00:00.000Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2023-03-16T00:00:00"
"dateUpdated": "2023-03-16T00:00:00.000Z"
},
"descriptions": [
{
Expand Down Expand Up @@ -102,10 +102,15 @@
"providerMetadata": {
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE",
"dateUpdated": "2024-08-03T00:10:03.645Z"
"dateUpdated": "2025-03-06T08:18:54.168Z"
},
"title": "CVE Program Container",
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976"
},
{
"url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a"
},
{
"name": "FEDORA-2022-e56085ba31",
"tags": [
Expand All @@ -115,22 +120,22 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C",
"tags": [
"x_transferred"
]
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C"
},
{
"url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C",
"tags": [
"x_transferred"
]
],
"url": "https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C"
},
{
"url": "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c",
"tags": [
"x_transferred"
]
],
"url": "https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c"
},
{
"name": "FEDORA-2022-a3edad0ab6",
Expand All @@ -157,10 +162,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0009/",
"tags": [
"x_transferred"
]
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0009/"
},
{
"name": "[debian-lts-announce] 20230316 [SECURITY] [DLA 3363-1] pcre2 security update",
Expand All @@ -170,7 +175,11 @@
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html"
}
]
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
]
}
Expand Down
91 changes: 91 additions & 0 deletions cves/2024/13xxx/CVE-2024-13897.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-13897",
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"state": "PUBLISHED",
"assignerShortName": "Wordfence",
"dateReserved": "2025-02-20T19:20:20.695Z",
"datePublished": "2025-03-06T08:21:38.783Z",
"dateUpdated": "2025-03-06T08:21:38.783Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2025-03-06T08:21:38.783Z"
},
"affected": [
{
"vendor": "katsushi-kawamori",
"product": "Moving Media Library",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.22",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"title": "Moving Media Library <= 1.22 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Deletion",
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/815ce00b-3753-4c38-8a30-5242a5841734?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php#L166"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3244709/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php"
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22",
"type": "CWE"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emil"
}
],
"timeline": [
{
"time": "2025-03-05T20:19:26.000+00:00",
"lang": "en",
"value": "Disclosed"
}
]
}
}
}

0 comments on commit 32af103

Please sign in to comment.