github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Publish Advisories 

GHSA-4p5m-gvpf-f3x5
GHSA-68r2-fwcg-qpm8
GHSA-pff9-53m5-qr56
GHSA-pff9-53m5-qr56
This commit is contained in:
advisory-database[bot] 2025-01-27 17:24:06 +00:00
Родитель e84ae89f9b
Коммит 644caad540
4 изменённых файлов: 176 добавлений и 43 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

50
advisories/unreviewed/2025/01/GHSA-4p5m-gvpf-f3x5/GHSA-4p5m-gvpf-f3x5.json → advisories/github-reviewed/2025/01/GHSA-4p5m-gvpf-f3x5/GHSA-4p5m-gvpf-f3x5.json
Просмотреть файл

@ -1,19 +1,57 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4p5m-gvpf-f3x5",
"modified": "2025-01-27T09:30:35Z",
"modified": "2025-01-27T17:22:43Z",
"published": "2025-01-27T09:30:35Z",
"aliases": [
"CVE-2024-52012"
],
"summary": "Apache Solr Relative Path Traversal vulnerability",
"details": "Relative Path Traversal vulnerability in Apache Solr.\n\nSolr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the \"configset upload\" API.  Commonly known as a \"zipslip\", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.  \nThis issue affects Apache Solr: from 6.6 through 9.7.0.\n\nUsers are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's \"Rule-Based Authentication Plugin\" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.",
"severity": [],
"affected": [],
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.solr:solr-core"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "6.6"
},
{
"fixed": "9.8.0"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52012"
},
{
"type": "WEB",
"url": "https://github.com/apache/solr/commit/5795edd143b8fcb2ffaf7f278a099b8678adf396"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/solr"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/SOLR-17543"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd"
@ -27,9 +65,9 @@
"cwe_ids": [
"CWE-23"
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T17:22:43Z",
"nvd_published_at": "2025-01-27T09:15:14Z"
}
}

50
advisories/unreviewed/2025/01/GHSA-68r2-fwcg-qpm8/GHSA-68r2-fwcg-qpm8.json → advisories/github-reviewed/2025/01/GHSA-68r2-fwcg-qpm8/GHSA-68r2-fwcg-qpm8.json
Просмотреть файл

@ -1,19 +1,57 @@
{
"schema_version": "1.4.0",
"id": "GHSA-68r2-fwcg-qpm8",
"modified": "2025-01-27T09:30:35Z",
"modified": "2025-01-27T17:22:49Z",
"published": "2025-01-27T09:30:35Z",
"aliases": [
"CVE-2025-24814"
],
"summary": "Apache Solr vulnerable to Execution with Unnecessary Privileges",
"details": "Core creation allows users to replace \"trusted\" configset files with arbitrary configuration\n\nSolr instances that (1) use the \"FileSystemConfigSetService\" component (the default in \"standalone\" or \"user-managed\" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual \"trusted\" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as \"trusted\" and can use \"<lib>\" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.\n\nThis issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from \"FileSystemConfigSetService\").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of \"<lib>\" tags by default.",
"severity": [],
"affected": [],
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.solr:solr-core"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "9.8.0"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24814"
},
{
"type": "WEB",
"url": "https://github.com/apache/solr/commit/f492e24881c5724a1b1baecfc9549e2cb0257525"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/solr"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/SOLR-16781"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1"
@ -27,9 +65,9 @@
"cwe_ids": [
"CWE-250"
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T17:22:49Z",
"nvd_published_at": "2025-01-27T09:15:14Z"
}
}

88
advisories/github-reviewed/2025/01/GHSA-pff9-53m5-qr56/GHSA-pff9-53m5-qr56.json Normal file
Просмотреть файл

@ -0,0 +1,88 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pff9-53m5-qr56",
"modified": "2025-01-27T17:22:59Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24783"
],
"summary": "Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator",
"details": "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon.\n\nThis issue affects Apache Cocoon: all versions.\n\nWhen a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to.\n\nAs a mitigation, you may enable the \"session-bound-continuations\" option to make sure continuations are not shared across sessions.\n\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"
}
],
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cocoon:cocoon-forms-impl"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.3.0"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cocoon:cocoon-sitemap-impl"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.3.0"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24783"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/cocoon"
},
{
"type": "WEB",
"url": "https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/blocks/cocoon-forms/cocoon-forms-impl/src/main/java/org/apache/cocoon/forms/formmodel/CaptchaField.java#L70"
},
{
"type": "WEB",
"url": "https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/core/cocoon-sitemap/cocoon-sitemap-impl/src/main/java/org/apache/cocoon/components/flow/ContinuationsManagerImpl.java#L112"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz"
}
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"severity": "LOW",
"github_reviewed": true,
"github_reviewed_at": "2025-01-27T17:22:59Z",
"nvd_published_at": "2025-01-27T15:15:17Z"
}
}

31
advisories/unreviewed/2025/01/GHSA-pff9-53m5-qr56/GHSA-pff9-53m5-qr56.json
Просмотреть файл

@ -1,31 +0,0 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pff9-53m5-qr56",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24783"
],
"details": "** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon.\n\nThis issue affects Apache Cocoon: all versions.\n\nWhen a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to.\n\nAs a mitigation, you may enable the \"session-bound-continuations\" option to make sure continuations are not shared across sessions.\n\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24783"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz"
}
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:17Z"
}
}