From 7397fbb84d97eb2a35eee14539da03c7e3c81719 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Wed, 27 Nov 2024 06:31:00 +0000 Subject: [PATCH] 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2024-36467 - 0 updated CVEs: --- cves/2024/36xxx/CVE-2024-36467.json | 164 ++++++++++++++++++++++++++++ cves/delta.json | 14 +-- cves/deltaLog.json | 40 +++---- 3 files changed, 185 insertions(+), 33 deletions(-) create mode 100644 cves/2024/36xxx/CVE-2024-36467.json diff --git a/cves/2024/36xxx/CVE-2024-36467.json b/cves/2024/36xxx/CVE-2024-36467.json new file mode 100644 index 000000000000..9a5a620807ff --- /dev/null +++ b/cves/2024/36xxx/CVE-2024-36467.json @@ -0,0 +1,164 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-36467", + "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", + "state": "PUBLISHED", + "assignerShortName": "Zabbix", + "dateReserved": "2024-05-28T11:21:24.947Z", + "datePublished": "2024-11-27T06:16:30.381Z", + "dateUpdated": "2024-11-27T06:16:30.381Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "modules": [ + "API" + ], + "product": "Zabbix", + "repo": "https://git.zabbix.com/", + "vendor": "Zabbix", + "versions": [ + { + "changes": [ + { + "at": "5.0.43rc1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "5.0.42", + "status": "affected", + "version": "5.0.0", + "versionType": "git" + }, + { + "changes": [ + { + "at": "6.0.33rc1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.0.32", + "status": "affected", + "version": "6.0.0", + "versionType": "git" + }, + { + "changes": [ + { + "at": "6.4.18rc1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.4.17", + "status": "affected", + "version": "6.4.0", + "versionType": "git" + }, + { + "changes": [ + { + "at": "7.0.2rc1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "7.0.1rc1", + "status": "affected", + "version": "7.0.0", + "versionType": "git" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "reporter", + "value": "Zabbix wants to thank Márk Rákóczi for submitting this report on the HackerOne bug bounty platform." + } + ], + "datePublic": "2024-09-12T08:25:00.000Z", + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access." + } + ], + "value": "An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access." + } + ], + "impacts": [ + { + "capecId": "CAPEC-233", + "descriptions": [ + { + "lang": "en", + "value": "CAPEC-233 Privilege Escalation" + } + ] + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-285", + "description": "CWE-285 Improper Authorization", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", + "shortName": "Zabbix", + "dateUpdated": "2024-11-27T06:16:30.381Z" + }, + "references": [ + { + "url": "https://support.zabbix.com/browse/ZBX-25614" + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "title": "Authentication privilege escalation via user groups due to missing authorization checks", + "x_generator": { + "engine": "Vulnogram 0.2.0" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index 1d82c7318667..d995aed71671 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,14 +1,14 @@ { - "fetchTime": "2024-11-27T06:15:36.075Z", + "fetchTime": "2024-11-27T06:30:48.494Z", "numberOfChanges": 1, - "new": [], - "updated": [ + "new": [ { - "cveId": "CVE-2024-11820", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11820", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11820.json", - "dateUpdated": "2024-11-27T06:12:55.308Z" + "cveId": "CVE-2024-36467", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-36467", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/36xxx/CVE-2024-36467.json", + "dateUpdated": "2024-11-27T06:16:30.381Z" } ], + "updated": [], "error": [] } \ No newline at end of file diff --git a/cves/deltaLog.json b/cves/deltaLog.json index b47fc67c04ec..0d45eb558119 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,18 @@ [ + { + "fetchTime": "2024-11-27T06:30:48.494Z", + "numberOfChanges": 1, + "new": [ + { + "cveId": "CVE-2024-36467", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-36467", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/36xxx/CVE-2024-36467.json", + "dateUpdated": "2024-11-27T06:16:30.381Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2024-11-27T06:15:36.075Z", "numberOfChanges": 1, @@ -158497,31 +158511,5 @@ ], "updated": [], "error": [] - }, - { - "fetchTime": "2024-10-28T06:27:10.120Z", - "numberOfChanges": 3, - "new": [], - "updated": [ - { - "cveId": "CVE-2023-39982", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39982", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39982.json", - "dateUpdated": "2024-10-28T06:13:21.724Z" - }, - { - "cveId": "CVE-2023-5962", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-5962", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/5xxx/CVE-2023-5962.json", - "dateUpdated": "2024-10-28T06:14:46.184Z" - }, - { - "cveId": "CVE-2024-0387", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0387", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0387.json", - "dateUpdated": "2024-10-28T06:15:50.712Z" - } - ], - "error": [] } ] \ No newline at end of file