From ca0df9af677ef24d57483b2bd57a670eaca59206 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Sat, 4 Jan 2025 02:29:55 +0000 Subject: [PATCH] 5 changes (0 new | 5 updated): - 0 new CVEs: - 5 updated CVEs: CVE-2025-22386, CVE-2025-22387, CVE-2025-22388, CVE-2025-22389, CVE-2025-22390 --- cves/2025/22xxx/CVE-2025-22386.json | 44 ++++++++++++++++------------- cves/2025/22xxx/CVE-2025-22387.json | 44 ++++++++++++++++------------- cves/2025/22xxx/CVE-2025-22388.json | 44 ++++++++++++++++------------- cves/2025/22xxx/CVE-2025-22389.json | 44 ++++++++++++++++------------- cves/2025/22xxx/CVE-2025-22390.json | 44 ++++++++++++++++------------- cves/delta.json | 36 ++++++----------------- cves/deltaLog.json | 38 +++++++++++++++++++++++++ 7 files changed, 167 insertions(+), 127 deletions(-) diff --git a/cves/2025/22xxx/CVE-2025-22386.json b/cves/2025/22xxx/CVE-2025-22386.json index 2241a3cf3a77..db0a35d5b91c 100644 --- a/cves/2025/22xxx/CVE-2025-22386.json +++ b/cves/2025/22xxx/CVE-2025-22386.json @@ -5,51 +5,55 @@ "cveId": "CVE-2025-22386", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2025-01-04T01:46:52.528994", + "dateUpdated": "2025-01-04T02:04:58.516Z", "dateReserved": "2025-01-04T00:00:00", "datePublished": "2025-01-04T00:00:00" }, "containers": { "cna": { - "providerMetadata": { - "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", - "shortName": "mitre", - "dateUpdated": "2025-01-04T01:46:52.528994" - }, - "descriptions": [ - { - "lang": "en", - "value": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable." - } - ], "affected": [ { - "vendor": "n/a", "product": "n/a", + "vendor": "n/a", "versions": [ { - "version": "n/a", - "status": "affected" + "status": "affected", + "version": "n/a" } ] } ], - "references": [ + "descriptions": [ { - "url": "https://support.optimizely.com/hc/en-us/articles/32695284701069-Configured-Commerce-Security-Advisory-COM-2024-04" + "lang": "en", + "value": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable." } ], "problemTypes": [ { "descriptions": [ { - "type": "text", + "cweId": "CWE-613", + "description": "CWE-613 Insufficient Session Expiration", "lang": "en", - "description": "n/a" + "type": "CWE" } ] } - ] + ], + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-01-04T02:04:58.516Z" + }, + "references": [ + { + "url": "https://support.optimizely.com/hc/en-us/articles/32695284701069-Configured-Commerce-Security-Advisory-COM-2024-04" + } + ], + "x_generator": { + "engine": "enrichogram 0.0.1" + } } }, "dataVersion": "5.1" diff --git a/cves/2025/22xxx/CVE-2025-22387.json b/cves/2025/22xxx/CVE-2025-22387.json index d747d722e29c..37374cc743c3 100644 --- a/cves/2025/22xxx/CVE-2025-22387.json +++ b/cves/2025/22xxx/CVE-2025-22387.json @@ -5,51 +5,55 @@ "cveId": "CVE-2025-22387", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2025-01-04T01:46:42.749365", + "dateUpdated": "2025-01-04T02:06:18.617Z", "dateReserved": "2025-01-04T00:00:00", "datePublished": "2025-01-04T00:00:00" }, "containers": { "cna": { - "providerMetadata": { - "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", - "shortName": "mitre", - "dateUpdated": "2025-01-04T01:46:42.749365" - }, - "descriptions": [ - { - "lang": "en", - "value": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking." - } - ], "affected": [ { - "vendor": "n/a", "product": "n/a", + "vendor": "n/a", "versions": [ { - "version": "n/a", - "status": "affected" + "status": "affected", + "version": "n/a" } ] } ], - "references": [ + "descriptions": [ { - "url": "https://support.optimizely.com/hc/en-us/articles/32695551034893-Configured-Commerce-Security-Advisory-COM-2024-06" + "lang": "en", + "value": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking." } ], "problemTypes": [ { "descriptions": [ { - "type": "text", + "cweId": "CWE-598", + "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings", "lang": "en", - "description": "n/a" + "type": "CWE" } ] } - ] + ], + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-01-04T02:06:18.617Z" + }, + "references": [ + { + "url": "https://support.optimizely.com/hc/en-us/articles/32695551034893-Configured-Commerce-Security-Advisory-COM-2024-06" + } + ], + "x_generator": { + "engine": "enrichogram 0.0.1" + } } }, "dataVersion": "5.1" diff --git a/cves/2025/22xxx/CVE-2025-22388.json b/cves/2025/22xxx/CVE-2025-22388.json index 41b551fc163d..9c39512da479 100644 --- a/cves/2025/22xxx/CVE-2025-22388.json +++ b/cves/2025/22xxx/CVE-2025-22388.json @@ -5,51 +5,55 @@ "cveId": "CVE-2025-22388", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2025-01-04T01:46:34.387692", + "dateUpdated": "2025-01-04T02:06:49.019Z", "dateReserved": "2025-01-04T00:00:00", "datePublished": "2025-01-04T00:00:00" }, "containers": { "cna": { - "providerMetadata": { - "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", - "shortName": "mitre", - "dateUpdated": "2025-01-04T01:46:34.387692" - }, - "descriptions": [ - { - "lang": "en", - "value": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads." - } - ], "affected": [ { - "vendor": "n/a", "product": "n/a", + "vendor": "n/a", "versions": [ { - "version": "n/a", - "status": "affected" + "status": "affected", + "version": "n/a" } ] } ], - "references": [ + "descriptions": [ { - "url": "https://support.optimizely.com/hc/en-us/articles/33182047260557-Content-Management-System-CMS-Security-Advisory-CMS-2025-01" + "lang": "en", + "value": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads." } ], "problemTypes": [ { "descriptions": [ { - "type": "text", + "cweId": "CWE-79", + "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", - "description": "n/a" + "type": "CWE" } ] } - ] + ], + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-01-04T02:06:49.019Z" + }, + "references": [ + { + "url": "https://support.optimizely.com/hc/en-us/articles/33182047260557-Content-Management-System-CMS-Security-Advisory-CMS-2025-01" + } + ], + "x_generator": { + "engine": "enrichogram 0.0.1" + } } }, "dataVersion": "5.1" diff --git a/cves/2025/22xxx/CVE-2025-22389.json b/cves/2025/22xxx/CVE-2025-22389.json index 2592c6e807a3..bc4df875c37f 100644 --- a/cves/2025/22xxx/CVE-2025-22389.json +++ b/cves/2025/22xxx/CVE-2025-22389.json @@ -5,51 +5,55 @@ "cveId": "CVE-2025-22389", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2025-01-04T01:46:25.289704", + "dateUpdated": "2025-01-04T02:09:16.461Z", "dateReserved": "2025-01-04T00:00:00", "datePublished": "2025-01-04T00:00:00" }, "containers": { "cna": { - "providerMetadata": { - "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", - "shortName": "mitre", - "dateUpdated": "2025-01-04T01:46:25.289704" - }, - "descriptions": [ - { - "lang": "en", - "value": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems." - } - ], "affected": [ { - "vendor": "n/a", "product": "n/a", + "vendor": "n/a", "versions": [ { - "version": "n/a", - "status": "affected" + "status": "affected", + "version": "n/a" } ] } ], - "references": [ + "descriptions": [ { - "url": "https://support.optimizely.com/hc/en-us/articles/33182404079629-Content-Management-System-CMS-Security-Advisory-CMS-2025-03" + "lang": "en", + "value": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems." } ], "problemTypes": [ { "descriptions": [ { - "type": "text", + "cweId": "CWE-434", + "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", - "description": "n/a" + "type": "CWE" } ] } - ] + ], + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-01-04T02:09:16.461Z" + }, + "references": [ + { + "url": "https://support.optimizely.com/hc/en-us/articles/33182404079629-Content-Management-System-CMS-Security-Advisory-CMS-2025-03" + } + ], + "x_generator": { + "engine": "enrichogram 0.0.1" + } } }, "dataVersion": "5.1" diff --git a/cves/2025/22xxx/CVE-2025-22390.json b/cves/2025/22xxx/CVE-2025-22390.json index a4c957c18ec5..5c27f0c65f8b 100644 --- a/cves/2025/22xxx/CVE-2025-22390.json +++ b/cves/2025/22xxx/CVE-2025-22390.json @@ -5,51 +5,55 @@ "cveId": "CVE-2025-22390", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2025-01-04T01:46:15.654346", + "dateUpdated": "2025-01-04T02:11:01.919Z", "dateReserved": "2025-01-04T00:00:00", "datePublished": "2025-01-04T00:00:00" }, "containers": { "cna": { - "providerMetadata": { - "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", - "shortName": "mitre", - "dateUpdated": "2025-01-04T01:46:15.654346" - }, - "descriptions": [ - { - "lang": "en", - "value": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking." - } - ], "affected": [ { - "vendor": "n/a", "product": "n/a", + "vendor": "n/a", "versions": [ { - "version": "n/a", - "status": "affected" + "status": "affected", + "version": "n/a" } ] } ], - "references": [ + "descriptions": [ { - "url": "https://support.optimizely.com/hc/en-us/articles/33182255281293-Content-Management-System-CMS-Security-Advisory-CMS-2025-02" + "lang": "en", + "value": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking." } ], "problemTypes": [ { "descriptions": [ { - "type": "text", + "cweId": "CWE-521", + "description": "CWE-521 Weak Password Requirements", "lang": "en", - "description": "n/a" + "type": "CWE" } ] } - ] + ], + "providerMetadata": { + "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", + "shortName": "mitre", + "dateUpdated": "2025-01-04T02:11:01.919Z" + }, + "references": [ + { + "url": "https://support.optimizely.com/hc/en-us/articles/33182255281293-Content-Management-System-CMS-Security-Advisory-CMS-2025-02" + } + ], + "x_generator": { + "engine": "enrichogram 0.0.1" + } } }, "dataVersion": "5.1" diff --git a/cves/delta.json b/cves/delta.json index 051f691345af..4d3a33d848cd 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,56 +1,38 @@ { - "fetchTime": "2025-01-04T02:04:09.229Z", - "numberOfChanges": 8, - "new": [ - { - "cveId": "CVE-2025-22383", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22383", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22383.json", - "dateUpdated": "2025-01-04T01:48:58.594Z" - }, - { - "cveId": "CVE-2025-22384", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22384", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22384.json", - "dateUpdated": "2025-01-04T01:52:50.236Z" - }, - { - "cveId": "CVE-2025-22385", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22385", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22385.json", - "dateUpdated": "2025-01-04T02:03:40.351Z" - }, + "fetchTime": "2025-01-04T02:29:44.692Z", + "numberOfChanges": 5, + "new": [], + "updated": [ { "cveId": "CVE-2025-22386", "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22386", "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22386.json", - "dateUpdated": "2025-01-04T01:46:52.528994" + "dateUpdated": "2025-01-04T02:04:58.516Z" }, { "cveId": "CVE-2025-22387", "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22387", "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22387.json", - "dateUpdated": "2025-01-04T01:46:42.749365" + "dateUpdated": "2025-01-04T02:06:18.617Z" }, { "cveId": "CVE-2025-22388", "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22388", "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22388.json", - "dateUpdated": "2025-01-04T01:46:34.387692" + "dateUpdated": "2025-01-04T02:06:49.019Z" }, { "cveId": "CVE-2025-22389", "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22389", "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22389.json", - "dateUpdated": "2025-01-04T01:46:25.289704" + "dateUpdated": "2025-01-04T02:09:16.461Z" }, { "cveId": "CVE-2025-22390", "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22390", "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22390.json", - "dateUpdated": "2025-01-04T01:46:15.654346" + "dateUpdated": "2025-01-04T02:11:01.919Z" } ], - "updated": [], "error": [] } \ No newline at end of file diff --git a/cves/deltaLog.json b/cves/deltaLog.json index c2901e90a260..d349b5d6b152 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,42 @@ [ + { + "fetchTime": "2025-01-04T02:29:44.692Z", + "numberOfChanges": 5, + "new": [], + "updated": [ + { + "cveId": "CVE-2025-22386", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22386", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22386.json", + "dateUpdated": "2025-01-04T02:04:58.516Z" + }, + { + "cveId": "CVE-2025-22387", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22387", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22387.json", + "dateUpdated": "2025-01-04T02:06:18.617Z" + }, + { + "cveId": "CVE-2025-22388", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22388", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22388.json", + "dateUpdated": "2025-01-04T02:06:49.019Z" + }, + { + "cveId": "CVE-2025-22389", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22389", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22389.json", + "dateUpdated": "2025-01-04T02:09:16.461Z" + }, + { + "cveId": "CVE-2025-22390", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-22390", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/22xxx/CVE-2025-22390.json", + "dateUpdated": "2025-01-04T02:11:01.919Z" + } + ], + "error": [] + }, { "fetchTime": "2025-01-04T02:04:09.229Z", "numberOfChanges": 8,