Skip to content

Commit

Permalink
2 changes (2 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2024-11083, CVE-2024-11219
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Nov 27, 2024
1 parent 8280c40 commit d27aa26
Show file tree
Hide file tree
Showing 4 changed files with 215 additions and 23 deletions.
93 changes: 93 additions & 0 deletions cves/2024/11xxx/CVE-2024-11083.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-11083",
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"state": "PUBLISHED",
"assignerShortName": "Wordfence",
"dateReserved": "2024-11-11T18:52:00.429Z",
"datePublished": "2024-11-27T05:31:54.074Z",
"dateUpdated": "2024-11-27T05:31:54.074Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2024-11-27T05:31:54.074Z"
},
"affected": [
{
"vendor": "collizo4sky",
"product": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "4.15.18",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator."
}
],
"title": "ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure",
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/60c8159f-0641-4b75-9d56-34bd13105caf?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3197296/wp-user-avatar"
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200",
"type": "CWE"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"timeline": [
{
"time": "2024-11-11T00:00:00.000+00:00",
"lang": "en",
"value": "Vendor Notified"
},
{
"time": "2024-11-26T00:00:00.000+00:00",
"lang": "en",
"value": "Disclosed"
}
]
}
}
}
93 changes: 93 additions & 0 deletions cves/2024/11xxx/CVE-2024-11219.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-11219",
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"state": "PUBLISHED",
"assignerShortName": "Wordfence",
"dateReserved": "2024-11-14T14:55:03.886Z",
"datePublished": "2024-11-27T05:31:54.882Z",
"dateUpdated": "2024-11-27T05:31:54.882Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2024-11-27T05:31:54.882Z"
},
"affected": [
{
"vendor": "themeisle",
"product": "Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "3.0.6",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information."
}
],
"title": "Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View",
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c5e9ab63-d61e-40f1-a5cb-432f33dfd2a6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/otter-blocks/tags/3.0.6/inc/plugins/class-dynamic-content.php#L222"
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22",
"type": "CWE"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"timeline": [
{
"time": "2024-11-10T00:00:00.000+00:00",
"lang": "en",
"value": "Discovered"
},
{
"time": "2024-11-26T16:32:46.000+00:00",
"lang": "en",
"value": "Disclosed"
}
]
}
}
}
18 changes: 9 additions & 9 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
{
"fetchTime": "2024-11-27T05:28:52.400Z",
"fetchTime": "2024-11-27T05:39:45.872Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-52958",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52958",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52958.json",
"dateUpdated": "2024-11-27T05:22:47.950Z"
"cveId": "CVE-2024-11083",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11083",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11083.json",
"dateUpdated": "2024-11-27T05:31:54.074Z"
},
{
"cveId": "CVE-2024-52959",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-52959",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/52xxx/CVE-2024-52959.json",
"dateUpdated": "2024-11-27T05:23:11.281Z"
"cveId": "CVE-2024-11219",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11219",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11219.json",
"dateUpdated": "2024-11-27T05:31:54.882Z"
}
],
"updated": [],
Expand Down
34 changes: 20 additions & 14 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,24 @@
[
{
"fetchTime": "2024-11-27T05:39:45.872Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-11083",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11083",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11083.json",
"dateUpdated": "2024-11-27T05:31:54.074Z"
},
{
"cveId": "CVE-2024-11219",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11219",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11219.json",
"dateUpdated": "2024-11-27T05:31:54.882Z"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-11-27T05:28:52.400Z",
"numberOfChanges": 2,
Expand Down Expand Up @@ -158553,19 +158573,5 @@
}
],
"error": []
},
{
"fetchTime": "2024-10-28T05:37:04.304Z",
"numberOfChanges": 1,
"new": [
{
"cveId": "CVE-2024-9162",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-9162",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/9xxx/CVE-2024-9162.json",
"dateUpdated": "2024-10-28T05:32:24.968Z"
}
],
"updated": [],
"error": []
}
]

0 comments on commit d27aa26

Please sign in to comment.