From c468312161f7ed2f25639a69489057b801805ef1 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Fri, 16 Feb 2024 22:41:04 +0000 Subject: [PATCH] 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2024-21984 - 0 updated CVEs: --- cves/2024/21xxx/CVE-2024-21984.json | 100 ++++++++++++++++++++++++++++ cves/delta.json | 10 +-- cves/deltaLog.json | 14 ++++ 3 files changed, 119 insertions(+), 5 deletions(-) create mode 100644 cves/2024/21xxx/CVE-2024-21984.json diff --git a/cves/2024/21xxx/CVE-2024-21984.json b/cves/2024/21xxx/CVE-2024-21984.json new file mode 100644 index 000000000000..5ca2db581d2d --- /dev/null +++ b/cves/2024/21xxx/CVE-2024-21984.json @@ -0,0 +1,100 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.0", + "cveMetadata": { + "cveId": "CVE-2024-21984", + "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", + "state": "PUBLISHED", + "assignerShortName": "netapp", + "dateReserved": "2024-01-03T19:45:25.346Z", + "datePublished": "2024-02-16T22:37:47.580Z", + "dateUpdated": "2024-02-16T22:37:47.580Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "product": "StorageGRID", + "vendor": "NetApp", + "versions": [ + { + "lessThan": "11.8", + "status": "affected", + "version": "0", + "versionType": "general availability" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 \nare susceptible to a difficult to exploit Reflected Cross-Site Scripting\n (XSS) vulnerability. Successful exploit requires the attacker to know \nspecific information about the target instance and trick a privileged \nuser into clicking a specially crafted link. This could allow the \nattacker to view or modify configuration settings or add or modify user \naccounts. \n\n\n\n\n" + } + ], + "value": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 \nare susceptible to a difficult to exploit Reflected Cross-Site Scripting\n (XSS) vulnerability. Successful exploit requires the attacker to know \nspecific information about the target instance and trick a privileged \nuser into clicking a specially crafted link. This could allow the \nattacker to view or modify configuration settings or add or modify user \naccounts. \n\n\n\n\n" + } + ], + "metrics": [ + { + "cvssV3_1": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", + "version": "3.1" + }, + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ] + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "description": "CWE-79", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", + "shortName": "netapp", + "dateUpdated": "2024-02-16T22:37:47.580Z" + }, + "references": [ + { + "url": "https://security.netapp.com/advisory/ntap-20240216-0013/" + } + ], + "source": { + "advisory": "NTAP-20240216-0013", + "discovery": "UNKNOWN" + }, + "title": "Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)", + "x_generator": { + "engine": "Vulnogram 0.1.0-dev" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index b71069d13d6d..fb8feffbd68f 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,12 +1,12 @@ { - "fetchTime": "2024-02-16T22:35:26.859Z", + "fetchTime": "2024-02-16T22:41:00.519Z", "numberOfChanges": 1, "new": [ { - "cveId": "CVE-2024-21983", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-21983", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/21xxx/CVE-2024-21983.json", - "dateUpdated": "2024-02-16T22:35:02.365Z" + "cveId": "CVE-2024-21984", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-21984", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/21xxx/CVE-2024-21984.json", + "dateUpdated": "2024-02-16T22:37:47.580Z" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index 9070637c4bb5..6cd108b5ba30 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,18 @@ [ + { + "fetchTime": "2024-02-16T22:41:00.519Z", + "numberOfChanges": 1, + "new": [ + { + "cveId": "CVE-2024-21984", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-21984", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/21xxx/CVE-2024-21984.json", + "dateUpdated": "2024-02-16T22:37:47.580Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2024-02-16T22:35:26.859Z", "numberOfChanges": 1,