diff --git a/advisories/unreviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json b/advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json similarity index 51% rename from advisories/unreviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json rename to advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json index ff86fa4f7ab7d..44c7ab4850191 100644 --- a/advisories/unreviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json +++ b/advisories/github-reviewed/2024/12/GHSA-2697-96mv-3gfm/GHSA-2697-96mv-3gfm.json @@ -1,14 +1,40 @@ { "schema_version": "1.4.0", "id": "GHSA-2697-96mv-3gfm", - "modified": "2024-12-30T15:31:59Z", + "modified": "2024-12-30T18:06:11Z", "published": "2024-12-30T15:31:59Z", "aliases": [ "CVE-2024-50701" ], + "summary": "TeamPass does not properly check whether a folder is in a user's allowed folders list", "details": "TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.", - "severity": [], - "affected": [], + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "nilsteampassnet/teampass" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.1.3.1" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", @@ -18,6 +44,10 @@ "type": "WEB", "url": "https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d" }, + { + "type": "PACKAGE", + "url": "https://github.com/nilsteampassnet/TeamPass" + }, { "type": "WEB", "url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1" @@ -28,10 +58,12 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, + "cwe_ids": [ + "CWE-285" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-12-30T18:06:11Z", "nvd_published_at": "2024-12-30T15:15:10Z" } } \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json b/advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json similarity index 50% rename from advisories/unreviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json rename to advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json index f1be37321bdad..434114bfe2bf3 100644 --- a/advisories/unreviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json +++ b/advisories/github-reviewed/2024/12/GHSA-7rm3-4w6j-8xx4/GHSA-7rm3-4w6j-8xx4.json @@ -1,14 +1,40 @@ { "schema_version": "1.4.0", "id": "GHSA-7rm3-4w6j-8xx4", - "modified": "2024-12-30T15:31:59Z", + "modified": "2024-12-30T18:06:25Z", "published": "2024-12-30T15:31:59Z", "aliases": [ "CVE-2024-50702" ], + "summary": "TeamPass mail_me operation authorization issue", "details": "TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.", - "severity": [], - "affected": [], + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "nilsteampassnet/teampass" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.1.3.1" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", @@ -18,6 +44,10 @@ "type": "WEB", "url": "https://github.com/nilsteampassnet/TeamPass/commit/35e2b479f2379545b4132bc30a9d052ba7018bf9" }, + { + "type": "PACKAGE", + "url": "https://github.com/nilsteampassnet/TeamPass" + }, { "type": "WEB", "url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1" @@ -28,10 +58,12 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, + "cwe_ids": [ + "CWE-285" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2024-12-30T18:06:25Z", "nvd_published_at": "2024-12-30T15:15:10Z" } } \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json b/advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json similarity index 50% rename from advisories/unreviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json rename to advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json index 105838b857cd4..c23fbec970bc2 100644 --- a/advisories/unreviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json +++ b/advisories/github-reviewed/2024/12/GHSA-9wmc-988h-2mv2/GHSA-9wmc-988h-2mv2.json @@ -1,14 +1,40 @@ { "schema_version": "1.4.0", "id": "GHSA-9wmc-988h-2mv2", - "modified": "2024-12-30T15:31:59Z", + "modified": "2024-12-30T18:06:34Z", "published": "2024-12-30T15:31:59Z", "aliases": [ "CVE-2024-50703" ], + "summary": "TeamPass privileges issue", "details": "TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.", - "severity": [], - "affected": [], + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "nilsteampassnet/teampass" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.1.3.1" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", @@ -18,6 +44,10 @@ "type": "WEB", "url": "https://github.com/nilsteampassnet/TeamPass/commit/c7f7f809071eaa9e04505ee79cec7049a42959e9" }, + { + "type": "PACKAGE", + "url": "https://github.com/nilsteampassnet/TeamPass" + }, { "type": "WEB", "url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1" @@ -28,10 +58,12 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, - "github_reviewed": false, - "github_reviewed_at": null, + "cwe_ids": [ + "CWE-639" + ], + "severity": "CRITICAL", + "github_reviewed": true, + "github_reviewed_at": "2024-12-30T18:06:34Z", "nvd_published_at": "2024-12-30T15:15:10Z" } } \ No newline at end of file