{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:H/I:N/PR:N/S:U/UI:R", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-15T04:15:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-27193", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:H/I:N/PR:N/S:U/UI:R", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2", "refsource": "MISC", "url": "https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:25:31.128Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27193", "datePublished": "2022-03-15T04:15:26", "dateReserved": "2022-03-15T00:00:00", "dateUpdated": "2024-08-03T05:25:31.128Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cvrf-csaf-converter_project:cvrf-csaf-converter:1.0.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "D9BB46F8-EDF9-4804-8AA3-59A4B9349757", "vulnerable": true}, {"criteria": "cpe:2.3:a:cvrf-csaf-converter_project:cvrf-csaf-converter:1.0.0:dev1:*:*:*:*:*:*", "matchCriteriaId": "B5639483-FB0F-4FD1-A251-42C9E0640E7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cvrf-csaf-converter_project:cvrf-csaf-converter:1.0.0:dev2:*:*:*:*:*:*", "matchCriteriaId": "4C56DD07-77B0-44B6-99BA-28E80F689E47", "vulnerable": true}, {"criteria": "cpe:2.3:a:cvrf-csaf-converter_project:cvrf-csaf-converter:1.0.0:dev3:*:*:*:*:*:*", "matchCriteriaId": "BD3110DC-B7AB-44AE-9A88-CE1746092524", "vulnerable": true}, {"criteria": "cpe:2.3:a:cvrf-csaf-converter_project:cvrf-csaf-converter:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C643CA3F-0C15-4A2E-87DB-7852B052DE0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter."}, {"lang": "es", "value": "CVRF-CSAF-Converter versiones anteriores a 1.0.0-rc2, resuelve vulnerabilidades de tipo XML External Entities (XXE). Esto conlleva a una inclusi\u00f3n de contenido de archivo arbitrario (local) en el documento de salida generado. Un atacante puede explotar esto para divulgar informaci\u00f3n del sistema que ejecuta el convertidor"}], "id": "CVE-2022-27193", "lastModified": "2024-11-21T06:55:22.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-15T05:15:07.193", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}