CVE-2024-10315 - OpenCVE

In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Ather Iqbal.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://portal.perforce.com/s/detail/a91PA000001SZVJYA4

History

Tue, 12 Nov 2024 14:45:00 +0000

Type	Values Removed	Values Added
Description	In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6	In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Ather Iqbal.

Tue, 12 Nov 2024 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 11 Nov 2024 19:30:00 +0000

Type	Values Removed	Values Added
Description		In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6
Title		Insecure Configuration in Gliffy Online
Weaknesses		CWE-942
References		https://portal.perforce.com/s/detail/a91PA000001SZVJYA4
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Perforce

Published: 2024-11-11T19:12:28.760Z

Updated: 2024-11-12T14:27:42.481Z

Reserved: 2024-10-23T18:41:31.201Z

Link: CVE-2024-10315

Vulnrichment

Updated: 2024-11-12T01:49:05.866Z

NVD

Status : Awaiting Analysis

Published: 2024-11-11T20:15:17.223

Modified: 2024-11-12T15:15:06.147

Link: CVE-2024-10315

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10315", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "state": "PUBLISHED", "assignerShortName": "Perforce", "dateReserved": "2024-10-23T18:41:31.201Z", "datePublished": "2024-11-11T19:12:28.760Z", "dateUpdated": "2024-11-12T14:27:42.481Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Gliffy Online", "vendor": "Gliffy", "versions": [{"lessThan": "4.14.0-6", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In </span><span style=\"background-color: rgb(255, 255, 255);\">Gliffy</span><span style=\"background-color: rgb(255, 255, 255);\"> Online an insecure configuration was discovered in versions before</span><span style=\"background-color: rgb(255, 255, 255);\"> 4.14.0-6</span>. Reported by Ather Iqbal.<br>"}], "value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Ather Iqbal."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-942", "description": "CWE-942", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2024-11-12T14:27:42.481Z"}, "references": [{"url": "https://portal.perforce.com/s/detail/a91PA000001SZVJYA4"}], "source": {"discovery": "UNKNOWN"}, "title": "Insecure Configuration in Gliffy Online", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T01:48:47.186557Z", "id": "CVE-2024-10315", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T01:49:08.763Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Insecure Configuration in Gliffy Online", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gliffy", "product": "Gliffy Online", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "4.14.0-6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://portal.perforce.com/s/detail/a91PA000001SZVJYA4"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In </span><span style=\"background-color: rgb(255, 255, 255);\">Gliffy</span><span style=\"background-color: rgb(255, 255, 255);\"> Online an insecure configuration was discovered in versions before</span><span style=\"background-color: rgb(255, 255, 255);\"> 4.14.0-6</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-942", "description": "CWE-942"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2024-11-11T19:13:16.948Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10315", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-12T01:48:47.186557Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-11-12T01:49:05.866Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-10315", "state": "PUBLISHED", "dateUpdated": "2024-11-11T19:13:16.948Z", "dateReserved": "2024-10-23T18:41:31.201Z", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "datePublished": "2024-11-11T19:12:28.760Z", "assignerShortName": "Perforce"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Ather Iqbal."}, {"lang": "es", "value": "En Gliffy Online se descubri\u00f3 una configuraci\u00f3n insegura en versiones anteriores a 4.14.0-6"}], "id": "CVE-2024-10315", "lastModified": "2024-11-12T15:15:06.147", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "HIGH"}, "source": "security@puppet.com", "type": "Secondary"}]}, "published": "2024-11-11T20:15:17.223", "references": [{"source": "security@puppet.com", "url": "https://portal.perforce.com/s/detail/a91PA000001SZVJYA4"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-942"}], "source": "security@puppet.com", "type": "Secondary"}]}