Refine your search
2 vulnerabilities found for FitNesse by unclebob
jvndb-2024-000119
Vulnerability from jvndb
Published
2024-11-15 13:37
Modified
2024-11-20 11:18
Severity ?
Summary
Multiple vulnerabilities in FitNesse
Details
FitNesse provided by unclebob contains multiple vulnerabilities listed below.
<ul><li>Cross-site scripting (CWE-79) - CVE-2024-39610</li>
<li>Path traversal (CWE-22) - CVE-2024-42499</li></ul>
Takeshi Kaneko of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000119.html",
"dc:date": "2024-11-20T11:18+09:00",
"dcterms:issued": "2024-11-15T13:37+09:00",
"dcterms:modified": "2024-11-20T11:18+09:00",
"description": "FitNesse provided by unclebob contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2024-39610\u003c/li\u003e\r\n\u003cli\u003ePath traversal (CWE-22) - CVE-2024-42499\u003c/li\u003e\u003c/ul\u003e\r\nTakeshi Kaneko of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000119.html",
"sec:cpe": {
"#text": "cpe:/a:fitnesse:fitnesse",
"@product": "FitNesse",
"@vendor": "unclebob",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000119",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36791327/index.html",
"@id": "JVN#36791327",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39610",
"@id": "CVE-2024-39610",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-42499",
"@id": "CVE-2024-42499",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in FitNesse"
}
jvndb-2024-000032
Vulnerability from jvndb
Published
2024-03-18 14:08
Modified
2024-03-19 11:02
Severity ?
Summary
Multiple vulnerabilities in FitNesse
Details
FitNesse contains multiple vulnerabilities listed below.<ul><li>Multiple cross-site scripting (CWE-79) - CVE-2024-23604, CVE-2024-28128</li><li>Improper restriction of XML external entity references (CWE-611) -CVE-2024-28039</li><li>OS command injection (CWE-78) - CVE-2024-28125</li></ul>CVE-2024-23604, CVE-2024-28039, CVE-2024-28125
Kanta Nishitani of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-28128
Yutaka WATANABE of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000032.html",
"dc:date": "2024-03-19T11:02+09:00",
"dcterms:issued": "2024-03-18T14:08+09:00",
"dcterms:modified": "2024-03-19T11:02+09:00",
"description": "FitNesse contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eMultiple cross-site scripting (CWE-79) - CVE-2024-23604, CVE-2024-28128\u003c/li\u003e\u003cli\u003eImproper restriction of XML external entity references (CWE-611) -CVE-2024-28039\u003c/li\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2024-28125\u003c/li\u003e\u003c/ul\u003eCVE-2024-23604, CVE-2024-28039, CVE-2024-28125\r\nKanta Nishitani of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-28128\r\nYutaka WATANABE of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000032.html",
"sec:cpe": [
{
"#text": "cpe:/a:fitnesse:fitnesse",
"@product": "FitNesse",
"@vendor": "unclebob",
"@version": "2.2"
},
{
"#text": "cpe:/a:fitnesse:fitnesse",
"@product": "FitNesse",
"@vendor": "unclebob",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000032",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN94521208/index.html",
"@id": "JVN#94521208",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23604",
"@id": "CVE-2024-23604",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28039",
"@id": "CVE-2024-28039",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28125",
"@id": "CVE-2024-28125",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28128",
"@id": "CVE-2024-28128",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in FitNesse"
}