cve-2023-51447
Vulnerability from cvelistv5
Published
2024-02-20 17:29
Modified
2024-08-26 14:47
Severity ?
EPSS score ?
Summary
Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:32:09.936Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", }, { name: "https://github.com/decidim/decidim/pull/11612", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/pull/11612", }, { name: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { name: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "decidim", vendor: "decidim", versions: [ { lessThan: "0.27.5", status: "affected", version: "0.27.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-51447", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-21T19:26:23.301660Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-26T14:47:59.180Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "decidim", vendor: "decidim", versions: [ { status: "affected", version: ">= 0.27.0, < 0.27.5", }, ], }, ], descriptions: [ { lang: "en", value: "Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-20T17:29:35.677Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq", }, { name: "https://github.com/decidim/decidim/pull/11612", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/pull/11612", }, { name: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.27.5", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.27.5", }, { name: "https://github.com/decidim/decidim/releases/tag/v0.28.0", tags: [ "x_refsource_MISC", ], url: "https://github.com/decidim/decidim/releases/tag/v0.28.0", }, { name: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", tags: [ "x_refsource_MISC", ], url: "https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14", }, ], source: { advisory: "GHSA-9w99-78rj-hmxq", discovery: "UNKNOWN", }, title: "Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-51447", datePublished: "2024-02-20T17:29:35.677Z", dateReserved: "2023-12-19T15:19:39.615Z", dateUpdated: "2024-08-26T14:47:59.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2023-51447\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-02-20T18:15:50.547\",\"lastModified\":\"2024-12-16T22:43:27.217\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals.\"},{\"lang\":\"es\",\"value\":\"Decidim es un framework de democracia participativa. A partir de la versión 0.27.0 y antes de las versiones 0.27.5 y 0.28.0, la función de carga dinámica de archivos está sujeta a posibles ataques de Cross-site scripting en caso de que el atacante logre modificar los nombres de los archivos de los registros que se cargan en el servidor. Esto aparece en secciones donde el usuario controla los cuadros de diálogo de carga de archivos y tiene el conocimiento técnico para cambiar los nombres de los archivos a través del endpoint de carga dinámica. Por lo tanto, creo que requeriría que el atacante controlara toda la sesión del usuario en particular, pero en cualquier caso, esto debe solucionarse. La explotación exitosa de esta vulnerabilidad requeriría que el usuario haya subido exitosamente un blob de archivos al servidor con un nombre de archivo malicioso y luego tenga la posibilidad de dirigir al otro usuario a la página de edición del registro donde se adjunta el archivo adjunto. Los usuarios pueden crear ellos mismos las solicitudes de carga directa controlando el nombre del archivo que se almacena en la base de datos. El atacante puede cambiar el nombre del archivo, por ejemplo, a `` si sabe cómo elaborar estas solicitudes por sí mismo. Y luego ingrese el ID del blob devuelto en las entradas del formulario manualmente modificando la fuente de la página de edición. Las versiones 0.27.5 y 0.28.0 contienen un parche para este problema. Como workaround, deshabilite las cargas dinámicas para la instancia, por ejemplo, desde propuestas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:decidim:decidim:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"0.27.0\",\"versionEndExcluding\":\"0.27.5\",\"matchCriteriaId\":\"38FDE900-4C89-45E3-821E-BF6F2A69C587\"}]}]}],\"references\":[{\"url\":\"https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/decidim/decidim/pull/11612\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/decidim/decidim/releases/tag/v0.27.5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/decidim/decidim/releases/tag/v0.28.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/decidim/decidim/pull/11612\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/decidim/decidim/releases/tag/v0.27.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/decidim/decidim/releases/tag/v0.28.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq\", \"name\": \"https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/decidim/decidim/pull/11612\", \"name\": \"https://github.com/decidim/decidim/pull/11612\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423\", \"name\": \"https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/decidim/decidim/releases/tag/v0.27.5\", \"name\": \"https://github.com/decidim/decidim/releases/tag/v0.27.5\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/decidim/decidim/releases/tag/v0.28.0\", \"name\": \"https://github.com/decidim/decidim/releases/tag/v0.28.0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14\", \"name\": \"https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:32:09.936Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-51447\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-21T19:26:23.301660Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:decidim:decidim:*:*:*:*:*:*:*:*\"], \"vendor\": \"decidim\", \"product\": \"decidim\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.27.0\", \"lessThan\": \"0.27.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-26T14:47:47.526Z\"}}], \"cna\": {\"title\": \"Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads\", \"source\": {\"advisory\": \"GHSA-9w99-78rj-hmxq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"decidim\", \"product\": \"decidim\", \"versions\": [{\"status\": \"affected\", \"version\": \">= 0.27.0, < 0.27.5\"}]}], \"references\": [{\"url\": \"https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq\", \"name\": \"https://github.com/decidim/decidim/security/advisories/GHSA-9w99-78rj-hmxq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/decidim/decidim/pull/11612\", \"name\": \"https://github.com/decidim/decidim/pull/11612\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423\", \"name\": \"https://github.com/decidim/decidim/commit/aaf72787cf18beeeb6a771c1f7cbb7654b073423\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/decidim/decidim/releases/tag/v0.27.5\", \"name\": \"https://github.com/decidim/decidim/releases/tag/v0.27.5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/decidim/decidim/releases/tag/v0.28.0\", \"name\": \"https://github.com/decidim/decidim/releases/tag/v0.28.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14\", \"name\": \"https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed. Successful exploit of this vulnerability would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached. The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database. The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source. Versions 0.27.5 and 0.28.0 contain a patch for this issue. As a workaround, disable dynamic uploads for the instance, e.g. from proposals.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-02-20T17:29:35.677Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2023-51447\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-26T14:47:59.180Z\", \"dateReserved\": \"2023-12-19T15:19:39.615Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-02-20T17:29:35.677Z\", \"assignerShortName\": \"GitHub_M\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.