diff --git a/advisories/github-reviewed/2025/02/GHSA-5rjc-jc28-cwgg/GHSA-5rjc-jc28-cwgg.json b/advisories/github-reviewed/2025/02/GHSA-5rjc-jc28-cwgg/GHSA-5rjc-jc28-cwgg.json new file mode 100644 index 00000000000..9849e91cdc4 --- /dev/null +++ b/advisories/github-reviewed/2025/02/GHSA-5rjc-jc28-cwgg/GHSA-5rjc-jc28-cwgg.json @@ -0,0 +1,74 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5rjc-jc28-cwgg", + "modified": "2025-02-07T20:47:46Z", + "published": "2025-02-07T20:47:46Z", + "aliases": [], + "summary": "Connect-CMS Access control vulnerability", + "details": "### Impact(影響)\n\nThere is an Access control vulnerability on the management system of Connect-CMS.\nAffected Version : Connect-CMS v1.8.6, 2.4.6 and earlier\n\n### Patches(修正バージョン)\n\nversion v1.8.7, v2.4.7\n\n### Workarounds(運用回避手段)\n\nUpgrade Connect-CMS to latest version", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "opensource-workshop/connect-cms" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.8.7" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "opensource-workshop/connect-cms" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2.0.0" + }, + { + "fixed": "2.4.7" + } + ] + } + ] + } + ], + "references": [ + { + "type": "WEB", + "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg" + }, + { + "type": "PACKAGE", + "url": "https://github.com/opensource-workshop/connect-cms" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-284" + ], + "severity": "MODERATE", + "github_reviewed": true, + "github_reviewed_at": "2025-02-07T20:47:46Z", + "nvd_published_at": null + } +} \ No newline at end of file