Advertisement
vic_npc

Untitled

May 31st, 2024
777
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 3.44 KB | Cybersecurity | 0 0
  1. "data": {
  2.       "vulnerability": {
  3.         "severity": "High",
  4.         "package": {
  5.           "condition": "Package unfixed",
  6.           "name": "rpm-common",
  7.           "source": "rpm",
  8.           "version": "4.14.2.1+dfsg1-1build2",
  9.           "architecture": "amd64"
  10.         },
  11.         "references": [
  12.           "https://bugzilla.redhat.com/show_bug.cgi?id=1964114",
  13.           "https://github.com/rpm-software-management/rpm/pull/1919",
  14.           "https://bugzilla.suse.com/show_bug.cgi?id=1157880",
  15.           "https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033",
  16.           "https://access.redhat.com/security/cve/CVE-2021-35938",
  17.           "https://rpm.org/wiki/Releases/4.18.0",
  18.           "https://nvd.nist.gov/vuln/detail/CVE-2021-35938",
  19.           "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35938",
  20.           "https://ubuntu.com/security/CVE-2021-35938"
  21.         ],
  22.         "cve_version": "4.0",
  23.         "assigner": "secalert@redhat.com",
  24.         "published": "2022-08-25",
  25.         "cwe_reference": "CWE-59",
  26.         "title": "CVE-2021-35938 affects rpm-common",
  27.         "type": "PACKAGE",
  28.         "rationale": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
  29.         "cve": "CVE-2021-35938",
  30.         "cvss": {
  31.           "cvss3": {
  32.             "base_score": "7.800000",
  33.             "vector": {
  34.               "user_interaction": "none",
  35.               "integrity_impact": "high",
  36.               "scope": "unchanged",
  37.               "confidentiality_impact": "high",
  38.               "availability": "high",
  39.               "attack_vector": "local",
  40.               "access_complexity": "low",
  41.               "privileges_required": "low"
  42.             }
  43.           }
  44.         },
  45.         "updated": "2022-08-31",
  46.         "status": "Active"
  47.       }
  48.     },
  49.     "rule": {
  50.       "firedtimes": 458,
  51.       "mail": false,
  52.       "level": 10,
  53.       "pci_dss": [
  54.         "11.2.1",
  55.         "11.2.3"
  56.       ],
  57.       "tsc": [
  58.         "CC7.1",
  59.         "CC7.2"
  60.       ],
  61.       "description": "CVE-2021-35938 affects rpm-common",
  62.       "groups": [
  63.         "vulnerability-detector"
  64.       ],
  65.       "id": "23505",
  66.       "gdpr": [
  67.         "IV_35.7.d"
  68.       ]
  69.     },
  70.     "location": "vulnerability-detector",
  71.     "decoder": {
  72.       "name": "json"
  73.     },
  74.     "id": "1664242144.7029312",
  75.     "timestamp": "2022-09-27T04:29:04.491+0300"
  76.   },
  77.   "fields": {
  78.     "data.vulnerability.published": [
  79.       "2022-08-25T00:00:00.000Z"
  80.     ],
  81.     "data.vulnerability.updated": [
  82.       "2022-08-31T00:00:00.000Z"
  83.     ],
  84.     "timestamp": [
  85.       "2022-09-27T01:29:04.491Z"
  86.     ]
  87.   },
  88.   "highlight": {
  89.     "agent.id": [
  90.       "@opensearch-dashboards-highlighted-field@010@/opensearch-dashboards-highlighted-field@"
  91.     ],
  92.     "manager.name": [
  93.       "@opensearch-dashboards-highlighted-field@localhost.localdomain@/opensearch-dashboards-highlighted-field@"
  94.     ],
  95.     "rule.groups": [
  96.       "@opensearch-dashboards-highlighted-field@vulnerability-detector@/opensearch-dashboards-highlighted-field@"
  97.     ]
  98.   },
  99.   "sort": [
  100.     1664242144491
  101.   ]
  102. }
Tags: Cvv
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement