From 32d413c348405c5816c2b9157247f16d7e59ae8a Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Wed, 23 Aug 2023 19:29:23 +0000 Subject: [PATCH] Add CWE names to existing advisories --- README.md | 3 ++- advisories/hackage/aeson/HSEC-2023-0001.md | 2 +- advisories/hackage/base/HSEC-2023-0007.md | 3 ++- advisories/hackage/biscuit-haskell/HSEC-2023-0002.md | 2 +- advisories/hackage/git-annex/HSEC-2023-0009.md | 3 ++- advisories/hackage/git-annex/HSEC-2023-0010.md | 3 ++- advisories/hackage/git-annex/HSEC-2023-0011.md | 2 +- advisories/hackage/git-annex/HSEC-2023-0012.md | 2 +- advisories/hackage/git-annex/HSEC-2023-0013.md | 2 +- advisories/hackage/hledger-web/HSEC-2023-0008.md | 2 +- advisories/hackage/pandoc/HSEC-2023-0014.md | 2 +- advisories/hackage/tls-extra/HSEC-2023-0005.md | 2 +- advisories/hackage/x509-validation/HSEC-2023-0006.md | 2 +- advisories/hackage/xml-conduit/HSEC-2023-0004.md | 2 +- advisories/hackage/xmonad-contrib/HSEC-2023-0003.md | 2 +- 15 files changed, 19 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index f67a0235..007931fb 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,8 @@ id = "HSEC-0000-0000" date = 2021-01-31 # Optional: Classification of the advisory with respect to the Common Weakness Enumeration. -cwe = [820] +# Get number and names from https://cwe.mitre.org/, or look at the Security.CWE.Data module. +cwe = ["820: Missing Synchronization"] # Arbitrary keywords. We recommend to include keywords relating # to the protocols, data formats or services pertaining to the diff --git a/advisories/hackage/aeson/HSEC-2023-0001.md b/advisories/hackage/aeson/HSEC-2023-0001.md index 92263db5..cc1d170d 100644 --- a/advisories/hackage/aeson/HSEC-2023-0001.md +++ b/advisories/hackage/aeson/HSEC-2023-0001.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0001" -cwe = ["Use of Weak Hash", "Uncontrolled Resource Consumption"] +cwe = ["328: Use of Weak Hash", "400: Uncontrolled Resource Consumption"] keywords = ["json", "dos", "historical"] aliases = ["CVE-2022-3433"] diff --git a/advisories/hackage/base/HSEC-2023-0007.md b/advisories/hackage/base/HSEC-2023-0007.md index 0987d8c8..6d6df136 100644 --- a/advisories/hackage/base/HSEC-2023-0007.md +++ b/advisories/hackage/base/HSEC-2023-0007.md @@ -1,7 +1,8 @@ ```toml [advisory] id = "HSEC-2023-0007" -cwe = [1284, 789] +cwe = ["1284: Improper Validation of Specified Quantity in Input", + "789: Memory Allocation with Excessive Size Value"] keywords = ["toml", "parser", "dos"] [[affected]] diff --git a/advisories/hackage/biscuit-haskell/HSEC-2023-0002.md b/advisories/hackage/biscuit-haskell/HSEC-2023-0002.md index 9fba4bd7..099fdcf4 100644 --- a/advisories/hackage/biscuit-haskell/HSEC-2023-0002.md +++ b/advisories/hackage/biscuit-haskell/HSEC-2023-0002.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0002" -cwe = [347] +cwe = ["347: Improper Verification of Cryptographic Signature"] keywords = ["crypto", "historical"] aliases = ["CVE-2022-31053"] related = ["GHSA-75rw-34q6-72cr"] diff --git a/advisories/hackage/git-annex/HSEC-2023-0009.md b/advisories/hackage/git-annex/HSEC-2023-0009.md index 918c01fd..bf7ba357 100644 --- a/advisories/hackage/git-annex/HSEC-2023-0009.md +++ b/advisories/hackage/git-annex/HSEC-2023-0009.md @@ -1,7 +1,8 @@ ```toml [advisory] id = "HSEC-2023-0009" -cwe = [20, 78] +cwe = ["20: Improper Input Validation", + "78: Improper Neutralization of Special Elements used in an OS Command"] keywords = ["ssh", "command-injection", "historical"] aliases = ["CVE-2017-12976"] related = ["CVE-2017-9800", "CVE-2017-12836", "CVE-2017-1000116", "CVE-2017-1000117"] diff --git a/advisories/hackage/git-annex/HSEC-2023-0010.md b/advisories/hackage/git-annex/HSEC-2023-0010.md index 2c5a1a02..80c9d1f0 100644 --- a/advisories/hackage/git-annex/HSEC-2023-0010.md +++ b/advisories/hackage/git-annex/HSEC-2023-0010.md @@ -1,7 +1,8 @@ ```toml [advisory] id = "HSEC-2023-0010" -cwe = [200, 610] +cwe = ["200: Exposure of Sensitive Information to an Unauthorized Actor", + "610: Externally Controlled Reference to a Resource in Another Sphere"] keywords = ["exfiltration", "historical"] aliases = ["CVE-2018-10857"] diff --git a/advisories/hackage/git-annex/HSEC-2023-0011.md b/advisories/hackage/git-annex/HSEC-2023-0011.md index 7adc7c0e..d2bf9d84 100644 --- a/advisories/hackage/git-annex/HSEC-2023-0011.md +++ b/advisories/hackage/git-annex/HSEC-2023-0011.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0011" -cwe = [200] +cwe = ["200: Exposure of Sensitive Information to an Unauthorized Actor"] keywords = ["exfiltration", "pgp", "historical"] aliases = ["CVE-2018-10859"] related = ["HSEC-2023-0010", "CVE-2018-10857"] diff --git a/advisories/hackage/git-annex/HSEC-2023-0012.md b/advisories/hackage/git-annex/HSEC-2023-0012.md index c0d6ba26..091cabe5 100644 --- a/advisories/hackage/git-annex/HSEC-2023-0012.md +++ b/advisories/hackage/git-annex/HSEC-2023-0012.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0012" -cwe = [200] +cwe = ["200: Exposure of Sensitive Information to an Unauthorized Actor"] keywords = ["historical"] [[affected]] diff --git a/advisories/hackage/git-annex/HSEC-2023-0013.md b/advisories/hackage/git-annex/HSEC-2023-0013.md index ff59b37b..8bb32441 100644 --- a/advisories/hackage/git-annex/HSEC-2023-0013.md +++ b/advisories/hackage/git-annex/HSEC-2023-0013.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0013" -cwe = [312] +cwe = ["312: Cleartext Storage of Sensitive Information"] keywords = ["historical"] aliases = ["CVE-2014-6274"] diff --git a/advisories/hackage/hledger-web/HSEC-2023-0008.md b/advisories/hackage/hledger-web/HSEC-2023-0008.md index 9746784c..169dc5f4 100644 --- a/advisories/hackage/hledger-web/HSEC-2023-0008.md +++ b/advisories/hackage/hledger-web/HSEC-2023-0008.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0008" -cwe = [87] +cwe = ["87: Improper Neutralization of Alternate XSS Syntax"] keywords = ["web", "xss", "historical"] aliases = ["CVE-2021-46888"] diff --git a/advisories/hackage/pandoc/HSEC-2023-0014.md b/advisories/hackage/pandoc/HSEC-2023-0014.md index 4fe6be14..01298a05 100644 --- a/advisories/hackage/pandoc/HSEC-2023-0014.md +++ b/advisories/hackage/pandoc/HSEC-2023-0014.md @@ -3,7 +3,7 @@ id = "HSEC-2023-0014" keywords = ["file write"] aliases = ["CVE-2023-35936", "GHSA-xj5q-fv23-575g"] -cwe = [20] +cwe = ["20: Improper Input Validation"] [[references]] type = "REPORT" diff --git a/advisories/hackage/tls-extra/HSEC-2023-0005.md b/advisories/hackage/tls-extra/HSEC-2023-0005.md index acb61ec1..d7027acd 100644 --- a/advisories/hackage/tls-extra/HSEC-2023-0005.md +++ b/advisories/hackage/tls-extra/HSEC-2023-0005.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0005" -cwe = [295] +cwe = ["295: Improper Certificate Validation"] keywords = ["x509", "pki", "mitm", "historical"] aliases = ["CVE-2013-0243"] diff --git a/advisories/hackage/x509-validation/HSEC-2023-0006.md b/advisories/hackage/x509-validation/HSEC-2023-0006.md index da8f6b6a..01b9f82c 100644 --- a/advisories/hackage/x509-validation/HSEC-2023-0006.md +++ b/advisories/hackage/x509-validation/HSEC-2023-0006.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0006" -cwe = [295] +cwe = ["295: Improper Certificate Validation"] keywords = ["x509", "pki", "historical"] [[affected]] diff --git a/advisories/hackage/xml-conduit/HSEC-2023-0004.md b/advisories/hackage/xml-conduit/HSEC-2023-0004.md index 0822a530..4e383a9c 100644 --- a/advisories/hackage/xml-conduit/HSEC-2023-0004.md +++ b/advisories/hackage/xml-conduit/HSEC-2023-0004.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0004" -cwe = [776] +cwe = ["776: Improper Restriction of Recursive Entity References in DTDs"] keywords = ["xml", "dos", "historical"] aliases = ["CVE-2021-4249", "VDB-216204"] diff --git a/advisories/hackage/xmonad-contrib/HSEC-2023-0003.md b/advisories/hackage/xmonad-contrib/HSEC-2023-0003.md index 1fc84e71..e0bd7cb6 100644 --- a/advisories/hackage/xmonad-contrib/HSEC-2023-0003.md +++ b/advisories/hackage/xmonad-contrib/HSEC-2023-0003.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "HSEC-2023-0003" -cwe = [94] +cwe = ["94: Improper Control of Generation of Code"] keywords = ["code", "injection", "historical"] aliases = ["CVE-2013-1436"]