Search
Find a vulnerability
Search criteria
8 vulnerabilities found for Central Dogma by LY Corporation
CVE-2026-11748 (GCVE-0-2026-11748)
Vulnerability from nvd – Published: 2026-06-22 02:37 – Updated: 2026-06-22 16:12
VLAI
Summary
A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LY Corporation | Central Dogma |
Unaffected:
0.84.0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:11:47.695670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:12:07.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Central Dogma",
"vendor": "LY Corporation",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-90",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T02:37:35.370Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2026-11748",
"datePublished": "2026-06-22T02:37:35.370Z",
"dateReserved": "2026-06-09T06:50:03.618Z",
"dateUpdated": "2026-06-22T16:12:07.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11746 (GCVE-0-2026-11746)
Vulnerability from nvd – Published: 2026-06-22 02:35 – Updated: 2026-06-22 16:13
VLAI
Summary
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LY Corporation | Central Dogma |
Unaffected:
0.84.0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11746",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:12:56.884349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:13:00.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-2j95-gqxf-v3vg"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Central Dogma",
"vendor": "LY Corporation",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-798",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T02:35:51.201Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-2j95-gqxf-v3vg"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2026-11746",
"datePublished": "2026-06-22T02:35:51.201Z",
"dateReserved": "2026-06-09T06:48:47.296Z",
"dateUpdated": "2026-06-22T16:13:00.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11745 (GCVE-0-2026-11745)
Vulnerability from nvd – Published: 2026-06-22 02:33 – Updated: 2026-06-22 16:29
VLAI
Summary
A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LY Corporation | Central Dogma |
Unaffected:
0.84.0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11745",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:29:39.280352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-322",
"description": "CWE-322 Key Exchange without Entity Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:29:43.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-vjfw-cpmh-xwv3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Central Dogma",
"vendor": "LY Corporation",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-322",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T02:33:08.952Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-vjfw-cpmh-xwv3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2026-11745",
"datePublished": "2026-06-22T02:33:08.952Z",
"dateReserved": "2026-06-09T06:46:10.431Z",
"dateUpdated": "2026-06-22T16:29:43.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11748 (GCVE-0-2026-11748)
Vulnerability from cvelistv5 – Published: 2026-06-22 02:37 – Updated: 2026-06-22 16:12
VLAI
Summary
A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LY Corporation | Central Dogma |
Unaffected:
0.84.0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:11:47.695670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:12:07.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Central Dogma",
"vendor": "LY Corporation",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-90",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T02:37:35.370Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2026-11748",
"datePublished": "2026-06-22T02:37:35.370Z",
"dateReserved": "2026-06-09T06:50:03.618Z",
"dateUpdated": "2026-06-22T16:12:07.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11746 (GCVE-0-2026-11746)
Vulnerability from cvelistv5 – Published: 2026-06-22 02:35 – Updated: 2026-06-22 16:13
VLAI
Summary
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LY Corporation | Central Dogma |
Unaffected:
0.84.0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11746",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:12:56.884349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:13:00.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-2j95-gqxf-v3vg"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Central Dogma",
"vendor": "LY Corporation",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-798",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T02:35:51.201Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-2j95-gqxf-v3vg"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2026-11746",
"datePublished": "2026-06-22T02:35:51.201Z",
"dateReserved": "2026-06-09T06:48:47.296Z",
"dateUpdated": "2026-06-22T16:13:00.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11745 (GCVE-0-2026-11745)
Vulnerability from cvelistv5 – Published: 2026-06-22 02:33 – Updated: 2026-06-22 16:29
VLAI
Summary
A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LY Corporation | Central Dogma |
Unaffected:
0.84.0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11745",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:29:39.280352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-322",
"description": "CWE-322 Key Exchange without Entity Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:29:43.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-vjfw-cpmh-xwv3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Central Dogma",
"vendor": "LY Corporation",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-322",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T02:33:08.952Z",
"orgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"shortName": "LY-Corporation"
},
"references": [
{
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-vjfw-cpmh-xwv3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "657f3255-0560-4aed-82e4-7f579ec6acfb",
"assignerShortName": "LY-Corporation",
"cveId": "CVE-2026-11745",
"datePublished": "2026-06-22T02:33:08.952Z",
"dateReserved": "2026-06-09T06:46:10.431Z",
"dateUpdated": "2026-06-22T16:29:43.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
JVNDB-2024-002342
Vulnerability from jvndb - Published: 2024-05-13 17:27 - Updated:2024-05-13 17:27
Severity
Summary
Central Dogma vulnerable to cross-site scripting
Details
Central Dogma provided by LY Corporation contains a cross-site scripting vulnerability (CWE-79, CVE-2024-1143) because RelayState data is not properly treated when Central Dogma processes SAML messages.
LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002342.html",
"dc:date": "2024-05-13T17:27+09:00",
"dcterms:issued": "2024-05-13T17:27+09:00",
"dcterms:modified": "2024-05-13T17:27+09:00",
"description": "Central Dogma provided by LY Corporation contains a cross-site scripting vulnerability (CWE-79, CVE-2024-1143) because RelayState data is not properly treated when Central Dogma processes SAML messages.\r\n\r\nLY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002342.html",
"sec:cpe": {
"#text": "cpe:/a:linecorp:central_dogma",
"@product": "Central Dogma",
"@vendor": "LY Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.3",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-002342",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99669446/index.html",
"@id": "JVNVU#99669446",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-1143",
"@id": "CVE-2024-1143",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-1143",
"@id": "CVE-2024-1143",
"@source": "NVD"
},
{
"#text": "https://docs.oasis-open.org/security/saml/v2.0/errata05/os/saml-v2.0-errata05-os.html#__RefHeading__8196_1983180497",
"@id": "SAML v2.0 Errata 05, E90: RelayState sanitization",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Central Dogma vulnerable to cross-site scripting"
}
JVNDB-2019-000050
Vulnerability from jvndb - Published: 2019-07-31 15:29 - Updated:2019-10-04 16:37
Severity
Summary
Central Dogma vulnerable to cross-site scripting
Details
Central Dogma provided by LINE Corporation contains a cross-site scripting vulnerability (CWE-79).
LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000050.html",
"dc:date": "2019-10-04T16:37+09:00",
"dcterms:issued": "2019-07-31T15:29+09:00",
"dcterms:modified": "2019-10-04T16:37+09:00",
"description": "Central Dogma provided by LINE Corporation contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nLINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000050.html",
"sec:cpe": {
"#text": "cpe:/a:linecorp:central_dogma",
"@product": "Central Dogma",
"@vendor": "LY Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000050",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN94889214/index.html",
"@id": "JVN#94889214",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6002",
"@id": "CVE-2019-6002",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6002",
"@id": "CVE-2019-6002",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Central Dogma vulnerable to cross-site scripting"
}