diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-12 21:43:28 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-12 21:43:28 +0200 |
commit | d70c82829078c52e6acf0f2c9ad1b58e0d90d344 (patch) | |
tree | d7cd39bdea3bff138e9c3be536624f80e48fbe6e | |
parent | 3eb58d7fbeaedbe92c45bcf098da2e0673526958 (diff) |
Sync several gitlab issues with advisory from May 27, 2020
-rw-r--r-- | data/CVE/list | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/data/CVE/list b/data/CVE/list index 411e1348ba..50f2c0624d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -9975,37 +9975,50 @@ CVE-2020-13278 CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...) - gitlab <unfixed> CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...) - - gitlab <unfixed> + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13275 (A user with an unverified email address could request an access to dom ...) - - gitlab <not-affected> (Specific to EE) + - gitlab <not-affected> (Only affects GitLab EE/CE 12.2 and later) CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...) - - gitlab <unfixed> + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...) - - gitlab <unfixed> + - gitlab <not-affected> (Only affects GitLab 12.0 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...) - gitlab <unfixed> CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...) - - gitlab <unfixed> + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...) - - gitlab <unfixed> + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the execution o ...) - - gitlab <unfixed> + - gitlab <not-affected> (Only affects GitLab 12.10 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13268 (A specially crafted request could be used to confirm the existence of ...) - - gitlab <unfixed> + - gitlab <not-affected> (Only affects GitLab 12.10 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the execution on J ...) - - gitlab <unfixed> + - gitlab <not-affected> (Only affects GitLab 12.8 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...) - - gitlab <unfixed> + - gitlab <not-affected> (Only affects GitLab 12.8 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through ...) - - gitlab <unfixed> + - gitlab <not-affected> (Only affects GitLab 12.5 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...) - - gitlab <unfixed> + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...) - gitlab <not-affected> (Specific to EE) CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...) - - gitlab <unfixed> + - gitlab <not-affected> (Only affects GitLab 12.9 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...) - - gitlab <unfixed> + - gitlab <not-affected> (Only affects GitLab 12.6 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13260 RESERVED CVE-2020-13259 |