From 085a3ac9c439d92b2654fe536177d5b4800dc6a9 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 29 Jan 2020 21:43:42 +0100 Subject: Add references for gitlab release from 2019/09/30 (Some CVEs assigned) Open question remains if actually gitlab might just be removed from the archive at least in unstable. The current situation does not seem to make much sense as issues never get fixed in unstable. --- data/CVE/list | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index ff57135a73..3acd1258d1 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -29944,6 +29944,7 @@ CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8, and CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...) - gitlab NOTE: https://hackerone.com/reports/497047 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager <= 2.1 ...) NOT-FOR-US: Nexus Repository Manager CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...) @@ -29951,33 +29952,45 @@ CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript - ruby-loofah 2.3.1+dfsg-1 (bug #942894) NOTE: https://github.com/flavorjones/loofah/issues/171 CVE-2019-15586 (A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. ...) - TODO: check + - gitlab (Only affects Gitlab 12.1) + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6, and < 1 ...) - TODO: check + - gitlab + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and < ...) - gitlab NOTE: https://hackerone.com/reports/670572 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - TODO: check + - gitlab + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 f ...) - TODO: check + - gitlab + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLa ...) - TODO: check + - gitlab + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...) - gitlab (Only affects EE) + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - TODO: check + - gitlab + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - TODO: check + - gitlab + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab NOTE: https://hackerone.com/reports/636560 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab NOTE: https://hackerone.com/reports/633001 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, a ...) - gitlab NOTE: https://hackerone.com/reports/682442 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in account ...) NOT-FOR-US: Gesior-AAC CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. ...) @@ -60357,6 +60370,7 @@ CVE-2019-5487 (An improper access control vulnerability exists in Gitlab EE < CVE-2019-5486 (A authentication bypass vulnerability exists in GitLab CE/EE <v12.3 ...) - gitlab NOTE: https://hackerone.com/reports/617896 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...) NOT-FOR-US: node gitlabhook CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file ...) -- cgit v1.2.3