diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-29 21:43:42 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-29 21:43:42 +0100 |
| commit | 2fc0b997a71f4a77485ad7e5004c412f22462740 (patch) | |
| tree | cc8870498d407ca32b417f4c208e7a110d224ae4 | |
| parent | 8bb7fde32914275bf4c0eaf15b51a11b4a52186e (diff) | |
Add references for gitlab release from 2019/09/30 (Some CVEs assigned)
Open question remains if actually gitlab might just be removed from the
archive at least in unstable. The current situation does not seem to
make much sense as issues never get fixed in unstable.
| -rw-r--r-- | data/CVE/list.2019 | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 649d6c060c..3009e572d3 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -11940,6 +11940,7 @@ CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8, and CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/497047 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager <= 2.1 ...) NOT-FOR-US: Nexus Repository Manager CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...) @@ -11947,33 +11948,45 @@ CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript - ruby-loofah 2.3.1+dfsg-1 (bug #942894) NOTE: https://github.com/flavorjones/loofah/issues/171 CVE-2019-15586 (A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. ...) - TODO: check + - gitlab <not-affected> (Only affects Gitlab 12.1) + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6, and < 1 ...) - TODO: check + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and < ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/670572 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - TODO: check + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 f ...) - TODO: check + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLa ...) - TODO: check + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...) - gitlab <not-affected> (Only affects EE) + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - TODO: check + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - TODO: check + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/636560 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/633001 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, a ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/682442 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in account ...) NOT-FOR-US: Gesior-AAC CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. ...) @@ -39192,6 +39205,7 @@ CVE-2019-5487 (An improper access control vulnerability exists in Gitlab EE < CVE-2019-5486 (A authentication bypass vulnerability exists in GitLab CE/EE <v12.3 ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/617896 + NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...) NOT-FOR-US: node gitlabhook CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file ...) |