diff options
| author | Neil Williams <codehelp@debian.org> | 2022-02-14 09:55:44 +0000 |
|---|---|---|
| committer | Neil Williams <codehelp@debian.org> | 2022-02-14 09:55:44 +0000 |
| commit | a3598b6f2b89313506601c36074b5f3f5ca5f6f2 (patch) | |
| tree | 5ce217e2dbf71a104b234f0d1ba610072733e6c1 | |
| parent | f8f6570dd371e9eff266e50844ed22069fae242c (diff) | |
CVE-2021-39892,39939,39943/gitlab - add notes
| -rw-r--r-- | data/CVE/list.2021 | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index ba82fa9d9b..6b12b24d7c 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -17079,7 +17079,8 @@ CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all ve CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...) - TODO: check + - gitlab <unfixed> + TODO: reach out for details CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - gitlab <unfixed> CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) @@ -17087,7 +17088,10 @@ CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...) - TODO: check + - gitlab <unfixed> + NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630 + NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/ + NOTE: fix released in 14.3.4, 14.6 in experimental. CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...) - gitlab <unfixed> CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...) @@ -17219,7 +17223,9 @@ CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebindi CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) - gitlab <unfixed> CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...) - TODO: check + - gitlab <unfixed> + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440 + NOTE: fix released in 14.3.1, 14.6 in experimental. CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - gitlab <unfixed> CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) |