admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-14 22:01:29 +00:00
parent ccf496b93d
commit 06c25d6b26
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 931 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2018/1xxx/CVE-2018-1285.json
View File

@ -98,6 +98,11 @@
"refsource": "MLIST",
"name": "[logging-dev] 20200906 [VOTE] [log4net] Release 2.0.10",
"url": "https://lists.apache.org/thread.html/r00b16ac5e0bbf7009a0d167ed58f3f94d0033b0f4b3e3d5025cc4872@%3Cdev.logging.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://issues.apache.org/jira/browse/LOG4NET-575",
"url": "https://issues.apache.org/jira/browse/LOG4NET-575"
}
]
},
@ -105,7 +110,7 @@
"description_data": [
{
"lang": "eng",
"value": "Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users."
"value": "Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files."
}
]
}

10
2019/7xxx/CVE-2019-7654.json
View File

@ -62,15 +62,15 @@
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7654-CSRF-Wowza",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7654-CSRF-Wowza"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7654.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2019-7654.txt"
},
{
"refsource": "CONFIRM",
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes",
"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notes"
},
{
"refsource": "MISC",
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7654.txt",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2019-7654.txt"
}
]
}

90
2020/13xxx/CVE-2020-13297.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13297",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0, <13.1.10"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.3, <13.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/32215",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/32215",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/691592",
"url": "https://hackerone.com/reports/691592",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13297.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13297.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.7,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [xanbanx](https://hackerone.com/xanbanx) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2020/13xxx/CVE-2020-13298.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13298",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.3, <13.3.4"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.1, <13.1.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/228841",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/228841",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/923027",
"url": "https://hackerone.com/reports/923027",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [ledz1996](https://hackerone.com/ledz1996) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2020/13xxx/CVE-2020-13301.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=12.10, <13.1.10"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.3, <13.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/219378",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/219378",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/882988",
"url": "https://hackerone.com/reports/882988",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13301.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13301.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [xanbanx](https://hackerone.com/xanbanx) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2020/13xxx/CVE-2020-13302.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=7.11, <13.1.10"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.3, <13.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/25195",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/25195",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/437194",
"url": "https://hackerone.com/reports/437194",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13302.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13302.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.7,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [rogov](https://hackerone.com/rogov) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2020/13xxx/CVE-2020-13304.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0, <13.1.10"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.3, <13.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/27686",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/27686",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/511260",
"url": "https://hackerone.com/reports/511260",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13304.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13304.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.7,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [rgupt](https://hackerone.com/rgupt) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2020/13xxx/CVE-2020-13305.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13305",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0, <13.1.10"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.3, <13.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/26801",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/26801",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/492621",
"url": "https://hackerone.com/reports/492621",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13305.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13305.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [rgupt](https://hackerone.com/rgupt) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2020/13xxx/CVE-2020-13306.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13306",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0, <13.1.10"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.3, <13.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of resources without limits or throttling in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/223681",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/223681",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/904134",
"url": "https://hackerone.com/reports/904134",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.6,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [noddyn12](https://hackerone.com/noddyn12) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2020/13xxx/CVE-2020-13309.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0, <13.1.10"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.3, <13.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-side request forgery (ssrf) in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/215879",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/215879",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/860196",
"url": "https://hackerone.com/reports/860196",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13309.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13309.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [sky003](https://hackerone.com/sky003) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

90
2020/13xxx/CVE-2020-13310.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=1.0, <13.1.3"
},
{
"version_value": ">=13.2, <13.2.3"
},
{
"version_value": ">=13.3, <13.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper handling of exceptional conditions in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/25857",
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/25857",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26819",
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26819",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13310.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13310.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

90
2020/13xxx/CVE-2020-13315.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=11.4, <13.1.10"
},
{
"version_value": ">=13.2, <13.2.8"
},
{
"version_value": ">=13.3, <13.3.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/25825",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/25825",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/463010",
"url": "https://hackerone.com/reports/463010",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13315.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13315.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.6,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [brandonnnn](https://hackerone.com/brandonnnn) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

66
2020/15xxx/CVE-2020-15590.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-15590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a \u201csplit tunnel\u201d OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sickcodes",
"refsource": "MISC",
"name": "https://github.com/sickcodes"
},
{
"refsource": "MISC",
"name": "https://sick.codes/cve-2020-15590/",
"url": "https://sick.codes/cve-2020-15590/"
},
{
"refsource": "MISC",
"name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md",
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md"
}
]
}