mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-21 05:40:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
1693e520de
commit
12e230dcf0
@ -71,6 +71,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2021-dc6df3744a",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLUUM52Y6AEICPXPSRRXC6OBY4H5XKW7/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-5511",
|
||||
"url": "https://www.debian.org/security/2023/dsa-5511"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -67,7 +67,12 @@
|
||||
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-5511",
|
||||
"url": "https://www.debian.org/security/2023/dsa-5511"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -76,6 +76,11 @@
|
||||
"refsource": "FEDORA",
|
||||
"name": "FEDORA-2023-9adc4be8b0",
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ2FMBGVVQEQWTTQB7YLKTAHMX2UM66X/"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-5511",
|
||||
"url": "https://www.debian.org/security/2023/dsa-5511"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,104 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-5106",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cve@gitlab.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control",
|
||||
"cweId": "CWE-284"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "GitLab",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "GitLab",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "13.12",
|
||||
"version_value": "16.2.8"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "16.3.0",
|
||||
"version_value": "16.3.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "16.4.0",
|
||||
"version_value": "16.4.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3",
|
||||
"refsource": "MISC",
|
||||
"name": "https://gitlab.com/gitlab-org/gitlab/-/commit/67039cfcae80b8fc0496f79be88714873cd169b3"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Upgrade to version 16.2.8, 16.3.5, 16.4.1. If it is not viable to immediately upgrade to a patched version, risk of exploitation can be mitigated by ensuring the [Migrate groups by direct transfer](https://docs.gitlab.com/ee/user/group/import/index.html#migrate-groups-by-direct-transfer-recommended) feature is disabled until GitLab has been upgraded."
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "This vulnerability has been discovered internally by GitLab team member Joern Schneeweisz"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2023/5xxx/CVE-2023-5331.json
Normal file
18
2023/5xxx/CVE-2023-5331.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-5331",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user