admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-26 02:00:35 +00:00
parent 63ab3c7eaf
commit 19045c3dfa
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 303 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/5xxx/CVE-2023-5455.json
View File

@ -479,6 +479,11 @@
"url": "https://www.freeipa.org/release-notes/4-9-14.html",
"refsource": "MISC",
"name": "https://www.freeipa.org/release-notes/4-9-14.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/"
}
]
},

105
2023/5xxx/CVE-2023-5933.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.7",
"version_value": "16.6.6"
},
{
"version_affected": "<",
"version_name": "16.7",
"version_value": "16.7.4"
},
{
"version_affected": "<",
"version_name": "16.8",
"version_value": "16.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430236",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/430236"
},
{
"url": "https://hackerone.com/reports/2225710",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2225710"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

105
2024/0xxx/CVE-2024-0402.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.0",
"version_value": "16.5.8"
},
{
"version_affected": "<",
"version_name": "16.6",
"version_value": "16.6.6"
},
{
"version_affected": "<",
"version_name": "16.7",
"version_value": "16.7.4"
},
{
"version_affected": "<",
"version_name": "16.8",
"version_value": "16.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6, 16.5.8 or above."
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability has been discovered internally by GitLab team member [joernchen](https://gitlab.com/joernchen)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
}
]
}

100
2024/0xxx/CVE-2024-0456.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.0",
"version_value": "16.6.6"
},
{
"version_affected": "<",
"version_name": "16.7",
"version_value": "16.7.4"
},
{
"version_affected": "<",
"version_name": "16.8",
"version_value": "16.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430726",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/430726"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above"
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to [Niklas](https://gitlab.com/Taucher2003) for reporting this vulnerability"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}