admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-12 17:00:33 +00:00
parent 8ab48e7aed
commit 35992b8c7a
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
22 changed files with 955 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/10xxx/CVE-2016-10221.json
View File

@ -61,6 +61,11 @@
"name": "GLSA-201706-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-08"
},
{
"refsource": "MISC",
"name": "http://www.ghostscript.com/cgi-bin/findgit.cgi?2590fed7a355a421f062ebd4293df892800fa7ac",
"url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?2590fed7a355a421f062ebd4293df892800fa7ac"
}
]
}

5
2016/10xxx/CVE-2016-10246.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210923 [SECURITY] [DLA 2765-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html"
},
{
"refsource": "MISC",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697020",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697020"
}
]
}

5
2016/10xxx/CVE-2016-10247.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210923 [SECURITY] [DLA 2765-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html"
},
{
"refsource": "MISC",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697021",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697021"
}
]
}

5
2018/1000xxx/CVE-2018-1000036.json
View File

@ -74,6 +74,11 @@
"refsource": "MISC",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698887",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698887"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=8aa2bd34065d2844aae778bd4cc20c74bbcd9406",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=8aa2bd34065d2844aae778bd4cc20c74bbcd9406"
}
]
}

5
2018/10xxx/CVE-2018-10289.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210923 [SECURITY] [DLA 2765-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00013.html"
},
{
"refsource": "MISC",
"name": "http://www.ghostscript.com/cgi-bin/findgit.cgi?2e43685dc8a8a886fc9df9b3663cf199404f7637",
"url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?2e43685dc8a8a886fc9df9b3663cf199404f7637"
}
]
}

5
2018/16xxx/CVE-2018-16647.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=351c99d8ce23bbf7099dbd52771a095f67e45a2c",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=351c99d8ce23bbf7099dbd52771a095f67e45a2c"
}
]
}

5
2018/16xxx/CVE-2018-16648.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=38f883fe129a5e89306252a4676eaaf4bc968824",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=38f883fe129a5e89306252a4676eaaf4bc968824"
}
]
}

5
2018/18xxx/CVE-2018-18662.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200725 [SECURITY] [DLA 2289-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=164ddc22ee0d5b63a81d5148f44c37dd132a9356",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=164ddc22ee0d5b63a81d5148f44c37dd132a9356"
}
]
}

5
2018/19xxx/CVE-2018-19777.json
View File

@ -61,6 +61,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-10f02ad597",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUXKCY35PKC32IFHN4RBUCZ75OWEYVJH/"
},
{
"refsource": "MISC",
"name": "http://www.ghostscript.com/cgi-bin/findgit.cgi?754ac68f119e0c25cd33c5d652d8aabd533a9fb3",
"url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?754ac68f119e0c25cd33c5d652d8aabd533a9fb3"
}
]
}

5
2018/19xxx/CVE-2018-19881.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-15af6a9a07",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a7f7d91cdff8d303c11d458fa8b802776f73c8cc",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=a7f7d91cdff8d303c11d458fa8b802776f73c8cc"
}
]
}

5
2018/19xxx/CVE-2018-19882.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-15af6a9a07",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/"
},
{
"refsource": "MISC",
"name": "http://www.ghostscript.com/cgi-bin/findgit.cgi?a7f7d91cdff8d303c11d458fa8b802776f73c8cc",
"url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?a7f7d91cdff8d303c11d458fa8b802776f73c8cc"
}
]
}

5
2018/5xxx/CVE-2018-5686.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190628 [SECURITY] [DLA 1838-1] mupdf security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html"
},
{
"refsource": "MISC",
"name": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=b70eb93f6936c03d8af52040bbca4d4a7db39079",
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=b70eb93f6936c03d8af52040bbca4d4a7db39079"
}
]
}

100
2024/2xxx/CVE-2024-2743.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.3",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451014",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/451014"
},
{
"url": "https://hackerone.com/reports/2411756",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2411756"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.3.2, 17.2.5, 17.1.7 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [0xn3va](https://hackerone.com/0xn3va) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

100
2024/4xxx/CVE-2024-4612.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4612",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.9",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/460707",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/460707"
},
{
"url": "https://hackerone.com/reports/2479857",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2479857"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.3.2, 17.2.5, 17.1.7 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

100
2024/4xxx/CVE-2024-4660.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4660",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "11.2",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/460892",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/460892"
},
{
"url": "https://hackerone.com/reports/2480126",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2480126"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.1.7, 17.2.5, 17.3.2 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [js_noob](https://hackerone.com/js_noob) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

100
2024/5xxx/CVE-2024-5435.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.10",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/464044",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/464044"
},
{
"url": "https://hackerone.com/reports/2520722",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2520722"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.1.7, 17.2.5, 17.3.2 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [gudanggaramfilter](https://hackerone.com/gudanggaramfilter) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
}
]
}

100
2024/6xxx/CVE-2024-6389.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"cweId": "CWE-497"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/469367",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/469367"
},
{
"url": "https://hackerone.com/reports/2573397",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2573397"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.1.7, 17.2.5, 17.3.2 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

100
2024/6xxx/CVE-2024-6446.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6446",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840: Business Logic Errors",
"cweId": "CWE-840"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/470144",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/470144"
},
{
"url": "https://hackerone.com/reports/2573481",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2573481"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.3.2, 17.2.5, 17.1.7 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
]
}

113
2024/6xxx/CVE-2024-6840.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6840",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.5.10-1.el8ap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.5.10-1.el9ap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:6428",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6428"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6840",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-6840"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298492",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2298492"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
]
}

100
2024/8xxx/CVE-2024-8124.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a large `glm_source` parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.4",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/480533",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/480533"
},
{
"url": "https://hackerone.com/reports/2634880",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2634880"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 17.3.2, 17.2.5, 17.1.7 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [sim4n6](https://hackerone.com/sim4n6) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

100
2024/8xxx/CVE-2024-8640.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.11",
"version_value": "17.1.7"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2.5"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/486213",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/486213"
},
{
"url": "https://hackerone.com/reports/2687770",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2687770"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version 17.1.7, 17.2.5 or 17.3.2"
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
]
}

18
2024/8xxx/CVE-2024-8756.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}