diff --git a/2023/5xxx/CVE-2023-5455.json b/2023/5xxx/CVE-2023-5455.json index 8726aad06fc..b31b9d2d3b2 100644 --- a/2023/5xxx/CVE-2023-5455.json +++ b/2023/5xxx/CVE-2023-5455.json @@ -484,6 +484,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/" } ] }, diff --git a/2023/5xxx/CVE-2023-5612.json b/2023/5xxx/CVE-2023-5612.json index ef704ceb8d8..0674ef73ba6 100644 --- a/2023/5xxx/CVE-2023-5612.json +++ b/2023/5xxx/CVE-2023-5612.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "16.6.6" + }, + { + "version_affected": "<", + "version_name": "16.7", + "version_value": "16.7.4" + }, + { + "version_affected": "<", + "version_name": "16.8", + "version_value": "16.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428441", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/428441" + }, + { + "url": "https://hackerone.com/reports/2208790", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2208790" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [erruqill](https://hackerone.com/erruqill) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6159.json b/2023/6xxx/CVE-2023-6159.json index 744f970b1b1..586041fa20e 100644 --- a/2023/6xxx/CVE-2023-6159.json +++ b/2023/6xxx/CVE-2023-6159.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333: Inefficient Regular Expression Complexity", + "cweId": "CWE-1333" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.7", + "version_value": "16.6.6" + }, + { + "version_affected": "<", + "version_name": "16.7", + "version_value": "16.7.4" + }, + { + "version_affected": "<", + "version_name": "16.8", + "version_value": "16.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/431924", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/431924" + }, + { + "url": "https://hackerone.com/reports/2251278", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2251278" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/0xxx/CVE-2024-0804.json b/2024/0xxx/CVE-2024-0804.json index 06d28a3c16f..49110683c0c 100644 --- a/2024/0xxx/CVE-2024-0804.json +++ b/2024/0xxx/CVE-2024-0804.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1515137", "refsource": "MISC", "name": "https://crbug.com/1515137" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0805.json b/2024/0xxx/CVE-2024-0805.json index 8791a263b33..e83d05b864c 100644 --- a/2024/0xxx/CVE-2024-0805.json +++ b/2024/0xxx/CVE-2024-0805.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1514925", "refsource": "MISC", "name": "https://crbug.com/1514925" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0806.json b/2024/0xxx/CVE-2024-0806.json index 128c4c5a5b4..fdf280e9f37 100644 --- a/2024/0xxx/CVE-2024-0806.json +++ b/2024/0xxx/CVE-2024-0806.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1505176", "refsource": "MISC", "name": "https://crbug.com/1505176" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0807.json b/2024/0xxx/CVE-2024-0807.json index de28fb8eb03..79784c86e7f 100644 --- a/2024/0xxx/CVE-2024-0807.json +++ b/2024/0xxx/CVE-2024-0807.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1505080", "refsource": "MISC", "name": "https://crbug.com/1505080" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0808.json b/2024/0xxx/CVE-2024-0808.json index 8830b6d94b7..cf7e500d7b9 100644 --- a/2024/0xxx/CVE-2024-0808.json +++ b/2024/0xxx/CVE-2024-0808.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1504936", "refsource": "MISC", "name": "https://crbug.com/1504936" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0809.json b/2024/0xxx/CVE-2024-0809.json index bcae286e94b..8a7f5bf713a 100644 --- a/2024/0xxx/CVE-2024-0809.json +++ b/2024/0xxx/CVE-2024-0809.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1497985", "refsource": "MISC", "name": "https://crbug.com/1497985" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0810.json b/2024/0xxx/CVE-2024-0810.json index e4ba82ed535..5243438867f 100644 --- a/2024/0xxx/CVE-2024-0810.json +++ b/2024/0xxx/CVE-2024-0810.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1496250", "refsource": "MISC", "name": "https://crbug.com/1496250" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0811.json b/2024/0xxx/CVE-2024-0811.json index a975a0feb82..0b1d5d5f3a3 100644 --- a/2024/0xxx/CVE-2024-0811.json +++ b/2024/0xxx/CVE-2024-0811.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1494490", "refsource": "MISC", "name": "https://crbug.com/1494490" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0812.json b/2024/0xxx/CVE-2024-0812.json index 451782318b8..3abd08b101f 100644 --- a/2024/0xxx/CVE-2024-0812.json +++ b/2024/0xxx/CVE-2024-0812.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1484394", "refsource": "MISC", "name": "https://crbug.com/1484394" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0813.json b/2024/0xxx/CVE-2024-0813.json index 00ba8c99f12..a951ea74918 100644 --- a/2024/0xxx/CVE-2024-0813.json +++ b/2024/0xxx/CVE-2024-0813.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1477151", "refsource": "MISC", "name": "https://crbug.com/1477151" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] } diff --git a/2024/0xxx/CVE-2024-0814.json b/2024/0xxx/CVE-2024-0814.json index 51e5d05b4f1..76232409089 100644 --- a/2024/0xxx/CVE-2024-0814.json +++ b/2024/0xxx/CVE-2024-0814.json @@ -63,6 +63,16 @@ "url": "https://crbug.com/1463935", "refsource": "MISC", "name": "https://crbug.com/1463935" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/" } ] }