From 56bcd3a3273324122cd70180eac84c87e7680778 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 28 Jan 2020 03:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15578.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15579.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15581.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15582.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15583.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15585.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15586.json | 67 ++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15590.json | 73 +++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15607.json | 62 ++++++++++++++++++++++++++++ 2019/5xxx/CVE-2019-5462.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5464.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5465.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5466.json | 71 ++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5468.json | 74 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5470.json | 74 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5472.json | 74 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5474.json | 74 ++++++++++++++++++++++++++++++---- 17 files changed, 1164 insertions(+), 56 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15578.json create mode 100644 2019/15xxx/CVE-2019-15579.json create mode 100644 2019/15xxx/CVE-2019-15581.json create mode 100644 2019/15xxx/CVE-2019-15582.json create mode 100644 2019/15xxx/CVE-2019-15583.json create mode 100644 2019/15xxx/CVE-2019-15585.json create mode 100644 2019/15xxx/CVE-2019-15586.json create mode 100644 2019/15xxx/CVE-2019-15590.json create mode 100644 2019/15xxx/CVE-2019-15607.json diff --git a/2019/15xxx/CVE-2019-15578.json b/2019/15xxx/CVE-2019-15578.json new file mode 100644 index 00000000000..22d74ce35d4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15578.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15578", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/650574", + "url": "https://hackerone.com/reports/650574" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15579.json b/2019/15xxx/CVE-2019-15579.json new file mode 100644 index 00000000000..8827fbb75c7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15579.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15579", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/635516", + "url": "https://hackerone.com/reports/635516" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15581.json b/2019/15xxx/CVE-2019-15581.json new file mode 100644 index 00000000000..64b29004eba --- /dev/null +++ b/2019/15xxx/CVE-2019-15581.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15581", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/518995", + "url": "https://hackerone.com/reports/518995" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15582.json b/2019/15xxx/CVE-2019-15582.json new file mode 100644 index 00000000000..4d26cdda95d --- /dev/null +++ b/2019/15xxx/CVE-2019-15582.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15582", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/566216", + "url": "https://hackerone.com/reports/566216" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15583.json b/2019/15xxx/CVE-2019-15583.json new file mode 100644 index 00000000000..0367b2cde6a --- /dev/null +++ b/2019/15xxx/CVE-2019-15583.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15583", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/643854", + "url": "https://hackerone.com/reports/643854" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15585.json b/2019/15xxx/CVE-2019-15585.json new file mode 100644 index 00000000000..676d5c1baa5 --- /dev/null +++ b/2019/15xxx/CVE-2019-15585.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15585", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "Gitlab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/471323", + "url": "https://hackerone.com/reports/471323" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15586.json b/2019/15xxx/CVE-2019-15586.json new file mode 100644 index 00000000000..fc654c7f01e --- /dev/null +++ b/2019/15xxx/CVE-2019-15586.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15586", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "Gitlab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - DOM (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/645043", + "url": "https://hackerone.com/reports/645043" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15590.json b/2019/15xxx/CVE-2019-15590.json new file mode 100644 index 00000000000..4fd0e3b53c3 --- /dev/null +++ b/2019/15xxx/CVE-2019-15590.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15590", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.5" + }, + { + "version_value": "before 12.2.8" + }, + { + "version_value": "before 12.1.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/701144", + "url": "https://hackerone.com/reports/701144" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/", + "url": "https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15607.json b/2019/15xxx/CVE-2019-15607.json new file mode 100644 index 00000000000..95deeceedd7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15607.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15607", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "node-red", + "version": { + "version_data": [ + { + "version_value": "0.20.7 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/681986", + "url": "https://hackerone.com/reports/681986" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5462.json b/2019/5xxx/CVE-2019-5462.json index 802f958f1e0..60903924a44 100644 --- a/2019/5xxx/CVE-2019-5462.json +++ b/2019/5xxx/CVE-2019-5462.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5462", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5462", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab Community Edition and GitLab Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 9.0 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/495282", + "url": "https://hackerone.com/reports/495282" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/58312", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/58312" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed." } ] } diff --git a/2019/5xxx/CVE-2019-5464.json b/2019/5xxx/CVE-2019-5464.json index 92071b74152..bbe6be41972 100644 --- a/2019/5xxx/CVE-2019-5464.json +++ b/2019/5xxx/CVE-2019-5464.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5464", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5464", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 10.2 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/632101", + "url": "https://hackerone.com/reports/632101" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63959", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63959" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized." } ] } diff --git a/2019/5xxx/CVE-2019-5465.json b/2019/5xxx/CVE-2019-5465.json index 6f94aab82f4..264113dccd0 100644 --- a/2019/5xxx/CVE-2019-5465.json +++ b/2019/5xxx/CVE-2019-5465.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5465", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5465", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 8.14 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/584534", + "url": "https://hackerone.com/reports/584534" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/62070", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/62070" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID." } ] } diff --git a/2019/5xxx/CVE-2019-5466.json b/2019/5xxx/CVE-2019-5466.json index 9128cd41fd7..1d433790a12 100644 --- a/2019/5xxx/CVE-2019-5466.json +++ b/2019/5xxx/CVE-2019-5466.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5466", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5466", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 11.5 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/507113", + "url": "https://hackerone.com/reports/507113" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names." } ] } diff --git a/2019/5xxx/CVE-2019-5468.json b/2019/5xxx/CVE-2019-5468.json index 0fe7e60aa35..1a8e17be1eb 100644 --- a/2019/5xxx/CVE-2019-5468.json +++ b/2019/5xxx/CVE-2019-5468.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5468", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5468", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GiltLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/493562", + "url": "https://hackerone.com/reports/493562" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57556", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57556" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account." } ] } diff --git a/2019/5xxx/CVE-2019-5470.json b/2019/5xxx/CVE-2019-5470.json index 9254c24aae7..1ff7f7a410b 100644 --- a/2019/5xxx/CVE-2019-5470.json +++ b/2019/5xxx/CVE-2019-5470.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5470", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5470", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/490250", + "url": "https://hackerone.com/reports/490250" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/9665", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/9665" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information." } ] } diff --git a/2019/5xxx/CVE-2019-5472.json b/2019/5xxx/CVE-2019-5472.json index af4c7311198..068e6d0bd31 100644 --- a/2019/5xxx/CVE-2019-5472.json +++ b/2019/5xxx/CVE-2019-5472.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5472", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5472", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/538101", + "url": "https://hackerone.com/reports/538101" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11381", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11381" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments." } ] } diff --git a/2019/5xxx/CVE-2019-5474.json b/2019/5xxx/CVE-2019-5474.json index 1b4fdb5d134..b2268f9e7bf 100644 --- a/2019/5xxx/CVE-2019-5474.json +++ b/2019/5xxx/CVE-2019-5474.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5474", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5474", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/544756", + "url": "https://hackerone.com/reports/544756" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11423", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11423" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions." } ] }