admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-12 14:00:38 +00:00
parent ace2f5bebd
commit 587e9a07df
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
31 changed files with 714 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2022/39xxx/CVE-2022-39316.json
View File

@ -93,6 +93,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-16",
"url": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2022/39xxx/CVE-2022-39317.json
View File

@ -83,6 +83,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-076b1c9978",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-16",
"url": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2022/39xxx/CVE-2022-39318.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-16",
"url": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2022/39xxx/CVE-2022-39319.json
View File

@ -93,6 +93,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-16",
"url": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2022/39xxx/CVE-2022-39320.json
View File

@ -83,6 +83,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-076b1c9978",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-16",
"url": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2022/39xxx/CVE-2022-39347.json
View File

@ -93,6 +93,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-16",
"url": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2022/41xxx/CVE-2022-41877.json
View File

@ -93,6 +93,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20231117 [SECURITY] [DLA 3654-1] freerdp2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202401-16",
"url": "https://security.gentoo.org/glsa/202401-16"
}
]
},

85
2023/0xxx/CVE-2023-0437.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0437",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@mongodb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When calling bson_utf8_validate\u00a0on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MongoDB Inc",
"product": {
"product_data": [
{
"product_name": "MongoDB C Driver",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.0",
"version_value": "1.25.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://jira.mongodb.org/browse/CDRIVER-4747",
"refsource": "MISC",
"name": "https://jira.mongodb.org/browse/CDRIVER-4747"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "selmelc"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

100
2023/2xxx/CVE-2023-2030.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.2",
"version_value": "16.5.6"
},
{
"version_affected": "<",
"version_name": "16.6",
"version_value": "16.6.4"
},
{
"version_affected": "<",
"version_name": "16.7",
"version_value": "16.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/407252",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/407252"
},
{
"url": "https://hackerone.com/reports/1929929",
"refsource": "MISC",
"name": "https://hackerone.com/reports/1929929"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.5.6, 16.6.4, 16.7.2 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [lotsofloops](https://hackerone.com/lotsofloops) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
]
}

5
2023/39xxx/CVE-2023-39350.json
View File

@ -87,6 +87,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/39xxx/CVE-2023-39351.json
View File

@ -82,6 +82,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/39xxx/CVE-2023-39352.json
View File

@ -87,6 +87,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/39xxx/CVE-2023-39353.json
View File

@ -87,6 +87,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/39xxx/CVE-2023-39354.json
View File

@ -87,6 +87,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/39xxx/CVE-2023-39355.json
View File

@ -68,6 +68,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/39xxx/CVE-2023-39356.json
View File

@ -97,6 +97,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40181.json
View File

@ -101,6 +101,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40186.json
View File

@ -96,6 +96,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40187.json
View File

@ -63,6 +63,11 @@
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/h264.c#L413-L427",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/h264.c#L413-L427"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40188.json
View File

@ -87,6 +87,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40567.json
View File

@ -92,6 +92,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40569.json
View File

@ -87,6 +87,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40574.json
View File

@ -63,6 +63,11 @@
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40575.json
View File

@ -63,6 +63,11 @@
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40576.json
View File

@ -63,6 +63,11 @@
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/include/bitmap.c#L94-L113",
"refsource": "MISC",
"name": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/include/bitmap.c#L94-L113"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

5
2023/40xxx/CVE-2023-40589.json
View File

@ -87,6 +87,11 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
},
{
"url": "https://security.gentoo.org/glsa/202401-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-16"
}
]
},

100
2023/4xxx/CVE-2023-4812.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.3",
"version_value": "16.5.6"
},
{
"version_affected": "<",
"version_name": "16.6",
"version_value": "16.6.4"
},
{
"version_affected": "<",
"version_name": "16.7",
"version_value": "16.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/424398",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/424398"
},
{
"url": "https://hackerone.com/reports/2115574",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2115574"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [ali_shehab](https://hackerone.com/ali_shehab) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
}
]
}

100
2023/5xxx/CVE-2023-5356.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.13",
"version_value": "16.5.6"
},
{
"version_affected": "<",
"version_name": "16.6",
"version_value": "16.6.4"
},
{
"version_affected": "<",
"version_name": "16.7",
"version_value": "16.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/427154"
},
{
"url": "https://hackerone.com/reports/2188868",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2188868"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
}
]
}

95
2023/6xxx/CVE-2023-6955.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "16.5.6"
},
{
"version_affected": "<",
"version_name": "16.6",
"version_value": "16.6.4"
},
{
"version_affected": "<",
"version_name": "16.7",
"version_value": "16.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/432188",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/432188"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6 or above."
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability has been discovered internally by GitLab team member Jerry Seto"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
}
]
}

120
2023/7xxx/CVE-2023-7028.json
View File

@ -1,17 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-7028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1.6"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2.9"
},
{
"version_affected": "<",
"version_name": "16.3",
"version_value": "16.3.7"
},
{
"version_affected": "<",
"version_name": "16.4",
"version_value": "16.4.5"
},
{
"version_affected": "<",
"version_name": "16.5",
"version_value": "16.5.6"
},
{
"version_affected": "<",
"version_name": "16.6",
"version_value": "16.6.4"
},
{
"version_affected": "<",
"version_name": "16.7",
"version_value": "16.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084",
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
},
{
"url": "https://hackerone.com/reports/2293343",
"refsource": "MISC",
"name": "https://hackerone.com/reports/2293343"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6, 16.4.5, 16.3.7, 16.2.9, 16.1.6 or above."
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL"
}
]
}

18
2024/0xxx/CVE-2024-0503.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}