diff --git a/2023/6xxx/CVE-2023-6682.json b/2023/6xxx/CVE-2023-6682.json index de4f767f5c1..a111e3de34f 100644 --- a/2023/6xxx/CVE-2023-6682.json +++ b/2023/6xxx/CVE-2023-6682.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attack on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.9", + "version_value": "16.9.7" + }, + { + "version_affected": "<", + "version_name": "16.10", + "version_value": "16.10.5" + }, + { + "version_affected": "<", + "version_name": "16.11", + "version_value": "16.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/434821", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/434821" + }, + { + "url": "https://hackerone.com/reports/2269012", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2269012" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks to `Anonymizer` for reporting this vulnerability through our HackerOne bug bounty program." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/6xxx/CVE-2023-6688.json b/2023/6xxx/CVE-2023-6688.json index 5a5c0577d62..bc934d5be0b 100644 --- a/2023/6xxx/CVE-2023-6688.json +++ b/2023/6xxx/CVE-2023-6688.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.11", + "version_value": "16.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/434854", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/434854" + }, + { + "url": "https://hackerone.com/reports/2270362", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2270362" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks to `Anonymizer` for reporting this vulnerability through our HackerOne bug bounty program." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/2xxx/CVE-2024-2454.json b/2024/2xxx/CVE-2024-2454.json index 98843b8bd2b..14bff20f571 100644 --- a/2024/2xxx/CVE-2024-2454.json +++ b/2024/2xxx/CVE-2024-2454.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2454", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.11", + "version_value": "16.9.7" + }, + { + "version_affected": "<", + "version_name": "16.10", + "version_value": "16.10.5" + }, + { + "version_affected": "<", + "version_name": "16.11", + "version_value": "16.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/450405", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/450405" + }, + { + "url": "https://hackerone.com/reports/2408226", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2408226" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [ac7n0w](https://hackerone.com/ac7n0w) for reporting this vulnerability through our HackerOne bug bounty program" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/2xxx/CVE-2024-2651.json b/2024/2xxx/CVE-2024-2651.json index 76f7947bd78..c2051e59feb 100644 --- a/2024/2xxx/CVE-2024-2651.json +++ b/2024/2xxx/CVE-2024-2651.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-2651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.0", + "version_value": "16.9.7" + }, + { + "version_affected": "<", + "version_name": "16.10", + "version_value": "16.10.5" + }, + { + "version_affected": "<", + "version_name": "16.11", + "version_value": "16.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/450830", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/450830" + }, + { + "url": "https://hackerone.com/reports/2408619", + "refsource": "MISC", + "name": "https://hackerone.com/reports/2408619" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/34xxx/CVE-2024-34779.json b/2024/34xxx/CVE-2024-34779.json new file mode 100644 index 00000000000..73a6a3867e5 --- /dev/null +++ b/2024/34xxx/CVE-2024-34779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34780.json b/2024/34xxx/CVE-2024-34780.json new file mode 100644 index 00000000000..d90d15af40d --- /dev/null +++ b/2024/34xxx/CVE-2024-34780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34781.json b/2024/34xxx/CVE-2024-34781.json new file mode 100644 index 00000000000..4c6bca964a8 --- /dev/null +++ b/2024/34xxx/CVE-2024-34781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34782.json b/2024/34xxx/CVE-2024-34782.json new file mode 100644 index 00000000000..3d641daaa75 --- /dev/null +++ b/2024/34xxx/CVE-2024-34782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34783.json b/2024/34xxx/CVE-2024-34783.json new file mode 100644 index 00000000000..456076190a0 --- /dev/null +++ b/2024/34xxx/CVE-2024-34783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34784.json b/2024/34xxx/CVE-2024-34784.json new file mode 100644 index 00000000000..073656c354d --- /dev/null +++ b/2024/34xxx/CVE-2024-34784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34785.json b/2024/34xxx/CVE-2024-34785.json new file mode 100644 index 00000000000..69b784f0afa --- /dev/null +++ b/2024/34xxx/CVE-2024-34785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34786.json b/2024/34xxx/CVE-2024-34786.json new file mode 100644 index 00000000000..1980fe91ad3 --- /dev/null +++ b/2024/34xxx/CVE-2024-34786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34787.json b/2024/34xxx/CVE-2024-34787.json new file mode 100644 index 00000000000..f646c74708f --- /dev/null +++ b/2024/34xxx/CVE-2024-34787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/34xxx/CVE-2024-34788.json b/2024/34xxx/CVE-2024-34788.json new file mode 100644 index 00000000000..41e6a3ed651 --- /dev/null +++ b/2024/34xxx/CVE-2024-34788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-34788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4539.json b/2024/4xxx/CVE-2024-4539.json index a68685244f9..ea0cbfa22a9 100644 --- a/2024/4xxx/CVE-2024-4539.json +++ b/2024/4xxx/CVE-2024-4539.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.4", + "version_value": "16.9.7" + }, + { + "version_affected": "<", + "version_name": "16.10", + "version_value": "16.10.5" + }, + { + "version_affected": "<", + "version_name": "16.11", + "version_value": "16.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/454815", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/454815" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "This vulnerability was reported internally by a GitLab team member [Vasilii Iakliushin](https://gitlab.com/vyaklushin)." + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/4xxx/CVE-2024-4597.json b/2024/4xxx/CVE-2024-4597.json index 52e701aaae5..8d9d72abf2f 100644 --- a/2024/4xxx/CVE-2024-4597.json +++ b/2024/4xxx/CVE-2024-4597.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.7", + "version_value": "16.9.7" + }, + { + "version_affected": "<", + "version_name": "16.10", + "version_value": "16.10.5" + }, + { + "version_affected": "<", + "version_name": "16.11", + "version_value": "16.11.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438686", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/438686" + } + ] + }, + "solution": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "This vulnerability was reported internally by a GitLab team member [joernchen](https://gitlab.com/joernchen)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" } ] }