admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-12 21:01:31 +00:00
parent 7489b358c2
commit 7520b98d16
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 112 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2021/22xxx/CVE-2021-22260.json
View File

@ -19,13 +19,13 @@
"version": {
"version_data": [
{
"version_value": ">=13.7, <14.2.2"
"version_value": ">=13.7, <14.0.9"
},
{
"version_value": ">=13.6, <14.1.4"
"version_value": ">=14.1, <14.1.4"
},
{
"version_value": ">=13.5, <14.0.9"
"version_value": ">=14.2, <14.2.2"
}
]
}
@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "A stored Cross-Site Scripting vulnerability in the DataDog integration in GitLab CE/EE version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf"
"value": "A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf"
}
]
},

8
2021/22xxx/CVE-2021-22261.json
View File

@ -19,13 +19,13 @@
"version": {
"version_data": [
{
"version_value": ">=13.9, <14.2.2"
"version_value": ">=13.9, <14.0.9"
},
{
"version_value": ">=13.8, <14.1.4"
"version_value": ">=14.1, <14.1.4"
},
{
"version_value": ">=13.7, <14.0.9"
"version_value": ">=14.2, <14.2.2"
}
]
}
@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "A stored Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses"
"value": "A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses"
}
]
},

8
2021/22xxx/CVE-2021-22262.json
View File

@ -19,13 +19,13 @@
"version": {
"version_data": [
{
"version_value": ">=13.12, <14.2.2"
"version_value": ">=13.12, <14.0.9"
},
{
"version_value": ">=13.11, <14.1.4"
"version_value": ">=14.1, <14.1.4"
},
{
"version_value": ">=13.10, <14.0.9"
"version_value": ">=14.2, <14.2.2"
}
]
}
@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "Missing access control in GitLab version 13.10 and above with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page"
"value": "Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page"
}
]
},

10
2021/39xxx/CVE-2021-39883.json
View File

@ -19,7 +19,13 @@
"version": {
"version_data": [
{
"version_value": ">=13.11, <14.3.1"
"version_value": ">=13.11, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
@ -60,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups."
"value": "Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups."
}
]
},

8
2021/39xxx/CVE-2021-39885.json
View File

@ -19,13 +19,13 @@
"version": {
"version_data": [
{
"version_value": ">=13.7, <14.3.1"
"version_value": ">=13.7, <14.1.7"
},
{
"version_value": ">=13.6, <14.2.5"
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=13.5, <14.1.7"
"version_value": ">=14.3, <14.3.1"
}
]
}
@ -71,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names"
"value": "A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names"
}
]
},

10
2021/39xxx/CVE-2021-39908.json
View File

@ -19,7 +19,13 @@
"version": {
"version_data": [
{
"version_value": ">=0.8.0, <14.4.1"
"version_value": ">=0.8.0, <14.2.6"
},
{
"version_value": ">=14.3, <14.3.4"
},
{
"version_value": ">=14.4, <14.4.1"
}
]
}
@ -65,7 +71,7 @@
"description_data": [
{
"lang": "eng",
"value": "In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI."
"value": "In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI."
}
]
},

8
2021/39xxx/CVE-2021-39911.json
View File

@ -19,13 +19,13 @@
"version": {
"version_data": [
{
"version_value": ">=13.9, <14.4.1"
"version_value": ">=13.9, <14.2.6"
},
{
"version_value": ">=13.8, <14.3.4"
"version_value": ">=14.3, <14.3.4"
},
{
"version_value": ">=13.7, <14.2.6"
"version_value": ">=14.4, <14.4.1"
}
]
}
@ -66,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper access control flaw in GitLab CE/EE since version 13.9 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers"
"value": "An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers"
}
]
},

8
2021/39xxx/CVE-2021-39913.json
View File

@ -19,13 +19,13 @@
"version": {
"version_data": [
{
"version_value": ">=0.8.0, <14.4.1"
"version_value": "<14.2.6"
},
{
"version_value": ">=0.8.0, <14.3.4"
"version_value": ">=14.3, <14.3.4"
},
{
"version_value": ">=0.8.0, <14.2.6"
"version_value": ">=14.4, <14.4.1"
}
]
}
@ -66,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "Accidental logging of system root password in the migration log in all versions of GitLab CE/EE allows an attacker with local file system access to obtain system root-level privileges"
"value": "Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges"
}
]
},

18
2022/1xxx/CVE-2022-1700.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/1xxx/CVE-2022-1701.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1701",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/1xxx/CVE-2022-1702.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1702",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/1xxx/CVE-2022-1703.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1703",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}