From 7520b98d1645ed909e3b4fd087c71b2b28d91f9c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 May 2022 21:01:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/22xxx/CVE-2021-22260.json | 8 ++++---- 2021/22xxx/CVE-2021-22261.json | 8 ++++---- 2021/22xxx/CVE-2021-22262.json | 8 ++++---- 2021/39xxx/CVE-2021-39883.json | 10 ++++++++-- 2021/39xxx/CVE-2021-39885.json | 8 ++++---- 2021/39xxx/CVE-2021-39908.json | 10 ++++++++-- 2021/39xxx/CVE-2021-39911.json | 8 ++++---- 2021/39xxx/CVE-2021-39913.json | 8 ++++---- 2022/1xxx/CVE-2022-1700.json | 18 ++++++++++++++++++ 2022/1xxx/CVE-2022-1701.json | 18 ++++++++++++++++++ 2022/1xxx/CVE-2022-1702.json | 18 ++++++++++++++++++ 2022/1xxx/CVE-2022-1703.json | 18 ++++++++++++++++++ 12 files changed, 112 insertions(+), 28 deletions(-) create mode 100644 2022/1xxx/CVE-2022-1700.json create mode 100644 2022/1xxx/CVE-2022-1701.json create mode 100644 2022/1xxx/CVE-2022-1702.json create mode 100644 2022/1xxx/CVE-2022-1703.json diff --git a/2021/22xxx/CVE-2021-22260.json b/2021/22xxx/CVE-2021-22260.json index 6131fdd47d5..e31a4f0cec8 100644 --- a/2021/22xxx/CVE-2021-22260.json +++ b/2021/22xxx/CVE-2021-22260.json @@ -19,13 +19,13 @@ "version": { "version_data": [ { - "version_value": ">=13.7, <14.2.2" + "version_value": ">=13.7, <14.0.9" }, { - "version_value": ">=13.6, <14.1.4" + "version_value": ">=14.1, <14.1.4" }, { - "version_value": ">=13.5, <14.0.9" + "version_value": ">=14.2, <14.2.2" } ] } @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "A stored Cross-Site Scripting vulnerability in the DataDog integration in GitLab CE/EE version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf" + "value": "A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf" } ] }, diff --git a/2021/22xxx/CVE-2021-22261.json b/2021/22xxx/CVE-2021-22261.json index ee97e462a5d..59da6f549b9 100644 --- a/2021/22xxx/CVE-2021-22261.json +++ b/2021/22xxx/CVE-2021-22261.json @@ -19,13 +19,13 @@ "version": { "version_data": [ { - "version_value": ">=13.9, <14.2.2" + "version_value": ">=13.9, <14.0.9" }, { - "version_value": ">=13.8, <14.1.4" + "version_value": ">=14.1, <14.1.4" }, { - "version_value": ">=13.7, <14.0.9" + "version_value": ">=14.2, <14.2.2" } ] } @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "A stored Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses" + "value": "A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses" } ] }, diff --git a/2021/22xxx/CVE-2021-22262.json b/2021/22xxx/CVE-2021-22262.json index 6e21b136244..8ec094050d6 100644 --- a/2021/22xxx/CVE-2021-22262.json +++ b/2021/22xxx/CVE-2021-22262.json @@ -19,13 +19,13 @@ "version": { "version_data": [ { - "version_value": ">=13.12, <14.2.2" + "version_value": ">=13.12, <14.0.9" }, { - "version_value": ">=13.11, <14.1.4" + "version_value": ">=14.1, <14.1.4" }, { - "version_value": ">=13.10, <14.0.9" + "version_value": ">=14.2, <14.2.2" } ] } @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "Missing access control in GitLab version 13.10 and above with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page" + "value": "Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page" } ] }, diff --git a/2021/39xxx/CVE-2021-39883.json b/2021/39xxx/CVE-2021-39883.json index 8467827514a..9a651a85f9b 100644 --- a/2021/39xxx/CVE-2021-39883.json +++ b/2021/39xxx/CVE-2021-39883.json @@ -19,7 +19,13 @@ "version": { "version_data": [ { - "version_value": ">=13.11, <14.3.1" + "version_value": ">=13.11, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" } ] } @@ -60,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups." + "value": "Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups." } ] }, diff --git a/2021/39xxx/CVE-2021-39885.json b/2021/39xxx/CVE-2021-39885.json index ea6780cc1d9..15bc89513f5 100644 --- a/2021/39xxx/CVE-2021-39885.json +++ b/2021/39xxx/CVE-2021-39885.json @@ -19,13 +19,13 @@ "version": { "version_data": [ { - "version_value": ">=13.7, <14.3.1" + "version_value": ">=13.7, <14.1.7" }, { - "version_value": ">=13.6, <14.2.5" + "version_value": ">=14.2, <14.2.5" }, { - "version_value": ">=13.5, <14.1.7" + "version_value": ">=14.3, <14.3.1" } ] } @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names" + "value": "A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names" } ] }, diff --git a/2021/39xxx/CVE-2021-39908.json b/2021/39xxx/CVE-2021-39908.json index 8f93aae422a..7f5fac10663 100644 --- a/2021/39xxx/CVE-2021-39908.json +++ b/2021/39xxx/CVE-2021-39908.json @@ -19,7 +19,13 @@ "version": { "version_data": [ { - "version_value": ">=0.8.0, <14.4.1" + "version_value": ">=0.8.0, <14.2.6" + }, + { + "version_value": ">=14.3, <14.3.4" + }, + { + "version_value": ">=14.4, <14.4.1" } ] } @@ -65,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI." + "value": "In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI." } ] }, diff --git a/2021/39xxx/CVE-2021-39911.json b/2021/39xxx/CVE-2021-39911.json index fc490b7028f..d07b36a60c8 100644 --- a/2021/39xxx/CVE-2021-39911.json +++ b/2021/39xxx/CVE-2021-39911.json @@ -19,13 +19,13 @@ "version": { "version_data": [ { - "version_value": ">=13.9, <14.4.1" + "version_value": ">=13.9, <14.2.6" }, { - "version_value": ">=13.8, <14.3.4" + "version_value": ">=14.3, <14.3.4" }, { - "version_value": ">=13.7, <14.2.6" + "version_value": ">=14.4, <14.4.1" } ] } @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "An improper access control flaw in GitLab CE/EE since version 13.9 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers" + "value": "An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers" } ] }, diff --git a/2021/39xxx/CVE-2021-39913.json b/2021/39xxx/CVE-2021-39913.json index 77e1b31f364..f2df53f9bf6 100644 --- a/2021/39xxx/CVE-2021-39913.json +++ b/2021/39xxx/CVE-2021-39913.json @@ -19,13 +19,13 @@ "version": { "version_data": [ { - "version_value": ">=0.8.0, <14.4.1" + "version_value": "<14.2.6" }, { - "version_value": ">=0.8.0, <14.3.4" + "version_value": ">=14.3, <14.3.4" }, { - "version_value": ">=0.8.0, <14.2.6" + "version_value": ">=14.4, <14.4.1" } ] } @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "Accidental logging of system root password in the migration log in all versions of GitLab CE/EE allows an attacker with local file system access to obtain system root-level privileges" + "value": "Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges" } ] }, diff --git a/2022/1xxx/CVE-2022-1700.json b/2022/1xxx/CVE-2022-1700.json new file mode 100644 index 00000000000..af67ddabb03 --- /dev/null +++ b/2022/1xxx/CVE-2022-1700.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1700", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1701.json b/2022/1xxx/CVE-2022-1701.json new file mode 100644 index 00000000000..2db73c253b7 --- /dev/null +++ b/2022/1xxx/CVE-2022-1701.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1701", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1702.json b/2022/1xxx/CVE-2022-1702.json new file mode 100644 index 00000000000..536f8ad9305 --- /dev/null +++ b/2022/1xxx/CVE-2022-1702.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1702", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1703.json b/2022/1xxx/CVE-2022-1703.json new file mode 100644 index 00000000000..529c7541ceb --- /dev/null +++ b/2022/1xxx/CVE-2022-1703.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1703", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file