[Git][security-tracker-team/security-tracker][master] Add new gitlab issues

Salvatore Bonaccorso carnil at debian.org
Thu Jan 3 06:50:03 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ab500b6 by Salvatore Bonaccorso at 2019-01-03T06:49:40Z
Add new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -747,8 +747,10 @@ CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The
 	- linux 4.18.20-1
 	[stretch] - linux 4.9.130-1
 	NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
-CVE-2018-20507
+CVE-2018-20507 [Missing authentication for Prometheus alert endpoint]
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20506
 	RESERVED
 CVE-2018-20505
@@ -759,34 +761,62 @@ CVE-2018-20503
 	RESERVED
 CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt at ...)
 	NOT-FOR-US: Bento4
-CVE-2018-20501
+CVE-2018-20501 [Missing authorization control merge requests]
 	RESERVED
-CVE-2018-20500
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20500 [Improper access control CI/CD settings]
 	RESERVED
-CVE-2018-20499
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20499 [SSRF in project imports with LFS]
 	RESERVED
-CVE-2018-20498
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20498 [Improper access control branches and tags]
 	RESERVED
-CVE-2018-20497
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20497 [SSRF repository mirroring]
 	RESERVED
-CVE-2018-20496
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20496 [Persistent XSS label reference]
 	RESERVED
-CVE-2018-20495
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20495 [CI job token LFS error message disclosure]
 	RESERVED
-CVE-2018-20494
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20494 [Guest user CI job disclosure]
 	RESERVED
-CVE-2018-20493
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20493 [Source code disclosure merge request diff]
 	RESERVED
-CVE-2018-20492
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20492 [Todos improper access control]
 	RESERVED
-CVE-2018-20491
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20491 [Persistent XSS wiki in IE browser]
 	RESERVED
-CVE-2018-20490
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20490 [Persistent XSS Autocompletion]
 	RESERVED
-CVE-2018-20489
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20489 [URL rel attribute not set]
 	RESERVED
-CVE-2018-20488
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20488 [Secret CI variable exposure]
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20487
 	RESERVED
 CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ab500b6943d9a672f139b548b13e4bfada55167

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ab500b6943d9a672f139b548b13e4bfada55167
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/9e4fd673/attachment.html>

More information about the debian-security-tracker-commits mailing list