[Git][security-tracker-team/security-tracker][master] Add new gitlab CVEs
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 3 15:17:43 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f82d4bb4 by Salvatore Bonaccorso at 2019-07-03T14:16:58Z
Add new gitlab CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -145,8 +145,10 @@ CVE-2019-13123
RESERVED
CVE-2019-13122
RESERVED
-CVE-2019-13121
+CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
RESERVED
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13120
RESERVED
CVE-2019-13119
@@ -415,28 +417,51 @@ CVE-2019-13014
RESERVED
CVE-2019-13013
RESERVED
-CVE-2019-13011
+CVE-2019-13011 [Merge Request Template Name Disclosure]
RESERVED
-CVE-2019-13010
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
+CVE-2019-13010 [Decoding Color Codes Caused Reseource Depletion]
RESERVED
-CVE-2019-13009
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
+CVE-2019-13009 [Broken Access Control for the Content of Personal Snippets]
RESERVED
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13008
RESERVED
-CVE-2019-13007
+CVE-2019-13007 [Enabling One of the Service Templates Could Cause Resource Depletion]
RESERVED
-CVE-2019-13006
+ - gitlab <not-affected> (Only affects 11.1 and later)
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
+CVE-2019-13006 [Number of Merge Requests was Accessible]
RESERVED
-CVE-2019-13005
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
+CVE-2019-13005 [Authorization Issues in GraphQL]
RESERVED
-CVE-2019-13004
+ [experimental] - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects 11.10 and later)
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
+CVE-2019-13004 [Error Caused by Encoded Characters in Comments]
RESERVED
-CVE-2019-13003
+ - gitlab <not-affected> (Only affects 11.1 and later)
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
+CVE-2019-13003 [Resource Exhaustion Attack]
RESERVED
-CVE-2019-13002
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
+CVE-2019-13002 [Recent Pipeline Information Disclosed to Unauthorised Users]
RESERVED
-CVE-2019-13001
+ [experimental] - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects 11.10 and later)
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
+CVE-2019-13001 [Ability to Write a Note to a Private Snippet]
RESERVED
+ [experimental] - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects 11.9 and later)
+ NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13000
RESERVED
CVE-2019-12999
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f82d4bb4ac5e2c01aaea91b35c8735ccfe6d5b4c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f82d4bb4ac5e2c01aaea91b35c8735ccfe6d5b4c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190703/dcf62e3a/attachment.html>
More information about the debian-security-tracker-commits
mailing list