[Git][security-tracker-team/security-tracker][master] Track new gitlab issues

Salvatore Bonaccorso carnil at debian.org
Mon Sep 9 07:55:38 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e529f42 by Salvatore Bonaccorso at 2019-09-09T06:55:02Z
Track new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -863,48 +863,100 @@ CVE-2019-15743
 	RESERVED
 CVE-2019-15742
 	RESERVED
-CVE-2019-15741
+CVE-2019-15741 [Privilege Escalation via Logrotate]
 	RESERVED
-CVE-2019-15740
+	NOT-FOR-US: GitLab Omnibus
+CVE-2019-15740 [EXIF Geolocation Data Exposure]
 	RESERVED
-CVE-2019-15739
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15739 [Stored XSS via Markdown]
 	RESERVED
-CVE-2019-15738
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15738 [Disclosure of Merge Request IDs]
 	RESERVED
-CVE-2019-15737
+	- gitlab <not-affected> (Only affects 12.0 and later)
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15737 [Weak Authentication In Certain Account Actions]
 	RESERVED
-CVE-2019-15736
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15736 [Potential Denial of Service via CI Pipelines]
 	RESERVED
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
 CVE-2019-15735
 	RESERVED
-CVE-2019-15734
+CVE-2019-15734 [Disclosure of Commit Title and Comments]
 	RESERVED
-CVE-2019-15733
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15733 [Default Branch Name Exposure]
 	RESERVED
-CVE-2019-15732
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15732 [Project Visibility Restriction Bypass]
 	RESERVED
-CVE-2019-15731
+	- gitlab <not-affected> (Only affects 12.2 and later)
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15731 [Merge Request Discussion Restriction Bypass]
 	RESERVED
-CVE-2019-15730
+	- gitlab <not-affected> (Only affects 12.0 and later)
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15730 [Server-Side Request Forgery in Jira Integration]
 	RESERVED
-CVE-2019-15729
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15729 [Pipeline Status Disclosure]
 	RESERVED
-CVE-2019-15728
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15728 [Kubernetes Integration Server-Side Request Forgery]
 	RESERVED
-CVE-2019-15727
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15727 [CI Metrics Disclosure]
 	RESERVED
-CVE-2019-15726
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15726 [User IP Disclosed by Embedded Image and Media]
 	RESERVED
-CVE-2019-15725
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15725 [IDOR in Epic Notes API]
 	RESERVED
-CVE-2019-15724
+	- gitlab <not-affected> (only affects 12.0 and later)
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15724 [Label Description HTML Injection]
 	RESERVED
-CVE-2019-15723
+	- gitlab <not-affected> (Only affects 11.10 and later)
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15723 [Push Rule Bypass]
 	RESERVED
-CVE-2019-15722
+	- gitlab <not-affected> (Only affects versions 11.9.4-11.10.0)
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15722 [Markdown Clientside Resource Exhaustion]
 	RESERVED
-CVE-2019-15721
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15721 [Group Runner Authorization Issue]
 	RESERVED
+	[experimental] - gitlab 12.0.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
 CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pr ...)
 	NOT-FOR-US: CloudBerry Backup
 CVE-2019-15719



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e529f4245c05c03a74fda522070cbd00a9294cd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e529f4245c05c03a74fda522070cbd00a9294cd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190909/d767abc4/attachment.html>

More information about the debian-security-tracker-commits mailing list