[Git][security-tracker-team/security-tracker][master] CVE-2021-39892,39939,39943/gitlab - add notes
Neil Williams (@codehelp)
codehelp at debian.org
Mon Feb 14 09:56:15 GMT 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7ae7daf by Neil Williams at 2022-02-14T09:55:44+00:00
CVE-2021-39892,39939,39943/gitlab - add notes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29706,7 +29706,8 @@ CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all ve
CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...)
- TODO: check
+ - gitlab <unfixed>
+ TODO: reach out for details
CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
- gitlab <unfixed>
CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...)
@@ -29714,7 +29715,10 @@ CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions
CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...)
- TODO: check
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630
+ NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/
+ NOTE: fix released in 14.3.4, 14.6 in experimental.
CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...)
- gitlab <unfixed>
CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...)
@@ -29846,7 +29850,9 @@ CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebindi
CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
- gitlab <unfixed>
CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...)
- TODO: check
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440
+ NOTE: fix released in 14.3.1, 14.6 in experimental.
CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
- gitlab <unfixed>
CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7ae7daf9b71cc479c4be9dd557f2a7e2b700a3c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7ae7daf9b71cc479c4be9dd557f2a7e2b700a3c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/ac292d2d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list