[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 6 13:36:17 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6eb5146f by Moritz Muehlenhoff at 2022-07-06T14:34:30+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -993,7 +993,7 @@ CVE-2022-2272
 CVE-2022-2271
 	RESERVED
 CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-2269
 	RESERVED
 CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...)
@@ -1183,7 +1183,7 @@ CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior to
 CVE-2022-2251
 	RESERVED
 CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-46826
 	RESERVED
 CVE-2021-46825
@@ -1259,9 +1259,9 @@ CVE-2022-34735
 CVE-2022-2245
 	RESERVED
 CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting all  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-2242
 	RESERVED
 CVE-2022-2241
@@ -1278,7 +1278,7 @@ CVE-2022-2237
 CVE-2022-2236
 	RESERVED
 CVE-2022-2235 (Insufficient sanitization in GitLab EE's external issue tracker affect ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2017-20138
 	RESERVED
 CVE-2017-20137
@@ -1321,13 +1321,13 @@ CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
 	NOTE: https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 (v8.2.5169)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2230 (A Stored Cross-Site Scripting vulnerability in the project settings pa ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-2229 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-2228 (Information exposure in GitLab EE affecting all versions from 12.0 pri ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE affecti ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-2226
 	RESERVED
 	{DSA-5175-1}
@@ -2405,7 +2405,7 @@ CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=a
 CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet/IP co ...)
 	NOT-FOR-US: YOKOGAWA
 CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-2184
 	RESERVED
 CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
@@ -7625,11 +7625,11 @@ CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to reflec
 CVE-2022-1984
 	RESERVED
 CVE-2022-1983 (Incorrect authorization in GitLab EE affecting all versions from 10.7  ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2022-1982 (Uncontrolled resource consumption in Mattermost version 6.6.0 and earl ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-1981 (An issue has been discovered in GitLab EE affecting all versions start ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2022-1980 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...)
 	NOT-FOR-US: SourceCodester Product Show Room Site
 CVE-2022-1979 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...)
@@ -7877,7 +7877,7 @@ CVE-2022-32160
 CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...)
 	NOT-FOR-US: openlibrary
 CVE-2022-1963 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-4233
 	RESERVED
 CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 9.0 let client ...)
@@ -7947,7 +7947,7 @@ CVE-2022-1956
 CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...)
 	TODO: check
 CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1952



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eb5146fe23a1fe151747118d443d3bdcd5a4a7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eb5146fe23a1fe151747118d443d3bdcd5a4a7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220706/4d674323/attachment.htm>

More information about the debian-security-tracker-commits mailing list