[Git][security-tracker-team/security-tracker][master] Add some gitlab issues affecting older versions
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 31 08:53:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d7ed082 by Salvatore Bonaccorso at 2022-03-31T09:52:39+02:00
Add some gitlab issues affecting older versions
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10355,7 +10355,8 @@ CVE-2022-0489
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0488 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/23520
CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST s ...)
NOT-FOR-US: SAP
CVE-2022-24398 (Under certain conditions SAP Business Objects Business Intelligence Pl ...)
@@ -12072,7 +12073,8 @@ CVE-2022-23949
CVE-2022-23948
RESERVED
CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- TODO: check
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476
CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0369
@@ -12362,7 +12364,8 @@ CVE-2022-0346
CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/37015
CVE-2022-0343 (A local attacker, as a different local user, may be able to send a HTT ...)
NOT-FOR-US: Android
CVE-2022-0342 (An authentication bypass vulnerability in the CGI program of Zyxel USG ...)
@@ -13930,7 +13933,8 @@ CVE-2022-0284
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7
CVE-2022-0283 (An issue has been discovered affecting GitLab versions prior to 13.5. ...)
- TODO: check
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/349422
CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...)
NOT-FOR-US: microweber
CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d7ed08286eccc3784410bcbfb93a2f870103930
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d7ed08286eccc3784410bcbfb93a2f870103930
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220331/af57b2ad/attachment.htm>
More information about the debian-security-tracker-commits
mailing list