[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 6 16:55:42 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
200ce118 by Moritz Mühlenhoff at 2023-04-06T17:54:53+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -825,7 +825,7 @@ CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefl
 CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/firef ...)
 	NOT-FOR-US: firefly-iii
 CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-1786
 	RESERVED
 CVE-2023-1785 (A vulnerability was found in SourceCodester Earnings and Expense Track ...)
@@ -1179,7 +1179,7 @@ CVE-2023-1735 (A vulnerability classified as critical was found in SourceCodeste
 CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System
 CVE-2023-1733 (A denial of service condition exists in the Prometheus server bundled  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-1732
 	RESERVED
 CVE-2023-1731
@@ -1247,7 +1247,7 @@ CVE-2023-29023
 CVE-2023-29022
 	RESERVED
 CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-1709
 	RESERVED
 CVE-2023-29021
@@ -1386,7 +1386,7 @@ CVE-2023-28960
 CVE-2023-28959
 	RESERVED
 CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-1707
 	RESERVED
 CVE-2023-1706
@@ -3412,7 +3412,7 @@ CVE-2023-1419
 CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System
 CVE-2023-1417 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-1416 (A vulnerability classified as critical has been found in Simple Art Ga ...)
 	NOT-FOR-US: Simple Art Gallery
 CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...)
@@ -6051,7 +6051,7 @@ CVE-2015-10089 (A vulnerability classified as problematic has been found in flam
 CVE-2023-1168 (An authenticated remote code execution vulnerability exists in the AOS ...)
 	NOT-FOR-US: HPE
 CVE-2023-1167 (Improper authorization in Gitlab EE affecting all versions from 12.3.0 ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2023-1166
 	RESERVED
 CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...)
@@ -6794,7 +6794,7 @@ CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm
 CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...)
 	NOT-FOR-US: pg_ivm
 CVE-2023-1098 (An information disclosure vulnerability has been discovered in GitLab  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vu ...)
 	NOT-FOR-US: Baicells EG7035-M11 devices
 CVE-2023-1096
@@ -6954,7 +6954,7 @@ CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel’s hu
 CVE-2023-1072 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2023-1071 (An issue has been discovered in GitLab affecting all versions from 15. ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPre ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/200ce118a6bc624e8074550bb02a75d735eccd97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/200ce118a6bc624e8074550bb02a75d735eccd97
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230406/bdd82107/attachment.htm>


More information about the debian-security-tracker-commits mailing list