[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Oct 4 16:01:46 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af7e49a2 by Moritz Muehlenhoff at 2023-10-04T17:01:02+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -533,7 +533,7 @@ CVE-2023-5301 (A vulnerability classified as critical was found in DedeCMS 5.7.1
 CVE-2023-5300 (A vulnerability classified as critical has been found in TTSPlanning u ...)
 	NOT-FOR-US: TTSPlanning
 CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting all versi ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...)
 	{DLA-3598-1}
 	- libvpx 1.12.0-1.2
@@ -695,7 +695,7 @@ CVE-2023-41657 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write response' pac ...)
 	NOT-FOR-US: Silabs
 CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible for a r ...)
@@ -703,7 +703,7 @@ CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible f
 CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to  an Insecure File  ...)
 	NOT-FOR-US: Gym Management System Project
 CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine d ...)
@@ -713,7 +713,7 @@ CVE-2023-5053 (Hospital management system version 378c157 allows to bypass authe
 CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authentica ...)
 	NOT-FOR-US: Hospital management system
 CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...)
 	NOT-FOR-US: Zod
 CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...)
@@ -760,21 +760,21 @@ CVE-2023-43014 (Asset Management System v1.0 is vulnerable to  an Authenticated
 CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an  unauthenticated SQL  ...)
 	NOT-FOR-US: Asset Management System
 CVE-2023-3979 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-3922 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-3920 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-3917 (Denial of Service in pipelines affecting all versions of Gitlab EE and ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2023-3914 (A business logic error in GitLab EE affecting all versions prior to 16 ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2023-3906 (An input validation issue in the asset proxy in GitLab EE, affecting a ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2023-3775 (A Vault Enterprise Sentinel Role Governing Policy created by an operat ...)
 	NOT-FOR-US: HashiCorp Vault
 CVE-2023-3115 (An issue has been discovered in GitLab EE affecting all versions affec ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an im ...)
 	NOT-FOR-US: Dell
 CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output error backt ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af7e49a2901a6e4762ca779885efe88d6efdfd16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af7e49a2901a6e4762ca779885efe88d6efdfd16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231004/d0b7cac8/attachment.htm>

More information about the debian-security-tracker-commits mailing list