[Git][security-tracker-team/security-tracker][master] Add more gitlab issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 8 21:51:55 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbaed889 by Salvatore Bonaccorso at 2024-08-08T22:51:13+02:00
Add more gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102,13 +102,19 @@ CVE-2024-40476 (A Cross-Site Request Forgery (CSRF) vulnerability was found in S
 CVE-2024-40475 (SourceCodester Best House Rental Management System v1.0 is vulnerable  ...)
 	NOT-FOR-US: SourceCodester Best House Rental Management System
 CVE-2024-3958 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/456988
+	NOTE: https://hackerone.com/reports/2437784
 CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is vulnerable t ...)
 	TODO: check
 CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/452547
+	NOTE: https://hackerone.com/reports/2416630
 CVE-2024-3035 (A permission check vulnerability in GitLab CE/EE affecting all version ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/452297
+	NOTE: https://hackerone.com/reports/2424715
 CVE-2024-39815 (Improper check or handling of exceptional conditions vulnerability  af ...)
 	NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge repeaters
 CVE-2024-39791 (Stack-based buffer overflow vulnerabilities affecting Vonets        in ...)
@@ -120,7 +126,9 @@ CVE-2024-37382 (An issue discovered in import host feature in Ab Initio Metadata
 CVE-2024-37023 (Multiple OS command injection vulnerabilities affecting Vonets    indu ...)
 	TODO: check
 CVE-2024-2800 (ReDoS flaw in RefMatcher when matching branch names using wildcards in ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/451293
+	NOTE: https://hackerone.com/reports/2416332
 CVE-2024-29082 (Improper access control vulnerability affecting Vonets   industrial wi ...)
 	TODO: check
 CVE-2024-0108 (NVIDIA Jetson Linux contains a vulnerability in NvGPU where error hand ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbaed88938d7d0ccddf9b0e762b65bc810b88b83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbaed88938d7d0ccddf9b0e762b65bc810b88b83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240808/7354fc42/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list