[Git][security-tracker-team/security-tracker][master] record older gitlab fixes

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 2 19:39:47 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bab946cc by Moritz Muehlenhoff at 2025-04-02T20:39:25+02:00
record older gitlab fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60943,7 +60943,7 @@ CVE-2024-4660 (An issue has been discovered in GitLab EE affecting all versions
 CVE-2024-4612 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0 or newer ...)
 	NOT-FOR-US: Cleanlab project
 CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all versions of t ...)
@@ -68999,15 +68999,15 @@ CVE-2024-5423 (Multiple Denial of Service (DoS) conditions has been discovered i
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/463807
 	NOTE: https://hackerone.com/reports/2518563
 CVE-2024-4784 (An issue was discovered in GitLab EE starting from version 16.7 before ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/461248
 	NOTE: https://hackerone.com/reports/2486223
 CVE-2024-4210 (A Denial of Service (DoS) condition has been discovered in GitLab CE/E ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/458245
 	NOTE: https://hackerone.com/reports/2431562
 CVE-2024-4207 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/458236
 	NOTE: https://hackerone.com/reports/2473917
 CVE-2024-42493 (Dorsett Controls InfoScan is vulnerable due to a leak of possible  sen ...)
@@ -69088,11 +69088,11 @@ CVE-2024-3958 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is vulnerable t ...)
 	NOT-FOR-US: KAON AR2140 routers
 CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/452547
 	NOTE: https://hackerone.com/reports/2416630
 CVE-2024-3035 (A permission check vulnerability in GitLab CE/EE affecting all version ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/452297
 	NOTE: https://hackerone.com/reports/2424715
 CVE-2024-39815 (Improper check or handling of exceptional conditions vulnerability  af ...)
@@ -76239,7 +76239,7 @@ CVE-2024-5528 (An issue was discovered in GitLab CE/EE affecting all versions pr
 	- gitlab <unfixed>
 CVE-2024-2880 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
 	[experimental] - gitlab 16.11.6-1
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-6595 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
 	[experimental] - gitlab 16.11.6-1
 	- gitlab <unfixed>
@@ -79407,7 +79407,7 @@ CVE-2024-4570 (The Elementor Addon Elements plugin for WordPress is vulnerable t
 CVE-2024-4569 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4557 (Multiple Denial of Service (DoS) conditions has been discovered in Git ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-4011 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
 	- gitlab <unfixed>
 CVE-2024-3959 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
@@ -88985,7 +88985,7 @@ CVE-2023-7045 (A CSRF vulnerability exists within GitLab CE/EE from versions 13.
 	- gitlab 17.3.5-2
 	NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
 CVE-2024-2874 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
 CVE-2024-4835 (A XSS condition exists within GitLab in versions 15.11 before 16.10.6, ...)
 	- gitlab <unfixed>
@@ -96321,7 +96321,7 @@ CVE-2024-4672 (A vulnerability classified as problematic was found in Campcodes
 CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all versions from  ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does not have  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3590 (The LetterPress  WordPress plugin through 1.2.2 does not have CSRF che ...)
@@ -101864,9 +101864,9 @@ CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an a
 CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions of GitLa ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local att ...)
 	NOT-FOR-US: DedeCMS
 CVE-2024-28241 (The GLPI Agent is a generic management agent. Prior to version 1.7.2,  ...)
@@ -105872,7 +105872,7 @@ CVE-2023-32295 (Missing Authorization vulnerability in Alex Tselegidis Easy!Appo
 CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in the AMC2 ...)
 	NOT-FOR-US: Bosch
 CVE-2024-3092 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-2279 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab 17.3.5-2
 CVE-2023-6489 (A denial of service vulnerability was identified in GitLab CE/EE, vers ...)
@@ -110985,7 +110985,7 @@ CVE-2024-2997 (A vulnerability was found in Bdtask Multi-Store Inventory Managem
 CVE-2024-2890 (Unrestricted Upload of File with Dangerous Type vulnerability in Tumul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2818 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-2111 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2110 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab946cc9ae89efa4de4c357bf9a66ecc63da755

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab946cc9ae89efa4de4c357bf9a66ecc63da755
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250402/d423b21f/attachment.htm>

More information about the debian-security-tracker-commits mailing list