[Git][security-tracker-team/security-tracker][master] older gitlab issues fixed

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 3 08:33:33 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d6e6b2f by Moritz Muehlenhoff at 2025-04-03T09:32:47+02:00
older gitlab issues fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54700,7 +54700,7 @@ CVE-2024-6657 (A denial of service may be caused to a single peripheral device i
 CVE-2024-5474 (A potential information disclosure vulnerability was reported in Lenov ...)
 	NOT-FOR-US: Lenovo
 CVE-2024-5005 (An issue has been discovered discovered in GitLab EE/CE affecting all  ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-4132 (A DLL hijack vulnerability was reported in Lenovo Lock Screen that cou ...)
 	NOT-FOR-US: Lenovo
 CVE-2024-4131 (A DLL hijack vulnerability was reported in Lenovo Emulator that could  ...)
@@ -61056,7 +61056,7 @@ CVE-2024-6017 (The Music Request Manager WordPress plugin through 1.3 does not h
 CVE-2024-5799 (The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5435 (An issue has been discovered discovered in GitLab EE/CE affecting all  ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-4660 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-4612 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -69114,7 +69114,7 @@ CVE-2024-6329 (An issue was discovered in GitLab CE/EE affecting all versions st
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/468937
 	NOTE: https://hackerone.com/reports/2542483
 CVE-2024-5423 (Multiple Denial of Service (DoS) conditions has been discovered in Git ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/463807
 	NOTE: https://hackerone.com/reports/2518563
 CVE-2024-4784 (An issue was discovered in GitLab EE starting from version 16.7 before ...)
@@ -69201,7 +69201,7 @@ CVE-2024-40476 (A Cross-Site Request Forgery (CSRF) vulnerability was found in S
 CVE-2024-40475 (SourceCodester Best House Rental Management System v1.0 is vulnerable  ...)
 	NOT-FOR-US: SourceCodester Best House Rental Management System
 CVE-2024-3958 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/456988
 	NOTE: https://hackerone.com/reports/2437784
 CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is vulnerable t ...)
@@ -79513,11 +79513,11 @@ CVE-2024-5655 (An issue was discovered in GitLab CE/EE affecting all versions st
 CVE-2024-5601 (The Create by Mediavine plugin for WordPress is vulnerable to Stored C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5430 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-5289 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4901 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-4704 (The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4664 (The WP Chat App WordPress plugin before 3.6.5 does not sanitise and es ...)
@@ -79529,9 +79529,9 @@ CVE-2024-4569 (The Elementor Addon Elements plugin for WordPress is vulnerable t
 CVE-2024-4557 (Multiple Denial of Service (DoS) conditions has been discovered in Git ...)
 	- gitlab 17.3.5-2
 CVE-2024-4011 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-3959 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-3115 (An issue was discovered in GitLab EE affecting all versions starting f ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-3111 (The Interactive Content  WordPress plugin before 1.15.8 does not valid ...)
@@ -83384,7 +83384,7 @@ CVE-2024-4615 (The Elespare \u2013 Blog, Magazine and Newspaper Addons for Eleme
 CVE-2024-4576 (The component listed above contains a vulnerability that allows an att ...)
 	NOT-FOR-US: TIBCO
 CVE-2024-4201 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-4149 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4145 (The Search & Replace WordPress plugin before 3.2.2 does not sanitize a ...)
@@ -88866,7 +88866,7 @@ CVE-2024-5274 (Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 all
 CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows  ...)
 	NOT-FOR-US: Thales Luna EFT
 CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...)
 	NOT-FOR-US: OpenText Dimensions RM
 CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an authenticated  ...)
@@ -89108,7 +89108,7 @@ CVE-2024-2874 (An issue has been discovered in GitLab CE/EE affecting all versio
 	- gitlab 17.3.5-2
 	NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
 CVE-2024-4835 (A XSS condition exists within GitLab in versions 15.11 before 16.10.6, ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
 CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...)
 	NOT-FOR-US: Arris VAP2500
@@ -101934,9 +101934,9 @@ CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation ('Cro
 CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block Gallery p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d6e6b2f21af40772ac3386621550dc3a4d7bfbf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d6e6b2f21af40772ac3386621550dc3a4d7bfbf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250403/742737f6/attachment.htm>

More information about the debian-security-tracker-commits mailing list