Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ab500b6 by Salvatore Bonaccorso at 2019-01-03T06:49:40Z
Add new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -747,8 +747,10 @@ CVE-2018-20511 (An issue was discovered in the Linux 
kernel before 4.18.11. The
        - linux 4.18.20-1
        [stretch] - linux 4.9.130-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
-CVE-2018-20507
+CVE-2018-20507 [Missing authentication for Prometheus alert endpoint]
        RESERVED
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20506
        RESERVED
 CVE-2018-20505
@@ -759,34 +761,62 @@ CVE-2018-20503
        RESERVED
 CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an 
attempt at ...)
        NOT-FOR-US: Bento4
-CVE-2018-20501
+CVE-2018-20501 [Missing authorization control merge requests]
        RESERVED
-CVE-2018-20500
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20500 [Improper access control CI/CD settings]
        RESERVED
-CVE-2018-20499
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20499 [SSRF in project imports with LFS]
        RESERVED
-CVE-2018-20498
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20498 [Improper access control branches and tags]
        RESERVED
-CVE-2018-20497
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20497 [SSRF repository mirroring]
        RESERVED
-CVE-2018-20496
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20496 [Persistent XSS label reference]
        RESERVED
-CVE-2018-20495
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20495 [CI job token LFS error message disclosure]
        RESERVED
-CVE-2018-20494
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20494 [Guest user CI job disclosure]
        RESERVED
-CVE-2018-20493
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20493 [Source code disclosure merge request diff]
        RESERVED
-CVE-2018-20492
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20492 [Todos improper access control]
        RESERVED
-CVE-2018-20491
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20491 [Persistent XSS wiki in IE browser]
        RESERVED
-CVE-2018-20490
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20490 [Persistent XSS Autocompletion]
        RESERVED
-CVE-2018-20489
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20489 [URL rel attribute not set]
        RESERVED
-CVE-2018-20488
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
+CVE-2018-20488 [Secret CI variable exposure]
        RESERVED
+       - gitlab <unfixed>
+       NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20487
        RESERVED
 CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the 
/admin/login/login_check.php ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ab500b6943d9a672f139b548b13e4bfada55167

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ab500b6943d9a672f139b548b13e4bfada55167
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to