Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bab946cc by Moritz Muehlenhoff at 2025-04-02T20:39:25+02:00
record older gitlab fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -60943,7 +60943,7 @@ CVE-2024-4660 (An issue has been discovered in GitLab
EE affecting all versions
CVE-2024-4612 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0
or newer ...)
NOT-FOR-US: Cleanlab project
CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all
versions of t ...)
@@ -68999,15 +68999,15 @@ CVE-2024-5423 (Multiple Denial of Service (DoS)
conditions has been discovered i
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/463807
NOTE: https://hackerone.com/reports/2518563
CVE-2024-4784 (An issue was discovered in GitLab EE starting from version 16.7
before ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/461248
NOTE: https://hackerone.com/reports/2486223
CVE-2024-4210 (A Denial of Service (DoS) condition has been discovered in
GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/458245
NOTE: https://hackerone.com/reports/2431562
CVE-2024-4207 (A cross-site scripting issue has been discovered in GitLab
affecting a ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/458236
NOTE: https://hackerone.com/reports/2473917
CVE-2024-42493 (Dorsett Controls InfoScan is vulnerable due to a leak of
possible sen ...)
@@ -69088,11 +69088,11 @@ CVE-2024-3958 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is
vulnerable t ...)
NOT-FOR-US: KAON AR2140 routers
CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/452547
NOTE: https://hackerone.com/reports/2416630
CVE-2024-3035 (A permission check vulnerability in GitLab CE/EE affecting all
version ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/452297
NOTE: https://hackerone.com/reports/2424715
CVE-2024-39815 (Improper check or handling of exceptional conditions
vulnerability af ...)
@@ -76239,7 +76239,7 @@ CVE-2024-5528 (An issue was discovered in GitLab CE/EE
affecting all versions pr
- gitlab <unfixed>
CVE-2024-2880 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
[experimental] - gitlab 16.11.6-1
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-6595 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
[experimental] - gitlab 16.11.6-1
- gitlab <unfixed>
@@ -79407,7 +79407,7 @@ CVE-2024-4570 (The Elementor Addon Elements plugin for
WordPress is vulnerable t
CVE-2024-4569 (The Elementor Addon Elements plugin for WordPress is vulnerable
to Sto ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4557 (Multiple Denial of Service (DoS) conditions has been discovered
in Git ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-4011 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- gitlab <unfixed>
CVE-2024-3959 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
@@ -88985,7 +88985,7 @@ CVE-2023-7045 (A CSRF vulnerability exists within
GitLab CE/EE from versions 13.
- gitlab 17.3.5-2
NOTE:
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
CVE-2024-2874 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
NOTE:
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
CVE-2024-4835 (A XSS condition exists within GitLab in versions 15.11 before
16.10.6, ...)
- gitlab <unfixed>
@@ -96321,7 +96321,7 @@ CVE-2024-4672 (A vulnerability classified as
problematic was found in Campcodes
CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does
not have ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3590 (The LetterPress WordPress plugin through 1.2.2 does not have
CSRF che ...)
@@ -101864,9 +101864,9 @@ CVE-2024-30890 (Cross Site Scripting vulnerability in
ED01-CMS v.1.0 allows an a
CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in
\u5927\u4fa0WP DX-W ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions
of GitLa ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a
local att ...)
NOT-FOR-US: DedeCMS
CVE-2024-28241 (The GLPI Agent is a generic management agent. Prior to version
1.7.2, ...)
@@ -105872,7 +105872,7 @@ CVE-2023-32295 (Missing Authorization vulnerability
in Alex Tselegidis Easy!Appo
CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in
the AMC2 ...)
NOT-FOR-US: Bosch
CVE-2024-3092 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-2279 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 17.3.5-2
CVE-2023-6489 (A denial of service vulnerability was identified in GitLab
CE/EE, vers ...)
@@ -110985,7 +110985,7 @@ CVE-2024-2997 (A vulnerability was found in Bdtask
Multi-Store Inventory Managem
CVE-2024-2890 (Unrestricted Upload of File with Dangerous Type vulnerability
in Tumul ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2818 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-2111 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2110 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab946cc9ae89efa4de4c357bf9a66ecc63da755
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab946cc9ae89efa4de4c357bf9a66ecc63da755
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
