Skip to content

Commit

Permalink
feat: Updated at 20250214070409
Browse files Browse the repository at this point in the history 
Signed-off-by: bitnami-bot <[email protected]>
  • Loading branch information
@bitnami-bot
bitnami-bot committed Feb 14, 2025
1 parent 471d2b2 commit 73e9e09
Show file tree
Hide file tree
Showing 28 changed files with 541 additions and 40 deletions.
67 changes: 67 additions & 0 deletions data/gitlab/BIT-gitlab-2024-12379.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
{
"schema_version": "1.5.0",
"id": "BIT-gitlab-2024-12379",
"details": "A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.",
"aliases": [
"CVE-2024-12379"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "gitlab",
"purl": "pkg:bitnami/gitlab"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "14.1.0"
},
{
"fixed": "17.6.5"
},
{
"introduced": "17.7.0"
},
{
"fixed": "17.7.4"
},
{
"introduced": "17.8.0"
},
{
"fixed": "17.8.2"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508559"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2871791"
}
],
"published": "2025-02-14T07:28:15.733Z",
"modified": "2025-02-14T07:43:44.865Z"
}
55 changes: 55 additions & 0 deletions data/gitlab/BIT-gitlab-2024-7102.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"schema_version": "1.5.0",
"id": "BIT-gitlab-2024-7102",
"details": "An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.",
"aliases": [
"CVE-2024-7102"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "gitlab",
"purl": "pkg:bitnami/gitlab"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "16.4.0"
},
{
"fixed": "17.5.0"
}
]
}
]
}
],
"database_specific": {
"severity": "Critical",
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/474414"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2623063"
}
],
"published": "2025-02-14T07:16:54.400Z",
"modified": "2025-02-14T07:43:44.865Z"
}
55 changes: 55 additions & 0 deletions data/gitlab/BIT-gitlab-2024-8266.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"schema_version": "1.5.0",
"id": "BIT-gitlab-2024-8266",
"details": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.",
"aliases": [
"CVE-2024-8266"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "gitlab",
"purl": "pkg:bitnami/gitlab"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "17.1.0"
},
{
"fixed": "17.6.0"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/481531"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2649798"
}
],
"published": "2025-02-14T07:14:42.511Z",
"modified": "2025-02-14T07:43:44.865Z"
}
66 changes: 66 additions & 0 deletions data/gitlab/BIT-gitlab-2024-9870.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
{
"schema_version": "1.5.0",
"id": "BIT-gitlab-2024-9870",
"details": "An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.",
"aliases": [
"CVE-2024-9870"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "gitlab",
"purl": "pkg:bitnami/gitlab"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "15.11.0"
},
{
"fixed": "17.6.5"
},
{
"introduced": "17.7.0"
},
{
"fixed": "17.7.4"
},
{
"introduced": "17.8.0"
},
{
"fixed": "17.8.2"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/498911"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2734142"
}
],
"published": "2025-02-14T07:11:27.899Z",
"modified": "2025-02-14T07:43:44.865Z"
}
67 changes: 67 additions & 0 deletions data/gitlab/BIT-gitlab-2025-0376.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
{
"schema_version": "1.5.0",
"id": "BIT-gitlab-2025-0376",
"details": "An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.",
"aliases": [
"CVE-2025-0376"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "gitlab",
"purl": "pkg:bitnami/gitlab"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "13.3.0"
},
{
"fixed": "17.6.5"
},
{
"introduced": "17.7.0"
},
{
"fixed": "17.7.4"
},
{
"introduced": "17.8.0"
},
{
"fixed": "17.8.2"
}
]
}
]
}
],
"database_specific": {
"severity": "High",
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512603"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2930243"
}
],
"published": "2025-02-14T07:10:51.887Z",
"modified": "2025-02-14T07:43:44.865Z"
}
61 changes: 61 additions & 0 deletions data/gitlab/BIT-gitlab-2025-0516.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"schema_version": "1.5.0",
"id": "BIT-gitlab-2025-0516",
"details": "Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.",
"aliases": [
"CVE-2025-0516"
],
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "gitlab",
"purl": "pkg:bitnami/gitlab"
},
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "17.7.0"
},
{
"fixed": "17.7.4"
},
{
"introduced": "17.8.0"
},
{
"fixed": "17.8.2"
}
]
}
]
}
],
"database_specific": {
"severity": "Medium",
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
]
},
"references": [
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/513540"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2914644"
}
],
"published": "2025-02-14T07:10:40.492Z",
"modified": "2025-02-14T07:43:44.865Z"
}
Loading

0 comments on commit 73e9e09

Please sign in to comment.