[Git][security-tracker-team/security-tracker][master] Sync several gitlab issues with advisory from May 27, 2020

Salvatore Bonaccorso Wed, 12 Aug 2020 12:45:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d70c8282 by Salvatore Bonaccorso at 2020-08-12T21:43:28+02:00
Sync several gitlab issues with advisory from May 27, 2020

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9975,37 +9975,50 @@ CVE-2020-13278
 CVE-2020-13277 (An authorization issue in the mirroring logic allowed read 
access to p ...)
        - gitlab <unfixed>
 CVE-2020-13276 (User is allowed to set an email as a notification email even 
without v ...)
-       - gitlab <unfixed>
+       - gitlab 13.2.3-2
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13275 (A user with an unverified email address could request an 
access to dom ...)
-       - gitlab <not-affected> (Specific to EE)
+       - gitlab <not-affected> (Only affects GitLab EE/CE 12.2 and later)
 CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks 
through m ...)
-       - gitlab <unfixed>
+       - gitlab 13.2.3-2
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the 
system resour ...)
-       - gitlab <unfixed>
+       - gitlab <not-affected> (Only affects GitLab 12.0 and later)
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later 
through 13 ...)
        - gitlab <unfixed>
 CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the 
execution of a ...)
-       - gitlab <unfixed>
+       - gitlab 13.2.3-2
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13270 (Missing permission check on fork relation creation in GitLab 
CE/EE 11. ...)
-       - gitlab <unfixed>
+       - gitlab 13.2.3-2
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the 
execution o ...)
-       - gitlab <unfixed>
+       - gitlab <not-affected> (Only affects GitLab 12.10 and later)
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13268 (A specially crafted request could be used to confirm the 
existence of  ...)
-       - gitlab <unfixed>
+       - gitlab <not-affected> (Only affects GitLab 12.10 and later)
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the 
execution on J ...)
-       - gitlab <unfixed>
+       - gitlab <not-affected> (Only affects GitLab 12.8 and later)
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 
12.8 and ...)
-       - gitlab <unfixed>
+       - gitlab <not-affected> (Only affects GitLab 12.8 and later)
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later 
through  ...)
-       - gitlab <unfixed>
+       - gitlab <not-affected> (Only affects GitLab 12.5 and later)
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and 
later thr ...)
-       - gitlab <unfixed>
+       - gitlab 13.2.3-2
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13263 (An authorization issue relating to project maintainer 
impersonation wa ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab 
CE/EE 12.9 ...)
-       - gitlab <unfixed>
+       - gitlab <not-affected> (Only affects GitLab 12.9 and later)
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and 
later throu ...)
-       - gitlab <unfixed>
+       - gitlab <not-affected> (Only affects GitLab 12.6 and later)
+       NOTE: 
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
 CVE-2020-13260
        RESERVED
 CVE-2020-13259



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d70c82829078c52e6acf0f2c9ad1b58e0d90d344

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d70c82829078c52e6acf0f2c9ad1b58e0d90d344
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Sync several gitlab issues with advisory from May 27, 2020

Reply via email to