Search criteria
84 vulnerabilities found for N/A by GitLab
CERTFR-2024-AVI-0433
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.0.x antérieures à 17.0.1 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.11.x antérieures à 16.11.3 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 16.10.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 17.0.x ant\u00e9rieures \u00e0 17.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.11.x ant\u00e9rieures \u00e0 16.11.3",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.10.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-6502",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6502"
},
{
"name": "CVE-2024-4835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4835"
},
{
"name": "CVE-2024-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1947"
},
{
"name": "CVE-2024-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
},
{
"name": "CVE-2024-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2874"
},
{
"name": "CVE-2023-7045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7045"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0433",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": "2024-05-22",
"title": "Bulletin de s\u00e9curit\u00e9 GitLab",
"url": "https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/"
}
]
}
CERTFR-2024-AVI-0376
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF), un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab CE et EE versions 16.9.x ant\u00e9rieures \u00e0 16.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab CE et EE versions 16.11.x ant\u00e9rieures \u00e0 16.11.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab CE et EE versions 16.10.x ant\u00e9rieures \u00e0 16.10.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6688",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6688"
},
{
"name": "CVE-2024-4539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4539"
},
{
"name": "CVE-2024-3976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3976"
},
{
"name": "CVE-2024-2878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2878"
},
{
"name": "CVE-2024-4597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4597"
},
{
"name": "CVE-2023-6682",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6682"
},
{
"name": "CVE-2024-2651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2651"
},
{
"name": "CVE-2023-6195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6195"
},
{
"name": "CVE-2024-1539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1539"
},
{
"name": "CVE-2024-1211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1211"
},
{
"name": "CVE-2024-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2454"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0376",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF), un\nd\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 08 mai 2024",
"url": "https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/"
}
]
}
CERTFR-2024-AVI-0346
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.11.x antérieures à 16.11.1 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.10.x antérieures à 16.10.4 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 16.9.6 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.11.x ant\u00e9rieures \u00e0 16.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.10.x ant\u00e9rieures \u00e0 16.10.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.9.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-2829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2829"
},
{
"name": "CVE-2024-4006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4006"
},
{
"name": "CVE-2024-2434",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2434"
},
{
"name": "CVE-2024-4024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4024"
},
{
"name": "CVE-2024-1347",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1347"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 GitLab patch-release-gitlab-16-11-1-released du 24 avril 2024",
"url": "https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/"
}
],
"reference": "CERTFR-2024-AVI-0346",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 24 avril 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0296
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.10.x antérieures à 16.10.2 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 16.8.6 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.9.x antérieures à 16.9.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.10.x ant\u00e9rieures \u00e0 16.10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.8.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.9.x ant\u00e9rieures \u00e0 16.9.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3092"
},
{
"name": "CVE-2024-2279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2279"
},
{
"name": "CVE-2023-6678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6678"
},
{
"name": "CVE-2023-6489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6489"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0296",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 10 avril 2024",
"url": "https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/"
}
]
}
CERTFR-2024-AVI-0259
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.9.x antérieures à 16.9.3 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.10.x antérieures à 16.10.1 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 16.8.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.9.x ant\u00e9rieures \u00e0 16.9.3",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.10.x ant\u00e9rieures \u00e0 16.10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6371",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6371"
},
{
"name": "CVE-2024-2818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2818"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0259",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 27 mars 2024",
"url": "https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/"
}
]
}
CERTFR-2024-AVI-0191
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.9.x antérieures à 16.9.2 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.8.x antérieures à 16.8.4 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions antérieures à 16.7.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.9.x ant\u00e9rieures \u00e0 16.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.8.x ant\u00e9rieures \u00e0 16.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.7.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0199"
},
{
"name": "CVE-2024-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1299"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0191",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 06 mars 2024",
"url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/"
}
]
}
CERTFR-2024-AVI-0155
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Gitlab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 16.7.6 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.9.x antérieures à 16.9.1 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.8.x antérieures à 16.8.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.9.x ant\u00e9rieures \u00e0 16.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.8.x ant\u00e9rieures \u00e0 16.8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6477"
},
{
"name": "CVE-2024-0410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0410"
},
{
"name": "CVE-2024-1451",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1451"
},
{
"name": "CVE-2024-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0861"
},
{
"name": "CVE-2023-6736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6736"
},
{
"name": "CVE-2023-4895",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4895"
},
{
"name": "CVE-2024-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1525"
},
{
"name": "CVE-2023-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3509"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0155",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Gitlab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Gitlab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Gitlab du 21 f\u00e9vrier 2024",
"url": "https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/"
}
]
}
CERTFR-2024-AVI-0102
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.7.x antérieures à 16.7.5 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.8.x antérieures à 16.8.2 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions antérieures à 16.6.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.7.x ant\u00e9rieures \u00e0 16.7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.8.x ant\u00e9rieures \u00e0 16.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.6.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-1250",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1250"
},
{
"name": "CVE-2024-1066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1066"
},
{
"name": "CVE-2023-6386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6386"
},
{
"name": "CVE-2023-6840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6840"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0102",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 07 f\u00e9vrier 2024",
"url": "https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/"
}
]
}
CERTFR-2024-AVI-0030
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x antérieures à 16.2.9 | ||
| GitLab | N/A | Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x antérieures à 16.1.6 | ||
| GitLab | N/A | Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x antérieures à 16.4.5 | ||
| GitLab | N/A | Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x antérieures à 16.6.4 | ||
| GitLab | N/A | Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x antérieures à 16.3.7 | ||
| GitLab | N/A | Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x antérieures à 16.7.2 | ||
| GitLab | N/A | Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x antérieures à 16.5.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x ant\u00e9rieures \u00e0 16.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x ant\u00e9rieures \u00e0 16.6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.7.x ant\u00e9rieures \u00e0 16.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "Gitlab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x ant\u00e9rieures \u00e0 16.5.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5356"
},
{
"name": "CVE-2023-6955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6955"
},
{
"name": "CVE-2023-2030",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2030"
},
{
"name": "CVE-2023-7028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7028"
},
{
"name": "CVE-2023-4812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4812"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0030",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 11 janvier 2024",
"url": "https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/"
}
]
}
CERTFR-2023-AVI-1027
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 16.6.x antérieures à 16.6.2 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 16.5.x antérieures à 16.5.4 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 16.6.x antérieures à 16.6.2 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 16.4.x antérieures à 16.4.4 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 16.5.x antérieures à 16.5.4 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 16.4.x antérieures à 16.4.4 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Enterprise Edition (EE) versions 16.6.x ant\u00e9rieures \u00e0 16.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 16.5.x ant\u00e9rieures \u00e0 16.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 16.6.x ant\u00e9rieures \u00e0 16.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 16.5.x ant\u00e9rieures \u00e0 16.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6051"
},
{
"name": "CVE-2023-3907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3907"
},
{
"name": "CVE-2023-5061",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5061"
},
{
"name": "CVE-2023-5512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5512"
},
{
"name": "CVE-2023-3904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3904"
},
{
"name": "CVE-2023-6680",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6680"
},
{
"name": "CVE-2023-6564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6564"
},
{
"name": "CVE-2023-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3511"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-14T00:00:00.000000"
},
{
"description": "Correction coquille.",
"revision_date": "2023-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\n\u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab security-release-gitlab-16-6-2-released du 13 d\u00e9cembre 2023",
"url": "https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16-6-2-released/"
}
]
}
CERTFR-2023-AVI-0991
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab CE et EE versions 16.5.x ant\u00e9rieures \u00e0 16.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab CE et EE versions 16.4.x ant\u00e9rieures \u00e0 16.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.6.x ant\u00e9rieures \u00e0 16.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4317"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2023-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3401"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-6033",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6033"
},
{
"name": "CVE-2023-5995",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5995"
},
{
"name": "CVE-2023-3443",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3443"
},
{
"name": "CVE-2023-5226",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5226"
},
{
"name": "CVE-2023-6396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6396"
},
{
"name": "CVE-2023-4912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4912"
},
{
"name": "CVE-2023-3964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3964"
},
{
"name": "CVE-2023-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4658"
},
{
"name": "CVE-2023-3949",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3949"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0991",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 30 novembre 2023",
"url": "https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/"
}
]
}
CERTFR-2023-AVI-0905
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x antérieures à 16.5.1 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x antérieures à 16.4.2 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 16.3.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.5.x ant\u00e9rieures \u00e0 16.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 16.3.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3399",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3399"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-3246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3246"
},
{
"name": "CVE-2023-5831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5831"
},
{
"name": "CVE-2023-3909",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3909"
},
{
"name": "CVE-2023-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5600"
},
{
"name": "CVE-2023-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4700"
},
{
"name": "CVE-2023-5825",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5825"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0905",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 31 octobre 2023",
"url": "https://about.gitlab.com/releases/2023/10/31/security-release-gitlab-16-5-1-16-4-2-16-3-6-released/"
}
]
}
CERTFR-2023-AVI-0792
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 11.2.x à 16.x antérieures à 16.2.8 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x antérieures à 16.3.5 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x antérieures à 16.4.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 11.2.x \u00e0 16.x ant\u00e9rieures \u00e0 16.2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.4.x ant\u00e9rieures \u00e0 16.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5198"
},
{
"name": "CVE-2023-4532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4532"
},
{
"name": "CVE-2023-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4379"
},
{
"name": "CVE-2023-2233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2233"
},
{
"name": "CVE-2023-3906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3906"
},
{
"name": "CVE-2023-3413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3413"
},
{
"name": "CVE-2023-3922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3922"
},
{
"name": "CVE-2023-3920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3920"
},
{
"name": "CVE-2023-5207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5207"
},
{
"name": "CVE-2023-3917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3917"
},
{
"name": "CVE-2023-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0989"
},
{
"name": "CVE-2023-3914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3914"
},
{
"name": "CVE-2023-3979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3979"
},
{
"name": "CVE-2023-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4658"
},
{
"name": "CVE-2023-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3115"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0792",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 28 septembre 2023",
"url": "https://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/"
}
]
}
CERTFR-2023-AVI-0761
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans GitLab CE et Gitlab EE. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 13.12.x à 16.2.x antérieures à 16.2.7 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 13.12.x à 16.2.x antérieures à 16.2.7 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 16.3.x antérieures à 16.3.4 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 16.3.x antérieures à 16.3.4 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Enterprise Edition (EE) versions 13.12.x \u00e0 16.2.x ant\u00e9rieures \u00e0 16.2.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 13.12.x \u00e0 16.2.x ant\u00e9rieures \u00e0 16.2.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-4998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4998"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0761",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eGitLab CE\net Gitlab EE\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans GitLab CE et Gitlab EE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab security-release-gitlab-16-3-4-released du 18 septembre 2023",
"url": "https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/"
}
]
}
CERTFR-2023-AVI-0707
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 16.2.x antérieures à 16.2.5 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 16.1.x antérieures à 16.1.5 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 16.3.x antérieures à 16.3.1 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 16.1.x antérieures à 16.1.5 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 16.2.x antérieures à 16.2.5 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 16.3.x antérieures à 16.3.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Enterprise Edition (EE) versions 16.2.x ant\u00e9rieures \u00e0 16.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 16.2.x ant\u00e9rieures \u00e0 16.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 16.3.x ant\u00e9rieures \u00e0 16.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4378"
},
{
"name": "CVE-2023-4018",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4018"
},
{
"name": "CVE-2023-3205",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3205"
},
{
"name": "CVE-2023-1279",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1279"
},
{
"name": "CVE-2022-4343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4343"
},
{
"name": "CVE-2023-3950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3950"
},
{
"name": "CVE-2023-1555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1555"
},
{
"name": "CVE-2023-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0120"
},
{
"name": "CVE-2022-4365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4365"
},
{
"name": "CVE-2023-4630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4630"
},
{
"name": "CVE-2023-3915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3915"
},
{
"name": "CVE-2023-4638",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4638"
},
{
"name": "CVE-2023-4647",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4647"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 GitLab\u00a0security-release-gitlab-16-3-1-released du 31 ao\u00fbt 2023",
"url": "https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/"
}
],
"reference": "CERTFR-2023-AVI-0707",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab security-release-gitlab-16-3-1-released du 31 ao\u00fbt 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0610
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x antérieures à 16.2.2 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.0.x antérieures à 16.0.8 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x antérieures à 16.1.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.2.x ant\u00e9rieures \u00e0 16.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.0.x ant\u00e9rieures \u00e0 16.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3994",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3994"
},
{
"name": "CVE-2023-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4008"
},
{
"name": "CVE-2023-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4002"
},
{
"name": "CVE-2023-3385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3385"
},
{
"name": "CVE-2023-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3401"
},
{
"name": "CVE-2023-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2164"
},
{
"name": "CVE-2023-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1210"
},
{
"name": "CVE-2023-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2022"
},
{
"name": "CVE-2023-3364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3364"
},
{
"name": "CVE-2023-4011",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4011"
},
{
"name": "CVE-2023-0632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0632"
},
{
"name": "CVE-2023-3500",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3500"
},
{
"name": "CVE-2023-3900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3900"
},
{
"name": "CVE-2023-3993",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3993"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0610",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 01 ao\u00fbt 2023",
"url": "https://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/"
}
]
}
CERTFR-2023-AVI-0511
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans GitLab Enterprise Edition (EE). Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Enterprise Edition versions 16.0.x ant\u00e9rieures \u00e0 16.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition versions post\u00e9rieures \u00e0 12.8 et ant\u00e9rieures \u00e0 15.11.11",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition versions 16.1.x ant\u00e9rieures \u00e0 16.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3484"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0511",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eGitLab\nEnterprise Edition (EE)\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits GitLab Enterprise Edition",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 05 juillet 2023",
"url": "https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/"
}
]
}
CERTFR-2023-AVI-0501
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x antérieures à 16.1.1 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.0.x antérieures à 16.0.6 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 15.11.10 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.1.x ant\u00e9rieures \u00e0 16.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.0.x ant\u00e9rieures \u00e0 16.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 15.11.10",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0838"
},
{
"name": "CVE-2023-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3424"
},
{
"name": "CVE-2023-3444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3444"
},
{
"name": "CVE-2023-3363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3363"
},
{
"name": "CVE-2023-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1936"
},
{
"name": "CVE-2023-3362",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3362"
},
{
"name": "CVE-2023-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3102"
},
{
"name": "CVE-2023-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2200"
},
{
"name": "CVE-2023-2190",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2190"
},
{
"name": "CVE-2023-2576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2576"
},
{
"name": "CVE-2023-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2620"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0501",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 29 juin 2023",
"url": "https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/"
}
]
}
CERTFR-2023-AVI-0436
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une injection de code indirecte à distance (XSS), une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 15.11.x antérieures à 15.11.7 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 1.2.x à 15.10.x antérieures à 15.10.8 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 15.11.x antérieures à 15.11.7 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 1.2.x à 15.10.x antérieures à 15.10.8 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 16.0.x antérieures à 16.0.2 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 16.0.x antérieures à 16.0.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Enterprise Edition (EE) versions 15.11.x ant\u00e9rieures \u00e0 15.11.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 1.2.x \u00e0 15.10.x ant\u00e9rieures \u00e0 15.10.8",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 15.11.x ant\u00e9rieures \u00e0 15.11.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 1.2.x \u00e0 15.10.x ant\u00e9rieures \u00e0 15.10.8",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 16.0.x ant\u00e9rieures \u00e0 16.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 16.0.x ant\u00e9rieures \u00e0 16.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1204",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1204"
},
{
"name": "CVE-2023-2132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2132"
},
{
"name": "CVE-2023-2199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2199"
},
{
"name": "CVE-2023-2013",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2013"
},
{
"name": "CVE-2023-2015",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2015"
},
{
"name": "CVE-2023-2198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2198"
},
{
"name": "CVE-2023-0508",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0508"
},
{
"name": "CVE-2023-1825",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1825"
},
{
"name": "CVE-2023-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2001"
},
{
"name": "CVE-2023-2485",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2485"
},
{
"name": "CVE-2023-0121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0121"
},
{
"name": "CVE-2023-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2589"
},
{
"name": "CVE-2023-2442",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2442"
},
{
"name": "CVE-2023-0921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0921"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0436",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une injection de\ncode indirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 05 juin 2023",
"url": "https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/"
}
]
}
CERTFR-2023-AVI-0406
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans GitLab. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 16.0.x ant\u00e9rieures \u00e0 16.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2825"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0406",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 23 mai 2023",
"url": "https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/"
}
]
}
CERTFR-2023-AVI-0376
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans GitLab. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab versions 15.10.x ant\u00e9rieures \u00e0 15.10.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab versions 15.11.x ant\u00e9rieures \u00e0 15.11.3",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab versions 15.9.x ant\u00e9rieures \u00e0 15.9.8",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2181"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 GitLab\u00a015-11-3 du 10 mai 2023",
"url": "https://about.gitlab.com/releases/2023/05/10/security-release-gitlab-15-11-3-released/"
}
],
"reference": "CERTFR-2023-AVI-0376",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab 15-11-3 du 10 mai 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0361
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans GitLab. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) versions 15.11 antérieures à 15.11.2 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 15.10 antérieures à 15.10.6 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 15.4.x à 15.9.x antérieures à 15.9.7 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 15.11 antérieures à 15.11.2 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 15.4.x à 15.9.x antérieures à 15.9.7 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 15.10 antérieures à 15.10.6 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) versions 15.11 ant\u00e9rieures \u00e0 15.11.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 15.10 ant\u00e9rieures \u00e0 15.10.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 15.4.x \u00e0 15.9.x ant\u00e9rieures \u00e0 15.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 15.11 ant\u00e9rieures \u00e0 15.11.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 15.4.x \u00e0 15.9.x ant\u00e9rieures \u00e0 15.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 15.10 ant\u00e9rieures \u00e0 15.10.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2478"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0361",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab critical-security-release-gitlab-15-11-2-released du 05 mai 2023",
"url": "https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/"
}
]
}
CERTFR-2023-AVI-0351
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) and Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 15.11.1, 15.10.5 et 15.9.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0805",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0805"
},
{
"name": "CVE-2023-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1836"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-1410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1410"
},
{
"name": "CVE-2022-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4376"
},
{
"name": "CVE-2023-1178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1178"
},
{
"name": "CVE-2023-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1965"
},
{
"name": "CVE-2023-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2182"
},
{
"name": "CVE-2023-2069",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2069"
},
{
"name": "CVE-2023-1621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1621"
},
{
"name": "CVE-2023-0756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0756"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0351",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 02 mai 2023",
"url": "https://about.gitlab.com/releases/2023/05/02/security-release-gitlab-15-11-1-released/"
}
]
}
CERTFR-2023-AVI-0275
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité, une injection de code indirecte à distance (XSS), un déni de service à distance et une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.8.x antérieures à 15.8.5 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.9.x antérieures à 15.9.4 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.10.x antérieures à 15.10.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.8.x ant\u00e9rieures \u00e0 15.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.9.x ant\u00e9rieures \u00e0 15.9.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.10.x ant\u00e9rieures \u00e0 15.10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1708"
},
{
"name": "CVE-2023-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0450"
},
{
"name": "CVE-2022-3513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3513"
},
{
"name": "CVE-2023-1417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1417"
},
{
"name": "CVE-2023-0523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0523"
},
{
"name": "CVE-2023-0838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0838"
},
{
"name": "CVE-2023-0485",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0485"
},
{
"name": "CVE-2023-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0319"
},
{
"name": "CVE-2023-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1733"
},
{
"name": "CVE-2023-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0155"
},
{
"name": "CVE-2023-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1098"
},
{
"name": "CVE-2023-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1071"
},
{
"name": "CVE-2023-1710",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1710"
},
{
"name": "CVE-2022-3375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3375"
},
{
"name": "CVE-2023-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1167"
},
{
"name": "CVE-2022-4342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4342"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0275",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9, une injection de code indirecte \u00e0 distance\n(XSS), un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 30 mars 2023",
"url": "https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15-10-1-released/"
}
]
}
CERTFR-2023-AVI-0187
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 15.9.2, 15.8.4 et 15.7.8",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3758"
},
{
"name": "CVE-2022-4007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4007"
},
{
"name": "CVE-2023-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1084"
},
{
"name": "CVE-2022-4289",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4289"
},
{
"name": "CVE-2022-4462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4462"
},
{
"name": "CVE-2022-4331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4331"
},
{
"name": "CVE-2023-0483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0483"
},
{
"name": "CVE-2023-0223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0223"
},
{
"name": "CVE-2023-1072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1072"
},
{
"name": "CVE-2022-3381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3381"
},
{
"name": "CVE-2023-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0050"
}
],
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2023-0050",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0050"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2023-1084",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1084"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2022-4007",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4007"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2023-0223",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0223"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2022-3758",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3758"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2022-4289",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4289"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2022-4331",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4331"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2023-0483",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0483"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2023-1072",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1072"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2022-3381",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3381"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2022-4462",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4462"
}
],
"reference": "CERTFR-2023-AVI-0187",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 02 mars 2023",
"url": "https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/"
}
]
}
CERTFR-2023-AVI-0122
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits GitLab. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.8.x antérieures à 15.8.2 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.7.x antérieures à 15.7.7 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 14.1 à 15.6.x antérieures à 15.6.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.8.x ant\u00e9rieures \u00e0 15.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.7.x ant\u00e9rieures \u00e0 15.7.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 14.1 \u00e0 15.6.x ant\u00e9rieures \u00e0 15.6.8",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-23946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23946"
},
{
"name": "CVE-2023-22490",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22490"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0122",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eGitLab\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 14 f\u00e9vrier 2023",
"url": "https://about.gitlab.com/releases/2023/02/14/critical-security-release-gitlab-15-8-2-released/"
}
]
}
CERTFR-2023-AVI-0078
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 15.8.1, 15.7.6 et 15.6.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0518",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0518"
},
{
"name": "CVE-2022-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4138"
},
{
"name": "CVE-2022-3411",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3411"
},
{
"name": "CVE-2022-3759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3759"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 31 janvier 2023",
"url": "https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/"
}
]
}
CERTFR-2023-AVI-0032
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.6.x antérieures à 15.6.6 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.7.x antérieures à 15.7.5 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.5.x antérieures à 15.5.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.6.x ant\u00e9rieures \u00e0 15.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.7.x ant\u00e9rieures \u00e0 15.7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.5.x ant\u00e9rieures \u00e0 15.5.9",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
},
{
"name": "CVE-2022-41903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0032",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 17 janvier 2023",
"url": "https://about.gitlab.com/releases/2023/01/17/critical-security-release-gitlab-15-7-5-released/"
}
]
}
CERTFR-2023-AVI-0013
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.6.x antérieures à 15.6.4 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions antérieures à 15.5.7 | ||
| GitLab | N/A | GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.7.x antérieures à 15.7.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.6.x ant\u00e9rieures \u00e0 15.6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 15.5.7",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Enterprise Edition (EE) versions 15.7.x ant\u00e9rieures \u00e0 15.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-4167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4167"
},
{
"name": "CVE-2022-3870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3870"
},
{
"name": "CVE-2023-0042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0042"
},
{
"name": "CVE-2022-4037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4037"
},
{
"name": "CVE-2022-4365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4365"
},
{
"name": "CVE-2022-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3573"
},
{
"name": "CVE-2022-3514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3514"
},
{
"name": "CVE-2022-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3613"
},
{
"name": "CVE-2022-4342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4342"
},
{
"name": "CVE-2022-4131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4131"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0013",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 09 janvier 2023",
"url": "https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/"
}
]
}
CERTFR-2022-AVI-1067
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | N/A | GitLab Community Edition (CE) versions 15.6.x antérieures à 15.6.1 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 15.4.x antérieures à 15.4.6 | ||
| GitLab | N/A | GitLab Community Edition (CE) versions 15.5.x antérieures à 15.5.5 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 15.4.x antérieures à 15.4.6 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 15.5.x antérieures à 15.5.5 | ||
| GitLab | N/A | GitLab Enterprise Edition (EE) versions 15.6.x antérieures à 15.6.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) versions 15.6.x ant\u00e9rieures \u00e0 15.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 15.4.x ant\u00e9rieures \u00e0 15.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) versions 15.5.x ant\u00e9rieures \u00e0 15.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 15.4.x ant\u00e9rieures \u00e0 15.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 15.5.x ant\u00e9rieures \u00e0 15.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Enterprise Edition (EE) versions 15.6.x ant\u00e9rieures \u00e0 15.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3820"
},
{
"name": "CVE-2022-4205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4205"
},
{
"name": "CVE-2022-3478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3478"
},
{
"name": "CVE-2022-3740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3740"
},
{
"name": "CVE-2022-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4206"
},
{
"name": "CVE-2022-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3572"
},
{
"name": "CVE-2022-3482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3482"
},
{
"name": "CVE-2022-4054",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4054"
},
{
"name": "CVE-2022-4201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4201"
},
{
"name": "CVE-2022-3902",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3902"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1067",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GitLab du 30 novembre 2022",
"url": "https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/"
}
]
}