Update 20240614071619

data/elasticsearch/BIT-elasticsearch-2024-23445.json

@@ -0,0 +1,50 @@
+{
+  "schema_version": "1.5.0",
+  "id": "BIT-elasticsearch-2024-23445",
+  "details": "It was identified that if a  cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body  restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned.This issue only affects the  API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models  that was previously a beta feature and is released as GA with 8.14.0",
+  "aliases": [
+    "CVE-2024-23445"
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Bitnami",
+        "name": "elasticsearch",
+        "purl": "pkg:bitnami/elasticsearch"
+      },
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+        }
+      ],
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "8.10.0"
+            },
+            {
+              "fixed": "8.14.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "database_specific": {
+    "severity": "Medium",
+    "cpes": [
+      "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*"
+    ]
+  },
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-13/360898"
+    }
+  ],
+  "published": "2024-06-14T07:18:58.886Z",
+  "modified": "2024-06-14T07:57:17.947Z"
+}

data/gitlab/BIT-gitlab-2023-6371.json

@@ -49,7 +49,8 @@
     "severity": "High",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -63,5 +64,5 @@
     }
   ],
   "published": "2024-04-03T10:54:37.708Z",
-  "modified": "2024-05-24T07:53:33.063Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2023-6489.json

@@ -49,7 +49,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -63,5 +64,5 @@
     }
   ],
   "published": "2024-04-16T07:23:13.267Z",
-  "modified": "2024-04-16T07:51:01.692Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2023-6502.json

@@ -49,7 +49,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -63,5 +64,5 @@
     }
   ],
   "published": "2024-05-29T07:32:46.972Z",
-  "modified": "2024-05-29T07:52:43.862Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2023-6678.json

@@ -49,7 +49,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -63,5 +64,5 @@
     }
   ],
   "published": "2024-04-16T07:22:40.787Z",
-  "modified": "2024-05-24T07:53:33.063Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2023-6682.json

@@ -49,7 +49,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -63,5 +64,5 @@
     }
   ],
   "published": "2024-05-24T07:29:06.845Z",
-  "modified": "2024-05-24T07:53:33.063Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2023-6688.json

@@ -37,7 +37,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -51,5 +52,5 @@
     }
   ],
   "published": "2024-05-24T07:28:37.252Z",
-  "modified": "2024-05-24T07:53:33.063Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2023-7045.json

@@ -49,7 +49,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -63,5 +64,5 @@
     }
   ],
   "published": "2024-05-29T07:29:24.176Z",
-  "modified": "2024-05-29T07:52:43.862Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2024-0199.json

@@ -49,7 +49,8 @@
     "severity": "High",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -67,5 +68,5 @@
     }
   ],
   "published": "2024-03-12T08:25:54.981Z",
-  "modified": "2024-03-12T08:58:38.758Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2024-1299.json

@@ -43,7 +43,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -61,5 +62,5 @@
     }
   ],
   "published": "2024-03-12T08:24:19.293Z",
-  "modified": "2024-03-12T08:58:38.758Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2024-1347.json

@@ -49,7 +49,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -63,5 +64,5 @@
     }
   ],
   "published": "2024-04-27T07:22:08.128Z",
-  "modified": "2024-05-24T07:53:33.063Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }

data/gitlab/BIT-gitlab-2024-1495.json

@@ -0,0 +1,70 @@
+{
+  "schema_version": "1.5.0",
+  "id": "BIT-gitlab-2024-1495",
+  "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file.",
+  "aliases": [
+    "CVE-2024-1495"
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Bitnami",
+        "name": "gitlab",
+        "purl": "pkg:bitnami/gitlab"
+      },
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+        }
+      ],
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "13.1.0"
+            },
+            {
+              "fixed": "16.10.7"
+            },
+            {
+              "introduced": "16.11.0"
+            },
+            {
+              "fixed": "16.11.4"
+            },
+            {
+              "introduced": "17.0.0"
+            },
+            {
+              "fixed": "17.0.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "database_specific": {
+    "severity": "Medium",
+    "cpes": [
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
+    ]
+  },
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/441807"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hackerone.com/reports/2359528"
+    }
+  ],
+  "published": "2024-06-14T07:24:51.183Z",
+  "modified": "2024-06-14T07:57:17.947Z"
+}

data/gitlab/BIT-gitlab-2024-1736.json

@@ -0,0 +1,70 @@
+{
+  "schema_version": "1.5.0",
+  "id": "BIT-gitlab-2024-1736",
+  "details": "An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration files.",
+  "aliases": [
+    "CVE-2024-1736"
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Bitnami",
+        "name": "gitlab",
+        "purl": "pkg:bitnami/gitlab"
+      },
+      "severity": [
+        {
+          "type": "CVSS_V3",
+          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+        }
+      ],
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "15.8.0"
+            },
+            {
+              "fixed": "16.10.7"
+            },
+            {
+              "introduced": "16.11.0"
+            },
+            {
+              "fixed": "16.11.4"
+            },
+            {
+              "introduced": "17.0.0"
+            },
+            {
+              "fixed": "17.0.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "database_specific": {
+    "severity": "Medium",
+    "cpes": [
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
+    ]
+  },
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-ci-interpolation-fix-bypass"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/442695"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hackerone.com/reports/2358689"
+    }
+  ],
+  "published": "2024-06-14T07:24:18.283Z",
+  "modified": "2024-06-14T07:57:17.947Z"
+}

data/gitlab/BIT-gitlab-2024-1947.json

@@ -49,7 +49,8 @@
     "severity": "Medium",
     "cpes": [
       "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:community:*:*",
-      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*"
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:enterprise:*:*",
+      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
     ]
   },
   "references": [
@@ -63,5 +64,5 @@
     }
   ],
   "published": "2024-05-29T07:25:38.659Z",
-  "modified": "2024-05-29T07:52:43.862Z"
+  "modified": "2024-06-14T07:57:17.947Z"
 }