From 18ba2e54b43374fe500c88c727ed73b215857757 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Thu, 30 Jan 2025 23:51:21 +0000 Subject: [PATCH] 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2023-6195 - 0 updated CVEs: --- cves/2023/6xxx/CVE-2023-6195.json | 129 ++++++++++++++++++++++++++++++ cves/delta.json | 24 ++---- cves/deltaLog.json | 14 ++++ 3 files changed, 149 insertions(+), 18 deletions(-) create mode 100644 cves/2023/6xxx/CVE-2023-6195.json diff --git a/cves/2023/6xxx/CVE-2023-6195.json b/cves/2023/6xxx/CVE-2023-6195.json new file mode 100644 index 000000000000..731076b39912 --- /dev/null +++ b/cves/2023/6xxx/CVE-2023-6195.json @@ -0,0 +1,129 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2023-6195", + "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", + "state": "PUBLISHED", + "assignerShortName": "GitLab", + "dateReserved": "2023-11-17T20:01:11.807Z", + "datePublished": "2025-01-30T23:45:10.780Z", + "dateUpdated": "2025-01-30T23:45:10.780Z" + }, + "containers": { + "cna": { + "title": "Server-Side Request Forgery (SSRF) in GitLab", + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository." + } + ], + "affected": [ + { + "vendor": "GitLab", + "product": "GitLab", + "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", + "cpes": [ + "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" + ], + "versions": [ + { + "version": "15.5", + "status": "affected", + "lessThan": "16.9.7", + "versionType": "semver" + }, + { + "version": "16.10", + "status": "affected", + "lessThan": "16.10.5", + "versionType": "semver" + }, + { + "version": "16.11", + "status": "affected", + "lessThan": "16.11.2", + "versionType": "semver" + } + ], + "defaultStatus": "unaffected" + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "lang": "en", + "description": "CWE-918: Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918", + "type": "CWE" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/432276", + "name": "GitLab Issue #432276", + "tags": [ + "issue-tracking", + "permissions-required" + ] + }, + { + "url": "https://hackerone.com/reports/2249268", + "name": "HackerOne Bug Bounty Report #2249268", + "tags": [ + "technical-description", + "exploit", + "permissions-required" + ] + } + ], + "metrics": [ + { + "format": "CVSS", + "scenarios": [ + { + "lang": "en", + "value": "GENERAL" + } + ], + "cvssV3_1": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.6, + "baseSeverity": "LOW" + } + } + ], + "solutions": [ + { + "lang": "en", + "value": "Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above." + } + ], + "credits": [ + { + "lang": "en", + "value": "Thanks [imrerad](https://hackerone.com/imrerad) for reporting this vulnerability through our HackerOne bug bounty program", + "type": "finder" + } + ], + "providerMetadata": { + "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", + "shortName": "GitLab", + "dateUpdated": "2025-01-30T23:45:10.780Z" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index feb7484e46bd..b58706fe3ad9 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,24 +1,12 @@ { - "fetchTime": "2025-01-30T23:45:06.311Z", - "numberOfChanges": 3, + "fetchTime": "2025-01-30T23:51:04.613Z", + "numberOfChanges": 1, "new": [ { - "cveId": "CVE-2024-1211", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1211", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1211.json", - "dateUpdated": "2025-01-30T23:45:00.772Z" - }, - { - "cveId": "CVE-2024-23970", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-23970", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/23xxx/CVE-2024-23970.json", - "dateUpdated": "2025-01-30T23:40:49.963Z" - }, - { - "cveId": "CVE-2024-23971", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-23971", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/23xxx/CVE-2024-23971.json", - "dateUpdated": "2025-01-30T23:42:57.796Z" + "cveId": "CVE-2023-6195", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-6195", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/6xxx/CVE-2023-6195.json", + "dateUpdated": "2025-01-30T23:45:10.780Z" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index db385d9e4d7e..0ccb6301aa26 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,18 @@ [ + { + "fetchTime": "2025-01-30T23:51:04.613Z", + "numberOfChanges": 1, + "new": [ + { + "cveId": "CVE-2023-6195", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-6195", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/6xxx/CVE-2023-6195.json", + "dateUpdated": "2025-01-30T23:45:10.780Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2025-01-30T23:45:06.311Z", "numberOfChanges": 3,