jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-30 03:01:36 -05:00
Code Issues Projects Releases Wiki Activity

Add CVE-2022-23738 to patch notes (#32151)

Browse Source 
Co-authored-by: Laura Coursen <lecoursen@github.com>
This commit is contained in:
Mike Bailey
2022-10-28 15:26:55 -04:00
committed by GitHub
parent a7e096504a
commit a0ad3bfe2a
5 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
data/release-notes/enterprise-server/3-2/20.yml
View File

@@ -3,6 +3,8 @@ sections:
security_fixes:
- |
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
- |
**HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738).
- |
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
- |

2
data/release-notes/enterprise-server/3-3/15.yml
View File

@@ -3,6 +3,8 @@ sections:
security_fixes:
- |
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
- |
**HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738).
- |
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
- |

2
data/release-notes/enterprise-server/3-4/10.yml
View File

@@ -3,6 +3,8 @@ sections:
security_fixes:
- |
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
- |
**HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738).
- |
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
- |

2
data/release-notes/enterprise-server/3-5/7.yml
View File

@@ -3,6 +3,8 @@ sections:
security_fixes:
- |
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
- |
**HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738).
- |
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
- |

2
data/release-notes/enterprise-server/3-6/3.yml
View File

@@ -3,6 +3,8 @@ sections:
security_fixes:
- |
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
- |
**HIGH**: Added checks to address an improper cache key vulnerability that allowed an unauthorized actor to access private repository files through a public repository. This vulnerability has been assigned [CVE-2022-23738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23738).
- |
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
- |