gitlab.eclipse.org
Open in
urlscan Pro
141.94.179.217
Public Scan
URL:
https://gitlab.eclipse.org/security/cve-assignement/-/issues/25
Submission: On October 23 via api from RU — Scanned from FR
Submission: On October 23 via api from RU — Scanned from FR
Form analysis 2 forms found in the DOM
POST /security/cve-assignement/-/issues/25.json
<form class="issuable-context-form inline-update js-issuable-update " action="/security/cve-assignement/-/issues/25.json" accept-charset="UTF-8" data-remote="true" method="post">
<div class="block assignee gl-mt-3" data-testid="assignee-block-container">
<div data-testid="assignees-widget"><!---->
<div>
<div class="gl-display-flex gl-align-items-center gl-leading-20 gl-text-gray-900 gl-font-bold"><span data-testid="title" class="hide-collapsed"> Personne assignée </span> <!----> <!----> <!----></div>
<div data-testid="collapsed-content">
<div title="Jesse McConnell" class="sidebar-collapsed-icon sidebar-collapsed-user"><!----> <button type="button" class="btn gl-bg-transparent! btn-link btn-md gl-button"><!----> <!----> <span class="gl-button-text"><span
class="position-relative"><img alt="Avatar de Jesse McConnell" src="https://secure.gravatar.com/avatar/ebadbf0ac8e0fb07434a836a2a5b3c4de4ee05f8d029b31bb714f4812ebcb8b7?s=80&d=identicon" width="24" data-testid="avatar-image"
class="avatar avatar-inline m-0 s24"> <!----></span> <span class="author"><span>Jesse McConnell</span><!----></span></span></button> <!----></div>
<div class="gl-display-flex gl-flex-direction-column issuable-assignees">
<div class="gl-text-gray-800 hide-collapsed gl-pt-2">
<div class="gl-display-flex gl-flex-wrap">
<div class="assignee-grid gl-display-grid gl-align-items-center gl-w-full">
<a data-user-id="170" data-username="jmcconnell" data-placement="left" href="https://gitlab.eclipse.org/jmcconnell" class="gl-link gl-inline-block js-user-link gl-break-anywhere" data-css-area="user"><span class="gl-flex"><span class="position-relative"><img alt="Avatar de Jesse McConnell" src="https://secure.gravatar.com/avatar/ebadbf0ac8e0fb07434a836a2a5b3c4de4ee05f8d029b31bb714f4812ebcb8b7?s=80&d=identicon" width="24" data-testid="avatar-image" class="avatar avatar-inline m-0 s24"> <!----></span> <div data-testid="username" class="gl-ml-3 gl-leading-normal gl-display-grid gl-align-items-center"><span class=""><span>Jesse McConnell</span><!----></span></div></span></a>
</div>
</div> <!---->
</div>
</div>
</div>
<div data-testid="expanded-content" class="gl-mt-3" style="display: none;">
<div class="dropdown b-dropdown gl-dropdown gl-w-full dropdown-menu-user -gl-mt-3 btn-group" id="__BVID__557"><!----><button aria-haspopup="menu" aria-expanded="false" type="button"
class="btn dropdown-toggle btn-default btn-md gl-button gl-dropdown-toggle" id="__BVID__557__BV_toggle_"><!----> <!----> <span class="gl-dropdown-button-text">Assignés</span> <svg data-testid="chevron-down-icon" role="img"
aria-hidden="true" class="gl-button-icon dropdown-chevron gl-icon s16 gl-fill-current">
<use href="/assets/icons-ffa14d1d14478de17bd5c7220bf466194ad3bc99589858dae76a86bc89017324.svg#chevron-down"></use>
</svg></button>
<ul role="menu" tabindex="-1" class="dropdown-menu" aria-labelledby="__BVID__557__BV_toggle_">
<div class="gl-dropdown-inner">
<div class="gl-dropdown-header gl-border-b-0!"><!---->
<p class="gl-font-bold gl-text-center gl-mt-2 gl-mb-4">Sélectionner des personnes assignées</p>
<li role="presentation" class="gl-dropdown-divider">
<hr role="separator" aria-orientation="horizontal" class="dropdown-divider">
</li>
<div class="gl-search-box-by-type"><svg data-testid="search-icon" role="img" aria-hidden="true" class="gl-search-box-by-type-search-icon gl-icon s16 gl-fill-current">
<use href="/assets/icons-ffa14d1d14478de17bd5c7220bf466194ad3bc99589858dae76a86bc89017324.svg#search"></use>
</svg> <input type="search" placeholder="Rechercher" class="gl-form-input form-control gl-search-box-by-type-input" data-testid="user-search-input" aria-label="Rechercher" id="__BVID__563"> <!----></div>
</div> <!---->
<div class="gl-dropdown-contents"><!---->
<li role="presentation" class="gl-relative gl-min-h-7"></li>
<li role="presentation" class="gl-dropdown-item"><button data-testid="unassign" role="menuitem" type="button" class="dropdown-item"><!----> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"><span class="gl-font-bold gl-pl-6">Non assigné</span></p> <!---->
</div> <!---->
</button></li>
<li role="presentation" class="gl-dropdown-divider">
<hr role="separator" aria-orientation="horizontal" class="dropdown-divider">
</li>
<li role="presentation" class="gl-dropdown-item"><button title="" boundary="viewport" data-testid="selected-participant" role="menuitem" type="button" class="dropdown-item"><svg data-testid="dropdown-item-checkbox" role="img"
aria-hidden="true" class="gl-icon s16 gl-fill-current gl-dropdown-item-check-icon">
<use href="/assets/icons-ffa14d1d14478de17bd5c7220bf466194ad3bc99589858dae76a86bc89017324.svg#mobile-issue-close"></use>
</svg> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="gl-avatar-labeled gl-align-items-center gl-relative sidebar-participant" size="32" src="https://secure.gravatar.com/avatar/ebadbf0ac8e0fb07434a836a2a5b3c4de4ee05f8d029b31bb714f4812ebcb8b7?s=80&d=identicon"><img
src="https://secure.gravatar.com/avatar/ebadbf0ac8e0fb07434a836a2a5b3c4de4ee05f8d029b31bb714f4812ebcb8b7?s=80&d=identicon" alt="" class="gl-avatar gl-avatar-circle gl-avatar-s32">
<div class="gl-avatar-labeled-labels gl-text-left!">
<div class="gl-display-flex gl-flex-wrap gl-align-items-center gl-text-left! gl-mx-n1 gl-my-n1"><span class="gl-avatar-labeled-label">Jesse McConnell</span> <!----> <!----></div> <span
class="gl-avatar-labeled-sublabel">@jmcconnell</span>
</div>
</div>
<p></p> <!---->
</div> <!---->
</button></li> <!---->
<li role="presentation" class="gl-dropdown-item"><button data-testid="issuable-author" role="menuitem" type="button" class="dropdown-item"><!----> <!----> <!---->
<div class="gl-dropdown-item-text-wrapper">
<p class="gl-dropdown-item-text-primary"></p>
<div class="gl-avatar-labeled gl-align-items-center gl-relative sidebar-participant gl-pl-6!" size="32"
src="https://secure.gravatar.com/avatar/5cc952a594c60b65e2fd1303c0dbb6562204bbca960d5c14ca777185da22583d?s=80&d=identicon"><img
src="https://secure.gravatar.com/avatar/5cc952a594c60b65e2fd1303c0dbb6562204bbca960d5c14ca777185da22583d?s=80&d=identicon" alt="" class="gl-avatar gl-avatar-circle gl-avatar-s32">
<div class="gl-avatar-labeled-labels gl-text-left!">
<div class="gl-display-flex gl-flex-wrap gl-align-items-center gl-text-left! gl-mx-n1 gl-my-n1"><span class="gl-avatar-labeled-label">Joakim Erdfelt</span> <!----> <!----></div> <span
class="gl-avatar-labeled-sublabel">@jerdfelt</span>
</div>
</div>
<p></p> <!---->
</div> <!---->
</button></li> <!---->
</div> <!---->
</div>
</ul>
</div>
</div>
</div>
</div>
</div>
</form><form class="">
<div role="group" class="form-group gl-form-group" id="__BVID__315">
<div><label for="weight-input" class="sr-only" id="__BVID__315__BV_label_"> Poids <!----> <!----></label></div>
<div><input id="weight-input" type="number" placeholder="Saisissez un nombre" min="0" class="gl-form-input form-control"><!----><!----><!----></div>
</div>
</form>Text Content
Skip to content
GitLab
* Explorer
* Connexion
NAVIGATION PRINCIPALE
Rechercher ou aller à…
Projet
* C
cve-assignement
* Gestion
* Activité
* Membres
* Labels
* Programmation
* Tickets
0
* Tableaux des tickets
* Jalons
* Itérations
* Déploiement
* Registre de modèles
* Analyse
* Expériences du modèle
Aide
* * Aide
* Support
* Documentation de GitLab
* Comparer les forfaits GitLab
* Forum de la communauté
* Contribuer à GitLab
* Donner votre avis
* * Raccourcis clavier ?
Extraits de code Groupes Projets
1. Eclipse Projects Security
2. cve-assignement
3. Tickets
4. #25
[JETTY] URI PARSING OF INVALID AUTHORITY
Actions de Ticket
* Nouveau ticket lié
* Copier la référence
Actions de Ticket
Copier la référence
--------------------------------------------------------------------------------
Fermé Ticket créé il y a 3 mois par Joakim Erdfelt @jerdfelt
The Eclipse Foundation is a Common Vulnerabilities and Exposures (CVE) Numbering
Authority. This issue it used to request and track the progress of the
assignment of a CVE for a vulnerability in the project code for an Eclipse open
source project.
BASIC INFORMATION
Project name: jetty
Project id: rt/jetty
Request type: reservation
Versions affected:
org.eclipse.jetty:jetty-http : >=7.0.0, <=12.0.11
Common Weakness Enumeration:
* CWE-1286 - Improper Validation of Syntactic Correctness of Input
Common Vulnerability Scoring System:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary:
The Jetty HttpURI class does insufficient validation on the authority segment of
a URI, resulting in bad Host name identification.
Links:
https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh
TRACKING
This section will completed by the project team.
* Reserve an entry only
* We're ready for this issue to be reported to the central authority (i.e.,
make this public now)
* (when applicable) The GitHub Security Advisory is ready to be published now
Note that for those projects that host their repositories on GitHub, the use of
GitHub Security Advisories is recommended but is not required.
This section will be completed by the EMO.
CVE: {cve}
* All required information is provided
* CVE Assigned
* Pushed to Mitre
* Accepted by Mitre
1 éléments de la liste de contrôle sur 7 terminés
👍 0 👎 0
Pour téléverser des designs, il est nécessaire d'activer LFS et que
l'administrateur ait activé le stockage haché. En savoir plus
ÉLÉMENTS ENFANTS
0
Afficher les labels
Aucun élément enfant n'est actuellement assigné. Utilisez des éléments enfants
pour diviser ce ticket en parties plus petites.
ÉLÉMENTS LIÉS
0
Reliez des issues pour mettre en évidence leur relation ou le fait que l'un
d'eux bloque les autres. En savoir plus.
ACTIVITÉ
Trier ou filtrer
* * Plus récent en premier
* Plus ancien en premier
* * Afficher toute l'activité
* Afficher uniquement les commentaires
* Afficher uniquement l'historique
* Joakim Erdfelt @jerdfelt · il y a 3 mois
Auteur
CC: @jmcconnell
* Marta Rybczynska made the issue visible to everyone il y a 3 mois
made the issue visible to everyone
* Marta Rybczynska assigned to @jmcconnell il y a 3 mois
assigned to @jmcconnell
* Marta Rybczynska made the issue confidential il y a 3 mois
made the issue confidential
* * Marta Rybczynska @mrybczyn · il y a 3 mois
Maintainer
The reserved CVE is CVE-2024-6763
@jerdfelt @jmcconnell it is reserved only, so please do not use it in any
public resources until you ask to publish it.
* Réduire les réponses
* Joakim Erdfelt @jerdfelt · il y a 3 mois
Auteur
I was only going to add the CVE ID to the github advisory.
For this advisory, we are waiting on a browser advisory (Google Chrome)
before publishing. No idea how long that will take.
Once that browser advisory exists (in a public way), we we evaluate what
we can say for publishing this one.
* Marta Rybczynska @mrybczyn · il y a 3 mois
Maintainer
Also, I've updated the advisory so that both stay in sync (up to you to
decide who does that from the next one)
Understood that we're waiting in a coordinated disclosure.
👍 1
* Veuillez vous inscrire ou vous connecter pour répondre
* Mikaël Barbero added cveassigned label il y a 2 mois
added cveassigned label
* Joakim Erdfelt mentioned in issue #39 (closed) il y a une semaine
mentioned in issue #39 (closed)
* Thomas Neidhart @netomi · il y a une semaine
Developer
Prepared CVE entry:
Modifié il y a une semaine par Thomas Neidhart
👍 1
* Thomas Neidhart added cvepublished label and removed cvereserved label il y a
une semaine
added cvepublished label and removed cvereserved label
* Thomas Neidhart @netomi · il y a une semaine
Developer
The CVE has been published, removing confidentiality from the ticket.
* Thomas Neidhart closed il y a une semaine
closed
* Thomas Neidhart made the issue visible to everyone il y a une semaine
made the issue visible to everyone
Veuillez vous inscrire ou vous connecter pour répondre
Personne assignée
Jesse McConnell
Jesse McConnell
Assignés
Sélectionner des personnes assignées
--------------------------------------------------------------------------------
Non assigné
--------------------------------------------------------------------------------
Jesse McConnell
@jmcconnell
Joakim Erdfelt
@jerdfelt
Épopée
Aucun(e)
Aucun(e)
Épopée
Labels
1
cve published
1
cve published
cve::published
Sélectionner des labels
Aucun résultat correspondant
Gérer les labels de projet
Jalon
Aucun(e)
Aucun(e)
Jalon
Itération
Aucun(e)
Aucun(e)
Itération
Poids
Aucun(e)
Aucun(e)
Poids
Date d'échéance
Aucun(e)
Aucun(e)
Aucun(e)
Suivi du temps
Aucune estimation ou décompte de temps
État de santé
Aucun
Aucun
Aucun état
Sélectionner les indicateurs de progression
*
* Aucun état
* État de santé
* En bonne voie
* Attention requise
* À risque
Confidentialité
Non confidentiel
Non confidentiel
Vous allez activer la confidentialité. Seuls les membres du projet avec au moins
le rôle de rapporteur, l'auteur et les personnes assignées peuvent voir ce
ticket ou recevoir une notification à ce sujet.
Annuler Activer
4
4 participants
Copyright © Eclipse Foundation, Inc. All Rights Reserved. Privacy Policy |
Terms of Use | Copyright Agent