Linux Distros Unpatched Vulnerability : CVE-2021-22217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumpti...

XWiki Cross-Site Request Forgery (CSRF) for actions on tags

Impact It's possible to perform a CSRF attack for adding or removing tags on XWiki pages. Patches The problem has been patched in XWiki 13.10.5 and 14.3. Workarounds It's possible to fix the issue without upgrading by locally modifying the documentTags.vm template in your filesystem, to apply the...

XWiki 2.2 < 13.10.6, 14.0 < 14.3 XSS Vulnerability (GHSA-gjmq-x5x7-wc36)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki < 13.10.5, < 14.3 Improper Authorization Vulnerability (GHSA-jgc8-gvcx-9vfx)

Xwiki is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2022-36095

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery CSRF attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the...

CVE-2022-36095 XWiki Cross-Site Request Forgery (CSRF) for actions on tags

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery CSRF attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the...

CVE-2022-36095 XWiki Cross-Site Request Forgery (CSRF) for actions on tags

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery CSRF attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the...

CVE-2022-36095

CVE-2022-36095 : XWiki Platform is vulnerable to a Cross-Site Request Forgery (CSRF) for adding or removing tags on pages. Affected releases are before versions 13.10.5 and 14.3 . The issue is fixed in those versions. As a workaround, users can locally modify the template involved (documentTags.v...

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from XWiki France. A security vulnerability exists in XWiki Platform versions prior to 13.10.5, prior to 14.3RC1, which stems from an incorrect authorization check...

XWiki Platform 跨站请求伪造漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A cross-site request forgery vulnerability exists in XWiki Platform versions prior to 13.10.5 and prior to 14.3, which stems from the ability to perform a cross-site request...

CVE-2021-22218

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...

PT-2021-4089 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.9.0 through 13.10.5 GitLab versions 13.11.0 through 13.11.5 GitLab versions 13.12.0 through 13.12.2 Description: The issue is related to insufficient expired password validation in various operations, allowing a user to...

PT-2021-4085 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 13.12.2 GitLab CE/EE versions prior to 13.11.5 GitLab CE/EE versions prior to 13.10.5 Description: A denial of service issue allows an attacker to cause uncontrolled resource consumption with a specially crafted...