13 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-1347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from...
Linux Distros Unpatched Vulnerability : CVE-2024-2829
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all...
GitLab CE/EE 资源管理错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. A resource management error vulnerability exists in GitLab CE/EE. An attacker could u...
BIT-GITLAB-2024-1347 Authentication Bypass by Spoofing in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restriction...
BIT-GITLAB-2024-4024 Authentication Bypass by Assumed-Immutable Data in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or to bypass security measures to gain access to sensitive data or, under specific circumstances, to take over an account ta...
CVE-2024-4006
CVE-2024-4006 affects GitLab CE/EE: personal access scopes were not honored by GraphQL subscriptions, exposing authorization checks to GraphQL-based access. Affected versions are 16.7 up to 16.9.6 (pre-16.9.6), 16.10 up to 16.10.4 (pre-16.10.4), and 16.11 up to 16.11.1 (pre-16.11.1). The issue ha...
CVE-2024-2434
An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read...
CVE-2024-1347
CVE-2024-1347 affects GitLab CE/EE: all versions before 16.9.6, and 16.10 before 16.10.4, and 16.11 before 16.11.1. Under certain conditions, an attacker can bypass domain-based restrictions using a crafted email address. Root cause: insufficient validation of email-based domain restrictions as d...
CVE-2024-2829
CVE-2024-2829 affects GitLab CE/EE: 12.5–16.9.6 (before 16.9.6), 16.10 before 16.10.4, and 16.11 before 16.11.1. Root cause: crafted wildcard filter in FileFinder can cause denial of service. Remediation per advisories: update to fixed releases (16.9.6, 16.10.4, 16.11.1 or newer) as noted by NCSC...
PT-2024-5143 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 16.9.6 GitLab CE/EE versions 16.10 through 16.10.3 GitLab CE/EE versions 16.11 through 16.11.0 Description: The issue is related to insufficient access control in the Email Address Handler component of GitLab,...
PT-2023-2222 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches versions prior to 16.11.1 Description: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker...
Vulnerabilities fixed in Node.js
Vulnerabilities have been fixed in Node.js. The vulnerabilities potentially allow a remote malicious party to launch an HTTP request smuggling attack. Such an attack could lead to unauthorized access to systems. Possible consequential damages may include gaining access to information or performin...