Lucene search
K

86 matches found

Cvelist
Cvelist
added 2020/09/15 12:34 p.m.21 views

CVE-2020-13307

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access...

3.8CVSS4.8AI score0.01009EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/09/15 12:34 p.m.18 views

CVE-2020-13307

Removed by vendor...

6CVSS5.8AI score0.01009EPSS
Exploits0
CVE
CVE
added 2020/09/15 12:30 p.m.63 views

CVE-2020-13308

GitLab CVE-2020-13308 affects GitLab versions before 13.1.10, 13.2.8, and 13.3.4. A user without two‑factor authentication could be prohibited from accessing GitLab by being invited into a project that uses 2FA inheritance. Remediation is to upgrade to the fixed releases (13.1.10+, 13.2.8+, 13.3....

4CVSS3.8AI score0.01641EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/09/15 12:30 p.m.26 views

CVE-2020-13308

Removed by vendor...

4CVSS5.8AI score0.01641EPSS
Exploits0
NVD
NVD
added 2020/09/14 10:15 p.m.20 views

CVE-2020-13304

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions...

7.2CVSS0.01617EPSS
Exploits0References3
OSV
OSV
added 2020/09/14 10:15 p.m.11 views

CVE-2020-13304

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions...

7.2CVSS6.6AI score0.01617EPSS
Exploits0References3
OSV
OSV
added 2020/09/14 10:15 p.m.14 views

CVE-2020-13297

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint...

5.4CVSS6.7AI score0.01029EPSS
Exploits0References3
Prion
Prion
added 2020/09/14 10:15 p.m.12 views

Design/Logic Flaw

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions...

6.5CVSS6.8AI score0.01617EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/09/14 10:15 p.m.19 views

CVE-2020-13297

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint...

5.4CVSS6.1AI score0.01029EPSS
Exploits0References2
CVE
CVE
added 2020/09/14 9:22 p.m.60 views

CVE-2020-13297

CVE-2020-13297 : GitLab versions before 13.1.10, 13.2.8, and 13.3.4 are affected. A flaw allows a malicious user to bypass the 2FA restriction for groups by sending a crafted query to the API endpoint. The vulnerability is caused by improper authorization checks in the group-level 2FA flow, enabl...

5.4CVSS5.5AI score0.01029EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/09/14 9:19 p.m.57 views

CVE-2020-13304

The CVE applies to GitLab prior to 13.1.10, 13.2.8, and 13.3.4, where a vulnerability allows a Same 2 Factor Authentication secret code to be generated, enabling an attacker to maintain access under certain conditions. The connected documents corroborate the same description across multiple sourc...

7.2CVSS6.8AI score0.01617EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/09/14 9:19 p.m.17 views

CVE-2020-13304

Removed by vendor...

7.2CVSS7AI score0.01617EPSS
Exploits0
Prion
Prion
added 2020/09/10 2:15 a.m.14 views

Race condition

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...

1.9CVSS5.2AI score0.00225EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/04 12:0 a.m.47 views

FreeBSD : Gitlab -- multiple vulnerabilities (1fb13175-ed52-11ea-8b93-001b217b3468)

Gitlab reports : Vendor Cross-Account Assume-Role Attack Stored XSS on the Vulnerability Page Outdated Job Token Can Be Reused to Access Unauthorized Resources File Disclosure Via Workhorse File Upload Bypass Unauthorized Maintainer Can Edit Group Badge Denial of Service Within Wiki Functionality...

10CVSS6.8AI score0.99019EPSS
Exploits7References27
FreeBSD
FreeBSD
added 2020/09/02 12:0 a.m.63 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Vendor Cross-Account Assume-Role Attack Stored XSS on the Vulnerability Page Outdated Job Token Can Be Reused to Access Unauthorized Resources File Disclosure Via Workhorse File Upload Bypass Unauthorized Maintainer Can Edit Group Badge Denial of Service Within Wiki Functionality...

10CVSS1.5AI score0.99019EPSS
Exploits7References1
Krebs on Security
Krebs on Security
added 2020/08/21 8:34 p.m.39 views

FBI, CISA Echo Warnings on ‘Vishing’ Threat

The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA on Thursday issued a joint alert to warn about the growing threat from voice phishing or "vishing" attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity publishe...

7.3AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/06/29 10:53 a.m.11 views

Congrats, you got everyone remote. But did you do it securely?

The lockdown has meant entire companies of typically office based staff being forced to work from home. The change to our way of life is like nothing anyone has in living memory ever seen. However, alongside that, IT teams have had to rush to deliver solutions that were simply not designed for th...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2020/05/24 10:0 p.m.123 views

EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)

Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions. Legal disclaimer: Usage of...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/05/03 10:0 p.m.88 views

Authelia - The Single Sign-On Multi-Factor Portal For Web Apps

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through...

7.3AI score
Exploits0References5
OSV
OSV
added 2020/03/13 5:15 p.m.19 views

CVE-2020-10079

GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required...

5.3CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder