CVE-2021-38376

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call...

Session fixation

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call...

RHEL 8 : grafana (RHSA-2021:4226)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4226 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have be...

CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings...

CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings...

UBUNTU-CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings...

PT-2021-22750 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.0 and later Description: A privileged user can change the visibility level of a group or a project to a restricted option through an API call, even after the instance administrator sets that visibility option as...

GitLab Access Control Error Vulnerability (CNVD-2021-91182)

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which can be...

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...

CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...

Design/Logic Flaw

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

Design/Logic Flaw

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch...

CVE-2021-39889

Removed by vendor...

CVE-2021-39870

Removed by vendor...

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

CVE-2021-39870

CVE-2021-39870 affects GitLab CE/EE versions since 11.11. The issue is a bypass where, if the instance has the setting to disable Repo by URL import, an attacker can perform a crafted API call to bypass that protection. The available documents consistently describe this bypass, but do not provide...