CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

CVE-2024-7554

CVE-2024-7554 affects GitLab CE/EE: all versions from 13.9 before 17.0.6, all 17.1 before 17.1.4, and all 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged via a specific API request pattern (confidentiality impact high; no integrity/availability impact reported). T...

CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specif...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the possibility th...

GitLab 13.9 < 17.0.6 / 17.1 < 17.1.4 / 17.2 < 17.2.2 (CVE-2024-7554)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Unde...

CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...

CVE-2022-4002

Motorola Q14 Mesh Router firmware vulnerability: a command-injection flaw exists prior to version 1.5.0.16 that could let an authenticated user execute OS commands as root via a crafted API request. The issue affects the Q14 firmware family before the stated fix; exploitation context and in-the-w...

CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2022-4003

CVE-2022-4003 affects Motorola Q14 mesh router. A denial-of-service occurs when an authenticated user sends a crafted API request that triggers an internal service restart via the API. Impact is availability (A) high; attacker requires network access and low attack complexity with low privileges....

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...

Motorola Q14 安全漏洞

The Motorola Q14 is a mesh router system from Motorola USA. A security vulnerability exists in the Motorola Q14 prior to v1.5.0.16, which stems from a command injection vulnerability that could allow an authenticated user to execute operating system commands as root via a specially crafted API...

GHSA-V23V-6JW2-98FQ Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

Authz zero length regression

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions...

Buying Stuff For Free From Shopping Websites

Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install. From an attacker’s...

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins AuthZ under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating...

AZL-47042 CVE-2024-41110 affecting package moby-engine for versions less than 24.0.9-7

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...