CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

Authentication flaw

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

UBUNTU-CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

CVE-2021-39890

CVE-2021-39890 affects GitLab 14.1.1 and later and allows bypassing 2FA for LDAP users and accessing certain pages via Basic Authentication. The connected documents confirm the issue and affected product/version, but do not provide a detailed root-cause description or patch-level remediation with...

CVE-2021-39890

Removed by vendor...

PT-2021-22737 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.1.1 and above Description: The issue allows bypassing 2FA for LDAP users and accessing specific pages using Basic Authentication. Recommendations: For GitLab versions 14.1.1 and above, at the moment, there is no information...

Buffer overflow

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIRCDCv1.2.17, allows attackers to execute arbitrary code...

CVE-2021-26777

CVE-2021-26777 concerns a buffer overflow in SetFirewall within index.cgi of Circutor Compact DC-S BASIC smart metering concentrator firmware CIR_CDC_v1.2.17. The flaw stems from improper data boundary handling, enabling an attacker to execute arbitrary code remotely via the device’s network inte...

WordPress Accesspress Basic theme <= 3.2.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Lenon Leite Patchstack Red Team project in WordPress Accesspress Basic theme versions = 3.2.1. This theme uses a vulnerable piece of code related to previously identified vulnerability - CVE-2021-39317. Solution Deactivate and delete. The vendor...

Basic Authentication Detected

The scanner detected the presence of a web page protected by a 'Basic' authentication. No source data...

Basic Authentication Bruteforced

The scanner successfully authenticated on the target web application by using weak credentials in the request basic authentication HTTP header. No source data...

LiquidFiles 3.5.13 Privilege Escalation Vulnerability

=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...

The importance of identity and Microsoft Azure Active Directory resilience

I love hearing my colleagues explain how they came to the industry because so many of their stories are unusual. I’m surprised how often I hear that people got into computer science by some fortuitous accident. Although he loved computers from the time he was a kid, Oren Melzer never expected to...

basic-story.com Improper Access Control vulnerability OBB-2266516

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

CVE-2021-42763

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI query workbench etc to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request,...

CVE-2021-42763

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI query workbench etc to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request,...

Cross site request forgery (csrf)

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI query workbench etc to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request,...

CVE-2021-42763

Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI query workbench etc to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request,...