405 matches found
UBUNTU-CVE-2023-4194
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles signed commits. An attacker can exploit this vulnerability to spoof the author of a commit by using a valid certificate that has been signed by a trusted CA...
CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in Gitlab CE/EE, which stems from the fact tha...
GHSA-76F7-9V52-V2FW Remote Code Execution for 2.4.1 and earlier
Impact OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. Patches Patched in 07c4641471c6f5c2ab5aab615969e97211eb50d9 and further refined in...
CVE-2023-1621
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address...
CVE-2023-1621
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address...
CVE-2023-1621
Affected software: GitLab Enterprise Edition (GitLab EE).Vulnerability details: An issue allows a malicious group member to continue committing to projects even when using a restricted IP address, impacting GitLab EE versions 12.0 through 15.10.4 and 15.11.0 (i.e., before 15.10.5 and before 15.11...
Malicious code in idgit-conventional-commitsentity-obj-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e21720cf9a4946dccc8cfaf2aeecb605fa378ec130a4c251054a6867ebd163ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-515 Malicious code in idgit-conventional-commitsentity-obj-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e21720cf9a4946dccc8cfaf2aeecb605fa378ec130a4c251054a6867ebd163ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ALSA-2023:2780 Moderate: Image Builder security, bug fix, and enhancement update
Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the possibility th...
CVE-2023-30630
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...
CVE-2023-1072
An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to...
CVE-2023-1072
An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to...
CVE-2023-1072
Removed by vendor...
GitLab 9.0 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2023-1072)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was...
jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git
A flaw was found in the Git Jenkins plugin. The affected versions of the Git Jenkins Plugin allow attackers to trigger the builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...
SUSE CVE-2017-1000106
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...