Lucene search
K

54 matches found

Vulnrichment
Vulnrichment
added 2024/07/11 6:57 a.m.20 views

CVE-2024-5470 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

3.8CVSS6.6AI score0.00328EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/11 6:57 a.m.33 views

CVE-2024-5470 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

3.8CVSS0.00328EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/07/11 6:57 a.m.24 views

CVE-2024-5470

Removed by vendor...

3.8CVSS5.8AI score0.00328EPSS
Exploits0
CVE
CVE
added 2024/07/11 6:57 a.m.221 views

CVE-2024-5470

GitLab CE/EE CVE-2024-5470 affects all versions from 17.0 up to, but not including, 17.0.4 and from 17.1 up to, but not including, 17.1.2. A Guest user with the admin_push_rules permission may have been able to create project-level deploy tokens. The description explicitly identifies the vulnerab...

3.8CVSS4AI score0.00328EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.18 views

GitLab 12.9 < 12.10.13 / 13.0 < 13.0.8 / 13.1 < 13.1.2 (CVE-2020-13322)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. CVE-2020-13322 Note that Nessus has...

7.2CVSS7.1AI score0.0115EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:22 a.m.23 views

BIT-GITLAB-2020-13322

A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...

7.2CVSS6.5AI score0.0115EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:13 a.m.28 views

BIT-GITLAB-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS5.5AI score0.0089EPSS
Exploits0References4
Veracode
Veracode
added 2023/07/22 9:36 p.m.22 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. When external authorization is enabled, a group owner may be able to overcome it in order to access git repositories and package registries by utilizing deploy tokens or deploy keys...

6.5CVSS6.7AI score0.0089EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/01/26 9:15 p.m.33 views

Authorization

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

3.3CVSS5AI score0.0089EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/01/26 9:15 p.m.34 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.1AI score0.0089EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:15 p.m.4 views

UBUNTU-CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS5.7AI score0.0089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.2 views

PT-2023-1347 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.9 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.3 GitLab CE/EE versions 15.5 through 15.5.1 Description: The issue is related to a flaw in the authorization procedure when managing keys and tokens using...

9.4CVSS5.6AI score0.0089EPSS
Exploits0References14
OSV
OSV
added 2023/01/24 12:0 a.m.17 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS5.1AI score0.0089EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.5 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.8AI score0.0089EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.30 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.7AI score0.0089EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/01/24 12:0 a.m.34 views

CVE-2022-3740

Removed by vendor...

6.5CVSS6.2AI score0.0089EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/16 12:0 a.m.31 views

GitLab 12.9 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-3740)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External...

6.5CVSS5.8AI score0.0089EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/07/11 12:0 a.m.30 views

GitLab 10.7 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-1983)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key ...

6.5CVSS5.3AI score0.0061EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/07/01 4:15 p.m.5 views

CVE-2022-1983

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP...

6.5CVSS5.8AI score0.0061EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/01 4:15 p.m.3 views

UBUNTU-CVE-2022-1983

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP...

6.5CVSS5.8AI score0.0061EPSS
Exploits0References4
Rows per page
Query Builder