80 matches found
UBUNTU-CVE-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...
PT-2023-16970 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab where it was possible for an unauthorized user to add child epics linked to a victim's epic in an unrelated group...
CVE-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...
CVE-2023-1417
CVE-2023-1417 affects GitLab versions 15.9 before 15.9.4 and 15.10 before 15.10.1. The issue allows an unauthorised user to add child epics linked to a victim’s epic in an unrelated group, implying a cross-group authorization flaw. The connected sources document the affected ranges and the nature...
CVE-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...
GitLab 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-1417)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child...
PT-2023-9824 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.6.0 Description: The issue is related to insufficient protection of service data when adding non-image attachments, resulting in a lack of authentication procedure. This allows a remote attacker to bypass...
GitLab: Attacker can create malicious child epics linked to a victim's epic in an unrelated group
A vulnerability existed in GitLab that allowed an attacker to create malicious child epics linked to a victim's epic in an unrelated group. The attacker could create the malicious child epics by referring to the victim's epic via the parentid. The vulnerability was due to the lack of proper acces...
SUSE CVE-2019-18461
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control...
CVE-2021-39883
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...
Authorization
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...
CVE-2021-39883
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...
CVE-2021-39883
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...
UBUNTU-CVE-2021-39883
Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...
CVE-2021-39883
CVE-2021-39883 : In GitLab EE, there are improper authorization checks that allow subgroup members to see epics from all parent subgroups. Affected: all versions of GitLab EE starting from 13.11 up to but not including 14.1.7; all versions starting from 14.2 up to but not including 14.2.5; and al...
CVE-2021-39883
Removed by vendor...
GitLab Cross-Site Scripting Vulnerability (CNVD-2021-14785)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A stored cross-site scripting vulnerability exists in the epics page of GitLab 11.8 and later. No...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...
UBUNTU-CVE-2021-22183
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...