Lucene search
+L

80 matches found

osv
osv
added 2023/04/05 9:15 p.m.3 views

UBUNTU-CVE-2023-1417

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...

4.3CVSS5.7AI score0.00651EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/04/05 12:0 a.m.5 views

PT-2023-16970 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab where it was possible for an unauthorized user to add child epics linked to a victim's epic in an unrelated group...

4.3CVSS6.5AI score0.00651EPSS
Exploits0References12
vulnrichment
vulnrichment
added 2023/04/05 12:0 a.m.10 views

CVE-2023-1417

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...

4.3CVSS4.2AI score0.00651EPSS
Exploits0References3
cve
cve
added 2023/04/05 12:0 a.m.78 views

CVE-2023-1417

CVE-2023-1417 affects GitLab versions 15.9 before 15.9.4 and 15.10 before 15.10.1. The issue allows an unauthorised user to add child epics linked to a victim’s epic in an unrelated group, implying a cross-group authorization flaw. The connected sources document the affected ranges and the nature...

4.3CVSS4.5AI score0.00651EPSS
Exploits0References3Affected Software1
osv
osv
added 2023/04/05 12:0 a.m.20 views

CVE-2023-1417

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...

4.3CVSS9.4AI score0.00651EPSS
Exploits0References5
nessus
nessus
added 2023/04/04 12:0 a.m.26 views

GitLab 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-1417)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child...

4.3CVSS5.1AI score0.00651EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2023/03/22 12:0 a.m.5 views

PT-2023-9824 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.6.0 Description: The issue is related to insufficient protection of service data when adding non-image attachments, resulting in a lack of authentication procedure. This allows a remote attacker to bypass...

3.7CVSS7.3AI score0.00302EPSS
Exploits0References15
hackerone
hackerone
added 2023/03/04 7:21 p.m.22 views

GitLab: Attacker can create malicious child epics linked to a victim's epic in an unrelated group

A vulnerability existed in GitLab that allowed an attacker to create malicious child epics linked to a victim's epic in an unrelated group. The attacker could create the malicious child epics by referring to the victim's epic via the parentid. The vulnerability was due to the lack of proper acces...

6.4AI score
Exploits0
susecve
susecve
added 2023/02/15 4:7 a.m.5 views

SUSE CVE-2019-18461

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control...

4.3CVSS4.8AI score0.0077EPSS
Exploits0References3
nvd
nvd
added 2021/10/04 5:15 p.m.15 views

CVE-2021-39883

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...

4.3CVSS0.00747EPSS
Exploits0References2
prion
prion
added 2021/10/04 5:15 p.m.14 views

Authorization

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...

4CVSS4.8AI score0.00747EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2021/10/04 5:15 p.m.3 views

CVE-2021-39883

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...

4.3CVSS5.8AI score0.00747EPSS
Exploits0References3Affected Software1
ubuntucve
ubuntucve
added 2021/10/04 5:15 p.m.24 views

CVE-2021-39883

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...

4.3CVSS5.9AI score0.00747EPSS
Exploits0References3
osv
osv
added 2021/10/04 5:15 p.m.3 views

UBUNTU-CVE-2021-39883

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...

4.3CVSS5.8AI score0.00747EPSS
Exploits0References4
cve
cve
added 2021/10/04 4:49 p.m.74 views

CVE-2021-39883

CVE-2021-39883 : In GitLab EE, there are improper authorization checks that allow subgroup members to see epics from all parent subgroups. Affected: all versions of GitLab EE starting from 13.11 up to but not including 14.1.7; all versions starting from 14.2 up to but not including 14.2.5; and al...

4.3CVSS4.6AI score0.00747EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2021/10/04 4:49 p.m.31 views

CVE-2021-39883

Removed by vendor...

4.3CVSS5.8AI score0.00747EPSS
Exploits0
cnvd
cnvd
added 2021/03/05 12:0 a.m.8 views

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-14785)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A stored cross-site scripting vulnerability exists in the epics page of GitLab 11.8 and later. No...

5.4CVSS5.7AI score0.00838EPSS
Exploits0References1
prion
prion
added 2021/03/04 3:15 p.m.16 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...

3.5CVSS4.9AI score0.00838EPSS
Exploits0References3Affected Software1
ubuntucve
ubuntucve
added 2021/03/04 3:15 p.m.28 views

CVE-2021-22183

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...

5.4CVSS6AI score0.00838EPSS
Exploits0References4
osv
osv
added 2021/03/04 3:15 p.m.2 views

UBUNTU-CVE-2021-22183

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...

5.4CVSS6AI score0.00838EPSS
Exploits0References5
Rows per page
Query Builder