CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability...

PT-2021-22744 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.6 and later Description: The issue allows a project export to leak the external webhook token value, potentially granting access to the project it was exported from. Recommendations: For GitLab CE/EE versions 10.6 and...