108 matches found
CVE-2023-3920
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...
Information Disclosure
gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles project forks. An attacker can exploit this vulnerability to access data of an internal repository through a public project fork, even if the attacker does not have permissions t...
UBUNTU-CVE-2023-2190
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...
The fork mechanism of Nouns lacks a fork cooling-off period/clarification period/remedial period mechanism, which cannot resist someone maliciously inciting the emotions of DAO members and triggering impulsive forks
Lines of code Vulnerability details Impact It's important that forking happen rarely. Once a fork occurs, it cannot be canceled. It is not a good thing for DAO to happen. It is necessary to ensure that DAO members propose a fork after calm deliberation. The current Nouns forking mechanism lacks a...
PT-2023-18352 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.10 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab CE/EE that may allow users to view new commits to private...
CVE-2023-31128 NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
kernel: use-after-free related to leaf anon_vma double reuse
A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...
Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Installs Compromised
PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json wit...
PT-2023-13316 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 11.10 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab that allows an attacker to disclose branch names when they have a fork of a...
Octosuite - Advanced Github OSINT Framework
A framework fro gathering osint on GitHub users, repositories and organizations Wiki Refer to the Wiki for installation instructions, in addition to all other documentation. Features Fetches an organization's profile information Fetches an oganization's events Returns an organization's repositori...
PT-2022-28210 · Ckb · Ckb
Name of the Vulnerable Software and Affected Versions: ckb versions prior to 0.101.1 Description: The issue arises from the HeaderCheckercheck valid function skipping main chain checking, which can lead to network forking if a transaction uses a forked block header not present in the local node's...
Upgraded Q -> M from 964 [1666360503408]
Judge has assessed an item in Issue 964 as Medium risk. The relevant finding follows: Non-critical: EIP712 signatures on GolomTrader could be replayed in case of blockchain forks The chainId is burnt into EIP712DOMAINTYPEHASH rather than checked each time. This means that signatures could be...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control, allowing attackers to gain access to confidential data.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient restrictions on access to project forks. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data...
Using the native payable.transfer to send ETH in WithdrawFacet
Lines of code Vulnerability details Impact The withdraw function in WithdrawFacet uses the native transfer keyword to send ETH, which is considered unsafe because of the fixed gas budget, and its functionality could be broken in some circumstances: 1. The receiver consumes more than 2300 amounts ...
Matkt Hyperledger Besu 安全漏洞
Matkt Hyperledger Besu is an open source application from Matkt. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Besu starting in version 21.10.0, which stems from changes in the software implementation of the SHL, SHR, and SAR...
GitLab安全漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in GitLab...
FreeBSD : Gitlab -- Multiple Vulnerabilities (8ba8278d-db06-11eb-ba49-001b217b3468)
Gitlab reports : DoS using Webhook connections CSRF on GraphQL API allows executing mutations through GET requests Private projects information disclosure Denial of service of user profile page Single sign-on users not getting blocked Some users can push to Protected Branch with Deploy keys A...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: DoS using Webhook connections CSRF on GraphQL API allows executing mutations through GET requests Private projects information disclosure Denial of service of user profile page Single sign-on users not getting blocked Some users can push to Protected Branch with Deploy keys A...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that allows bypassing restrictions tha...
Cross-Site Scripting in bootstrap-tagsinput
All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...