Lucene search
K

70 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:18 a.m.7 views

CVE-2019-6960

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled...

9.8CVSS6.5AI score0.02075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:15 a.m.8 views

CVE-2019-6997

An issue was discovered in GitLab Community and Enterprise Edition 10.x starting in 10.7 and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles...

4.3CVSS6.4AI score0.00808EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:52 a.m.10 views

CVE-2019-13006

An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control...

4.3CVSS6.5AI score0.0077EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:24 a.m.7 views

CVE-2019-12441

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control...

7.5CVSS6.6AI score0.00935EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/09 4:13 p.m.7 views

CVE-2025-1278 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...

5.3CVSS5.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/24 7:31 a.m.35 views

CVE-2024-12244 Missing Authorization in GitLab

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1...

4.3CVSS0.00276EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 1:44 p.m.6 views

CVE-2020-13275

A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1...

8.1CVSS6.3AI score0.01043EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/08 12:0 a.m.12 views

FreeBSD : Gitlab -- Vulnerabilities (2bfde261-cdf2-11ef-b6b2-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2bfde261-cdf2-11ef-b6b2-2cf05da270f3 advisory. Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads...

6.5CVSS5.5AI score0.00692EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.11 views

FreeBSD : Gitlab -- vulnerabilities (1eb4d32c-a245-11ef-998c-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1eb4d32c-a245-11ef-998c-2cf05da270f3 advisory. Gitlab reports: Unauthorized access to Kubernetes cluster agent Device OAuth flow allows for...

8.8CVSS5.4AI score0.00543EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/02/28 12:0 a.m.6 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control mechanisms, allowing attackers to enhance their privileges.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to enhance their privileges...

8.7CVSS6.7AI score0.00525EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/04 12:30 p.m.36 views

@backstage/backend-app-api leaks GitLab access tokens

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

5.7CVSS6.9AI score0.00561EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/01/04 12:30 p.m.14 views

GHSA-86RG-PF4C-5GRG @backstage/backend-app-api leaks GitLab access tokens

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

7.3CVSS5.4AI score0.00561EPSS
Exploits0References10
NVD
NVD
added 2024/01/04 10:15 a.m.33 views

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

5.7CVSS5.5AI score0.00561EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/04 10:2 a.m.34 views

CVE-2023-6944 Rhdh: catalog-import function leaks credentials to frontend

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

5.7CVSS5.7AI score0.00561EPSS
Exploits0References3
CVE
CVE
added 2024/01/04 10:2 a.m.129 views

CVE-2023-6944

CVE-2023-6944 affects Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 GitLab token ends with a newline, causing the sanitized error to reveal the raw token. With access to the token and appropriate permissions, an attacker could...

5.7CVSS5.4AI score0.00561EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/01/04 10:2 a.m.12 views

CVE-2023-6944 Rhdh: catalog-import function leaks credentials to frontend

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

5.7CVSS6.6AI score0.00561EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2023/12/19 9:26 p.m.38 views

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

5.7CVSS5.4AI score0.00561EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.3 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability in GitLab Community Edition CE and Enterprise Edition...

7.5CVSS7.4AI score0.00768EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/09 12:0 a.m.27 views

CVE-2022-3285

Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab...

5.3CVSS7.4AI score0.00768EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/10 9:15 p.m.7 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS5.4AI score0.00945EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder