1595 matches found
UBUNTU-CVE-2021-39882
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE 11.11 and later that allows an...
GitLab 跨站脚本漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A cross-site scripting vulnerability exists in GitLab Jira, which can be...
PT-2021-14923 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 13.12 through 14.0.8 GitLab versions 14.1 through 14.1.3 GitLab versions 14.2 through 14.2.1 Description: The issue concerns missing access control in GitLab with Jira Cloud integration enabled, allowing Jira users without...
PT-2021-22740 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.0 and later Description: A DNS rebinding vulnerability exists in the Fogbugz importer, which may be used by attackers to exploit Server Side Request Forgery attacks. This issue affects all versions of GitLab CE/EE sinc...
UBUNTU-CVE-2021-39896
In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may lead to repudiation issues...
UBUNTU-CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call...
UBUNTU-CVE-2021-39874
In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands...
UBUNTU-CVE-2021-39879
Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication...
UBUNTU-CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs...
GitLab 代码问题漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A code issue vulnerability exists in GitLab CE/EE, which...
GitLab 代码问题漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A code issue vulnerability exists in GitLab CE/EE that...
PT-2021-22723 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.2 and later Description: A vulnerability was discovered that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. Recommendations: For GitLab versions 12.2 and later, at the moment,...
PT-2021-22715 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.12 and later Description: An authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. This issue affects all versions of GitLab CE/EE sinc...
PT-2021-22742 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.0 and later Description: The issue arises when an admin uses the impersonate feature twice and then stops impersonating. This may cause the admin to be logged in as the second user they impersonated, potentially leadin...
PT-2021-22747 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 10.8 and later Description: The issue allows for information disclosure from SendEntry in GitLab, exposing the full URL of artifacts stored in object-storage. This exposure occurs via Rails logs and is temporary...
GitLab 授权问题漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An authorization issue vulnerability exists in GitLab EE, which can be exploit...
GitLab 跨站脚本漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab, whic...
GitLab EE 跨站脚本漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab EE...
GitLab 信息泄露漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...