The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to information disclosure, allows attackers to gain access to confidential data.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the leakage of the OAuth access token. Exploiting this vulnerability allows a malicious actor to gain access to confidential data by convincing users to visit a malicious page using...

UBUNTU-CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

GitLab 信息泄露漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab is vulnerable to an information disclosure vulnerability caused by an unrestricted instance of the application's "/user.keys" route that disables public visibility...

GitLab 信息泄露漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

UBUNTU-CVE-2021-22237

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2...

UBUNTU-CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE 12.6 and...

PT-2021-6753 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.10 and later Description: The issue is related to incorrect authorization in GitLab, a platform for collaborative code development. Under specific conditions, it allows existing users to use an invite URL intended for...

GitLab 跨站脚本漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab CE/EE...

GitLab 输入验证错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug list, and more. An input validation error vulnerability exists in GitLab...

GitLab 安全漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. A security vulnerability exists in versions of GitLab prior to CE/EE 13.7,...

GitLab 安全漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE versions...

GitLab 跨站脚本漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab, whic...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Not all vulnerabilities...

GitLab CE/EE 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability in GitLab CE/EE in all versions starting with 13.11, 13.12, a...

GitLab 跨站脚本漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab CE ...

GitLab 授权问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug list, and more. An authorization issue vulnerability exists in GitLab that...

GitLab 访问控制错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. GitLab suffers from an Access Control Error vulnerability...

GitLab 输入验证错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab th...

UBUNTU-CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim...