3128 matches found
CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...
CVE-2024-4472
Removed by vendor...
CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...
CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs...
GitLab GraphQL API User Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GraphQL API User Enumeration', 'Description' = %q This module queries the GitLab GraphQL API without authentication to acquire the list of...
CVE-2024-43414
CVE-2024-43414 affects Apollo Federation components: @apollo/query-planner (v2.0.0–=2.0.0 and <2.8.5) and Apollo Router (
BIT-GITLAB-2024-3127 Improper Access Control in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
FreeBSD : Gitlab -- vulnerabilities (49ef501c-62b6-11ef-bba5-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 49ef501c-62b6-11ef-bba5-2cf05da270f3 advisory. Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When...
CVE-2024-3127
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
UBUNTU-CVE-2024-3127
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
CVE-2024-3127
Removed by vendor...
CVE-2024-3127 Improper Access Control in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
CVE-2024-3127 Improper Access Control in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
CVE-2024-3127
Technical details of CVE-2024-3127 are not publicly provided in the submitted documents; no affected products, versions, or remediation details are included here. Monitor for updates.
CVE-2024-3127 Improper Access Control in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL...
GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 12.5 through 17.1.6, 17.2 through 17.2.4, and 17.3 through 17.3.1, which stems from the fact that under certain circumstances, it may...
GitLab 12.5 < 17.1.6 / 17.2 < 17.2.4 / 17.3 < 17.3.1 (CVE-2024-3127)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under...
Gitlab -- vulnerabilities
Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline ...
Exploit for CVE-2021-4191
This repository contains a collection of exploits and proof-of-concept POC code for various vulnerabilities, including a high-severity vulnerability in Android versions 12 and 13 CVE-2024-0044, an unauthenticated remote command execution RCE vulnerability in BYOB Build Your Own Botnet v2.0.0, and...
Defend Your GraphQL Server Against Excessive Resource Consumption
...