GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions 16.7 through 16.9.6, 16.10...

PT-2024-5145 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7 through 16.9.5 GitLab CE/EE versions 16.10 through 16.10.3 GitLab CE/EE versions 16.11 through 16.11.0 Description: The issue is related to the GraphQL Subscription Handler component of the GitLab platform, which...

Gitlab -- vulnerabilities

Gitlab reports: GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider Path Traversal leads to DoS and Restricted File Read Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search Personal Access Token scopes not honoured by...

This Week in Spring - Tuesday, April 23rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! We've had a really busy, wonderful week, as always, so let's dive right into it! We want you! ...to submit a talk to SpringOne 2024, in sunny Las Vegas! Hurry, the CFP closes May 3rd! Spring Shell 3.1.11, 3.2.4, and 3.3.0-m1...

Wallarm’s Open Source API Firewall debuts at Blackhat Asia 2024 – Introduces Key New Features & Functionalities

Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, lightweight API Firewall designed to protect REST and GraphQL API endpoints across cloud-native...

PT-2024-33781 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1.0 through 16.11.4 GitLab CE/EE versions 17.0.0 through 17.0.2 GitLab CE/EE versions 17.1.0 Description: An issue has been discovered in GitLab CE/EE that allowed for a CSRF attack on GitLab's GraphQL API, leading to...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

CVE-2024-2440 Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...

CVE-2024-2440 Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

CVE-2024-31205 Saleor CSRF bypass in refreshToken mutation

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery CSRF validation when calling refresh token mutation with empty string. When a user provides an empty string...

A Bootiful Podcast: Netflix’s Paul Bakker and Kavitha Srinivasan on scaling Spring Boot and Spring GraphQL

Hi, Spring fans! In this installment, I'm thrilled to be joined by Netflix's Paul Bakker and Kavitha Srinivasan, who explain how they're integrating and evolving Spring for GraphQL in their own GraphQL stack and how they're managing, growing, and evolving thousands of services written in Spring B...

This Week in Spring - April 2nd, 2024

Welcome, welcome, welcome, to another installment of This Week in Spring! You know, we've come a long way since you and I last spoke. It's April already! A new month! How bizarre. And, with the dawning of a new month, we're also more than 25% through this year! I sure hope you're paying attention...

BIT-GITLAB-2020-10978

GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API...

BIT-GITLAB-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

BIT-GITLAB-2020-13334

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query...

BIT-GITLAB-2020-26406

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...

BIT-GITLAB-2020-26413

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...