3125 matches found
GitLab跨站请求伪造漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site request forgery vulnerability exists in Gitl...
PT-2021-6759 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.11.6 GitLab versions 13.12 through 13.12.5 GitLab versions 14.0 through 14.0.1 Description: An issue has been discovered in GitLab related to improper access control when using GraphQL, allowing unauthorized users ...
FreeBSD : Gitlab -- Multiple Vulnerabilities (8ba8278d-db06-11eb-ba49-001b217b3468)
Gitlab reports : DoS using Webhook connections CSRF on GraphQL API allows executing mutations through GET requests Private projects information disclosure Denial of service of user profile page Single sign-on users not getting blocked Some users can push to Protected Branch with Deploy keys A...
GitLab Cross-Site Scripting Vulnerability (CNVD-2022-23498)
GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. A security vulnerability exists in GitLab, which stems from a CSRF on the...
com.azure.spring:azure-spring-boot-starter-active-directory-b2c (>=3.3.0 <=3.5.0), com.backbase.oss:scdf-maven-plugin (=0.2.0) +114 more potentially affected by CVE-2021-22119 via org.springframework.security:spring-security-oauth2-client (>=5.4.0 <=5.4.6)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.4.0, =3.3.0, =2.4.1, =1.12, =1.18.1, =1.12, =1.12, =1.12, =1.12.1, =0.1.0-beta.6, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5...
CVE-2021-35970
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...
CVE-2021-35970
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...
Design/Logic Flaw
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...
CVE-2021-35970
CVE-2021-35970 affects Coral Talk 4 prior to 4.12.1. The issue arises from permission checks using an incorrect data type, enabling remote attackers to query GraphQL and discover email addresses and other sensitive information. Exploitation is remote and unauthenticated as described in the public...
CVE-2021-35970
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...
Coral 安全漏洞
coral is an open source project. Improve the community on your website through smart technology, effective design, and efficient strategy. A security vulnerability exists in Coral Talk 4 versions prior to 4.12.1, which stems from the use of incorrect data types for program privilege checking, and...
GraphQL API Detected
GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. It is a popular alternative to traditional REST or SOAP APIs, providing flexibility and an optimized data fetching method. The scanner detected th...
Instagram Bug Allowed Anyone to View Private Accounts Without Following Them
Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. "This bug could have allowed a malicious user to view targeted media on Instagram," security researcher Mayur Fartade said in a Medium post today. "An...
GHSA-MG2G-8PWJ-R2J2 Authentication bypass in SilverStripe GraphQL
The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default...
Authentication bypass in SilverStripe GraphQL
The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default...
SilverStripe License Issues Vulnerability (CNVD-2021-50577)
SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe has an authorization issue vulnerability that stems from...
CVE-2020-26136
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...
CVE-2020-26136
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...
Authentication flaw
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...
CVE-2020-26136
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA multi-factor authentication when using basic authentication...