3125 matches found
Stripe: GRAPHQL cross-tenant IDOR giving write access thought the operation UpdateAtlasApplicationPerson
@bubbounty discovered an Insecure Direct Object Reference IDOR vulnerability that allowed someone with prior Admin access to a Stripe account to add a co-founder to a Stripe Atlas application belonging to the merchant account they used to administer. The issue has been addressed by only allowing...
Shopify: Informations disclosure - Access to some checkout informations
It came to my attention that using the CheckoutStatus query on https://arrive-server.shopifycloud.com/graphql it is possible to access some checkout details, specifically the query can be called with an ID value ranging from 1 up to 48908. Unfortunately, as I could not figure out how to create a...
Information Disclosure
gitlab is vulnerable to information disclosure. It exposes private group and project membership via GraphQL in GitLab CE/EE 13.1...
Information Disclosure
gitlab is vulnerable to information disclosure. The vulnerability exists as private user emails were visible in GraphQL results...
Information Disclosure
gitlab is vulnerable to information disclosure. The vulnerability is possible via the REST API via the GraphQL...
GitLab Information Disclosure Vulnerability (CNVD-2021-14193)
GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. GitLab CE/EE...
CVE-2020-26413
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...
CVE-2020-26413
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...
CVE-2020-26417
Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...
CVE-2020-26417
Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...
Information disclosure
Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...
CVE-2020-26417
Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...
CVE-2020-26413
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...
Information disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...
CVE-2020-26415
Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...
UBUNTU-CVE-2020-26415
Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...
UBUNTU-CVE-2020-26413
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...
CVE-2020-26413
GitLab CE/EE versions 13.4 through 13.6.2 are affected by an information disclosure via GraphQL that exposes user email addresses. Root cause: GraphQL responses disclose sensitive user information. Impact: unauthorized users could view emails and related data through normal GraphQL queries. Remed...
CVE-2020-26413
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...
CVE-2020-26413
Removed by vendor...