Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person with user privileges could exploit the vulnerability to use a GraphQL endpoint to install rogue runners in any project within the environment and thus execute arbitrary code execute. GitL...

CVE-2023-2478

CVE-2023-2478 affects GitLab CE/EE, versions 15.4 up to but not including 15.9.7, 15.10 up to but not including 15.10.6, and 15.11 up to but not including 15.11.2. The root cause is a condition where a malicious, authorized GitLab user can use the GraphQL endpoint to attach a rogue runner to any ...

CVE-2023-2478

Removed by vendor...

FreeBSD : Gitlab -- Multiple Vulnerabilities (89fdbd85-ebd2-11ed-9c88-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 89fdbd85-ebd2-11ed-9c88-001b217b3468 advisory. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7,...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Malicious Runner Attachment via GraphQL...

This Week in Spring - April 25th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? I'm en route to Bangalore, India, via Frankfurt, for the Developer Summit 2023 edition. It's going to be a ton of fun, and I hope you won't miss it! para Spring Boot 3.1.0-RC1 available now One of the most exciti...

Denial Of Service (DoS)

github.com/42atomys/stud42 is vulnerable to Denial of Service DoS. The vulnerability exits due to the graphQL parser which has the potential to overload the API pod because it does not check for a max content length, resulting in an attacker crashing the application...

Security Bulletin: There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-37734)

Summary There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a...

Stud42 vulnerable to denial of service

A security vulnerability has been identified in the GraphQL parser used by the API of s42.app. An attacker can overload the parser and cause the API pod to crash. With a bit of threading, the attacker can bring down the entire API, resulting in an unhealthy stream. This vulnerability can be...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

Information disclosure

The VTEX email protected GraphQL API module does not properly restrict unauthorized access to private configuration data. email protected is unaffected by this issue...

Denial Of Services (DoS)

graphql-java is vulnerable to Denial Of Services DoS. An attacker can send a maliciously crafted GraphQL query that causes excessive stack consumption, which can lead to an application crash...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

VTEX apps-graphql 安全漏洞

VTEX apps-graphql is a graphql API module for VTEX IO applications from VTEX UK. A security vulnerability exists in the VTEX [email protected] GraphQL API module that stems from not properly restricting unauthorized access to private configuration data...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

PT-2023-32969 · S42.App · S42.App

Name of the Vulnerable Software and Affected Versions: s42.app affected versions not specified Description: A security issue has been identified in the GraphQL parser used by the API of s42.app, allowing an attacker to overload the parser and cause the API pod to crash. By sending a specially...

CVE-2023-28877

The CVE concerns the VTEX [email protected] GraphQL API module, where unauthorized access to private configuration data is not properly restricted. The issue affects [email protected]; [email protected] is unaffected. The root cause is insufficient access controls exposing private configuration data...

Stud42 vulnerable to denial of service

Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser...

CVE-2023-28867

A flaw was found in GraphQL Java. This issue may allow a malicious user to send a crafted GraphQL query that causes stack consumption, causing a denial of service...