CVE-2019-15576

An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint...

CVE-2019-15576

An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint...

Information disclosure

An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint...

CVE-2019-15576

An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint...

CVE-2019-15576

An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint...

CVE-2019-15576

Removed by vendor...

CVE-2019-15576

CVE-2019-15576 is an information disclosure vulnerability affecting GitLab CE/EE versions prior to 12.3.2, 12.2.6, and 12.1.12. The issue allows an attacker to view private system notes via a GraphQL endpoint. The root cause and exact vulnerable component are not explicitly detailed beyond versio...

GitLab Doles Out Half a Million Bucks to White Hats

GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year — and has announced the winners of its latest hacking contest. GitLab, which started out as a web-based Git repository manager before moving into the DevOps...

GraphQL Batching Attack

There is a new attack surface when the app tech stack includes GraphQL. It's Batched Attacks on GraphQL APIs. How can these apps be protected? Read more to find out. The post GraphQL Batching Attack appeared first on Wallarm Blog...

Why and how to disable introspection query for GraphQL APIs

Intro In the last post, we touched on the topic of GraphQL security. As a reminder, GraphQL is a popular alternative to REST APIs. A single article can not encapsulate all the things one wants to know about such an interesting technology. This installment of the series will look at the first step...

Denial Of Service (DoS) Via Infinite Loop

graphql-hooks is vulnerable to denial of service DoS attacks. Since skipCache is set to true by default in the function useQuery during server side rendering, an attacker can send the query requests to trigger infinite loop as it runs indefinitely without raising any error or returning any result...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

Code injection

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2019-18455

GitLab Community and Enterprise Edition versions 11–12.4 are affected by a Denial of Service due to a large or infinite loop when building Nested GraphQL queries. Root cause: improper handling of nested GraphQL query expansion leads to resource exhaustion. Impact: availability degradation (DoS) w...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2019-18455

Removed by vendor...

Trint Ltd: SSO bypass in zendesk using trint organization able to leak internal ticket information

Summary hello there because in app.trint.com there's no email verification i able to login in your zendesk SSO using your organization your organization using domain @trint.com because there's no email verification i able to read and takeover + claim this email [email protected] and i able to...

Securing GraphQL. Part 1

GraphQL is an alternative to the REST concept that allows working with the data in a more structured and object-oriented way. This technology is very famous and used by many enterprise companies such as Facebook, Walmart, Intuit among other. Whether you know it or not, GraphQL has a significant...