19 matches found
EUVD-2020-5542
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-13282
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper...
Linux Distros Unpatched Vulnerability : CVE-2020-13335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper group membership validation when deleting a user account in GitLab =7.12 allows a user to delete own account without deleting/transferring their group...
CVE-2022-4331
An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible...
CVE-2020-13282
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...
GitLab 10.5 < 13.0.12 / 13.1 < 13.1.6 / 13.2 < 13.2.3 (CVE-2020-13282)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. CVE-2020-13282 Note that Nessus...
BIT-GITLAB-2020-13282
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...
BIT-GITLAB-2022-4331
An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible...
CVE-2022-4331
Removed by vendor...
CVE-2022-4331
CVE-2022-4331 (GitLab EE) : Affects GitLab EE versions 15.1 up to but not including 15.7.8; 15.8 up to but not including 15.8.4; and 15.9 up to but not including 15.9.2. If a SAML SSO-enabled group is moved to a new namespace as a child group, a previously removed malicious maintainer/owner could...
PT-2023-14190 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.1 through 15.7.7 GitLab EE versions 15.8 through 15.8.3 GitLab EE versions 15.9 through 15.9.1 Description: An issue has been discovered in GitLab EE. If a group with SAML SSO enabled is transferred to a new namespace as...
CVE-2020-13282
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...
CVE-2020-13282
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...
CVE-2020-13282
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...
Improper access control
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...
UBUNTU-CVE-2020-13282
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...
CVE-2020-13282
CVE-2020-13282 affects GitLab prior to 13.0.12, 13.1.6, and 13.2.3. After a group transfer, users who were members of a parent group retain their access level on the (child) subgroup, causing improper access control. The description and connected sources (NVD, OSV, CVE lists, and vendor/Nessus re...
CVE-2020-13282
Removed by vendor...
GitLab: Transferring a public group to a private group doesn't remove code from the Elastichsearch API search result
Summary When a public group with public projects is transferred to a private group, the code and the wiki of the public project, although now should be private, it is still reachable through search APIs. I set the severity as "medium" and not "high", because any new action over the project issues...