EUVD-2025-203399

A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...

iceScrum 安全漏洞

iceScrum is a project management software from the French company iceScrum. A security vulnerability exists in iceScrum version v7.54, which stems from a Zip Slip vulnerability in the Import Project component that could lead to the execution of arbitrary code...

CVE-2025-60786

A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2025-60786

CVE-2025-60786 describes a Zip Slip vulnerability in the iceScrum v7.54 Pro On-prem system, affecting the Import a Project component. It allows an attacker to execute arbitrary code by uploading a crafted ZIP file. The available documents provide the affected product, version, and vulnerable comp...

EUVD-2006-4225

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-2069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions...

CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

CVE-2024-5899 Improper trust check in Bazel Build intellij plugin

When Bazel Plugin in intellij imports a project either using "import project" or "Auto import" the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance.createProject. This...

CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

UBUNTU-CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

PT-2023-17555 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.0 through 12.9.7 GitLab versions 12.10 through 12.10.6 GitLab versions 13.0 through 13.0.0 Description: An issue has been discovered in GitLab where a user with the role of developer could use the import project feature to...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that a us...

CVE-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

CVE-2023-2069

Removed by vendor...

GitLab 10.0 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2023-2069)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user...

Input validation

Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply...

FreeBSD : Gitlab -- Multiple Vulnerabilities (43f84437-73ab-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43f84437-73ab-11ec-a587-001b217b3468 advisory. - Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of sta...