UBUNTU-CVE-2021-39875

In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint...

CVE-2021-39875

In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint...

CVE-2021-39875

Removed by vendor...

PT-2021-22722 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.6 and later Description: The issue allows an attacker to see pending invitations of any public group or public project by visiting a specific "API endpoint". Recommendations: For GitLab CE/EE versions 13.6 and later,...

GitLab 信息泄露漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

Reddit: Email Verification Bypass And Get access to user's private invitation.

Part 2 of my previous report : https://hackerone.com/reports/1225499 I am sending this report again because you closed my previous report. i posed new impact of this vulnerability in my previous report but i didn't get any reply. So i reported it again. First Vulnerability : Email verification...

BuddyPress < 9.1.1 - SQL Injections

The plugin was affected by SQL Injections via the BPNotificationsNotification::getorderbysql and BPInvitation::getorderbysql functions...

Apache Synapse 输入验证错误漏洞

Apache Synapse is a lightweight ESB Enterprise Service Bus from the Apache Foundation USA. A security vulnerability existed prior to Synapse version 1.28.0, which stemmed from the fact that requests to user-provided domains were not limited to external IP addresses when Synapse used transitional...

Matrix Synapse Input Validation Error Vulnerability

Matrix Synapse is an implementation of a matrix management server from the Matrix Foundation in the UK. A security vulnerability exists in Synapse that stems from a request to a user-provided domain being unrestricted by an external IP address when calculating key validity for third-party...

The vulnerability of the user interface of Cisco Webex Meetings Server and Cisco Webex Meetings software allows a perpetrator to insert hyperlinks into electronic invitations.

The vulnerability of the software user interfaces for Cisco Webex Meetings Server and Cisco Webex Meetings is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to insert hyperlinks into electronic invitations...

PT-2020-13446 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered in GitLab where project invitation links were not invalidated upon removing a user from a project...

MineTime Cross-Site Scripting Vulnerability

MineTime is an intuitive and smart calendar application. A cross-site scripting vulnerability exists in MineTime 1.8.5 and earlier versions that can be exploited by an attacker to execute code via the notes field in a meeting invitation...

CVE-2020-14215

Zulip Server before 2.1.5 has Incorrect Access Control because 0198preregistrationuserinvitedas adds the administrator role to invitations...

Information disclosure

Zulip Server before 2.1.5 has Incorrect Access Control because 0198preregistrationuserinvitedas adds the administrator role to invitations...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-35344)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.8.2, prior to 3.7.5, and prior to 3.6.7, which stems from the program's use of weak hashing algorithms for email invitations,...

CVE-2017-18917

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

CVE-2017-18917

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

CVE-2017-18917

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

CVE-2017-18917

Mattermost Server versions before 3.8.2, 3.7.5, and 3.6.7 are affected by an issue where weak hashing is used for e-mail invitations, OAuth, and e-mail verification tokens. Root cause: weak hashing for token-related processes. Impact details are not expanded in the provided documents beyond the t...