PT-2022-15918 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.0.5 GitLab CE/EE versions 15.1 prior to 15.1.4 GitLab CE/EE versions 15.2 prior to 15.2.1 Description: An issue has been discovered that may allow access to a private project through an email invite by using...

GitLab 0.0 < 15.0.5 / 15.1 < 15.1.4 / 15.2 < 15.2.1 (CVE-2022-2326)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to...

Gitlab -- multiple vulnerabilities

Gitlab reports: Revoke access to confidential notes todos Pipeline subscriptions trigger new pipelines with the wrong author Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email Import via git protocol allows to...

MAL-2022-174 Malicious code in @cobalt-team/multi-invite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e37ea81ad98e89c5f266cfa910ba2604c209fb890e8da13de13eb33951c1948e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @cobalt-team/multi-invite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e37ea81ad98e89c5f266cfa910ba2604c209fb890e8da13de13eb33951c1948e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-1981

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintaine...

UBUNTU-CVE-2022-1981

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintaine...

Information disclosure

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintaine...

PT-2022-14233 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.2 through 14.10.5 GitLab EE versions 15.0 through 15.0.4 GitLab EE versions 15.1 through 15.1.1 Description: An issue has been discovered in GitLab EE where the domain allow-list can be bypassed. This occurs when a group...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2022-31052 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-31052 Source advisory: OSV:GHSA-22P3-QRH9-CX32...

Discourse < 2.8.5 Information Disclosure Vulnerability

Discourse is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-31096

Discourse (open source discussion platform) has a vulnerability where a logged-in user can redeem an invite with an email that doesn’t match the invite or violates the invite’s email domain restriction, potentially leading to viewing content restricted to certain groups. The issue is worsened whe...

CVE-2022-31096 Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite h...

CVE-2022-31096 Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite h...

PT-2022-20524 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse affected versions not specified Description: The issue allows a logged-in user to redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. This...

CVE-2022-31025 Invite bypasses user approval in Discourse

Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved...

PT-2022-20469

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2.8.4 on the stable branch Discourse versions prior to 2.9.0beta5 on the beta and tests-passed branches Description The issue affects Discourse, an open source platform for community discussion. Inviting users on...

Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command

An issue was discovered in Mattermost Server before 5.1.0. It allows attackers to cause a denial of service via the invitepeople slash command...

GHSA-5MH6-P63G-3MV5 Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command

An issue was discovered in Mattermost Server before 5.1.0. It allows attackers to cause a denial of service via the invitepeople slash command...

GHSA-JWFV-5HWQ-F97R Mattermost Server exposes team invite IDs through API endpoints

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...