55 matches found
CVE-2023-51379
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...
CVE-2023-51380
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and...
Authorization
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...
Authorization
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and...
CVE-2023-51380
Summary: CVE-2023-51380 is an incorrect authorization vulnerability in GitHub Enterprise Server that allowed reading issue comments with an improperly scoped token. The issue affects all versions from 3.7 up to 3.11.x and is fixed by upgrading to 3.7.19, 3.8.12, 3.9.7, 3.10.4, or 3.11.1, respecti...
CVE-2023-51380 Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and...
PT-2023-31800 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.7 through 3.7.18 GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server...
PT-2023-31799 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.7 through 3.17.18 GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server...
GitHub: [PATs] Token with Read-Only permissions on Issues able to modify issue comments using content write permission
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token...
GitHub: [PATs] Ability to leak comments from issues without ANY "Issues" repo permissions by utilizing "Pull Request" permissions
An incorrect authorization vulnerability in GitHub Enterprise Server allowed issue comments to be read without proper permissions through improperly scoped tokens...
Denial Of Service (DoS)
gitlab is vulnerable to Denial Of Service DoS. An attacker can crash the application by using the math feature with a specific formula in issue comments...
CVE-2022-2155 A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role.
A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a...
CVE-2022-0489
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...
CVE-2022-0489
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...
Information disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...
UBUNTU-CVE-2022-0489
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...
CVE-2022-0489
Removed by vendor...
CVE-2022-0489
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...
PT-2022-13211 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.15 and later Description: An issue has been discovered in GitLab CE/EE that allows a Denial of Service DOS to be triggered by using the math feature with a specific formula in issue comments. Recommendations: For GitLa...
PT-2022-2256 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.3 through 14.7.6 GitLab CE/EE versions 14.8 through 14.8.4 GitLab CE/EE versions 14.9 through 14.9.1 Description: The issue is related to improper handling of user input, allowing an attacker to exploit a stored XSS by...