Lucene search
K

305 matches found

CNVD
CNVD
added 2019/07/10 12:0 a.m.4 views

GitLab Information Disclosure Vulnerability (CNVD-2020-22022)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Community and...

4.3CVSS6.4AI score0.00964EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/07/03 12:0 a.m.153 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Ability to Write a Note to a Private Snippet Recent Pipeline Information Disclosed to Unauthorised Users Resource Exhaustion Attack Error Caused by Encoded Characters in Comments Authorization Issues in GraphQL Number of Merge Requests was Accessible Enabling One of the Service...

7.5CVSS2AI score0.01403EPSS
Exploits0References1
OSV
OSV
added 2019/05/17 4:29 p.m.17 views

CVE-2019-6790

An Incorrect Access Control issue 2 of 3 issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests...

4.3CVSS6.4AI score0.00839EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/05/17 4:29 p.m.28 views

CVE-2019-6790

An Incorrect Access Control issue 2 of 3 issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests...

4.3CVSS6.3AI score0.00839EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/05/17 3:53 p.m.27 views

CVE-2019-6790

Removed by vendor...

4.3CVSS6.1AI score0.00839EPSS
Exploits0
Cvelist
Cvelist
added 2019/05/17 3:53 p.m.22 views

CVE-2019-6790

An Incorrect Access Control issue 2 of 3 issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests...

5.3AI score0.00839EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/04/04 2:31 p.m.18 views

GitLab: Bypassing push rules via MRs created by Email

Hi GitLab Security Team, GitLab EE has the feature of so-called push rules. An administrator, or more fine-grained per project, the owner can create certain push rules. The goal of these push rules is avoiding to push certain commits to the repository, which violate one of the push rules. If a...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/02/16 7:34 a.m.34 views

GitLab: Persistent XSS via e-mail when creating merge requests

Summary: The vulnerability consists in the ability to create branch names that contain characters such as /. This branch name is sent via e-mail which is rendered as HTML. Description: One way to exploit this is by forking a repository. Then an attacker would create a branch called alert1 and mak...

3.5CVSS5.3AI score0.00789EPSS
Exploits1
Hacker One
Hacker One
added 2018/11/18 3:13 a.m.27 views

GitLab: Exfiltrate and mutate repository and project data through injected templated service

The GitLab import feature contains a vulnerability that allows an attacker to import a project that creates a service template. Service templates can normally only be created by a GitLab instance Administrator. When a new project is created, service templates are automatically initialized for the...

0.6AI score
Exploits0
NVD
NVD
added 2018/04/05 2:29 p.m.18 views

CVE-2018-9243

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting specifically, filenames in changes tabs of merge requests. This is fixed in 10.6.3, 10.5.7, and 10.4.7...

6.1CVSS5.7AI score0.01002EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2018/04/05 2:29 p.m.27 views

CVE-2018-9243

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting specifically, filenames in changes tabs of merge requests. This is fixed in 10.6.3, 10.5.7, and 10.4.7...

6.1CVSS5.6AI score0.01002EPSS
Exploits1References2
CNVD
CNVD
added 2018/03/23 12:0 a.m.5 views

GitLab Authorization Bypass Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository , which has features similar to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition CE is...

4.3CVSS6.7AI score0.00904EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/30 12:0 a.m.6 views

GitLab Design Vulnerabilities

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing a project's file contents, commit history, bug lists, and more. There is a security...

8.2CVSS6.9AI score0.02403EPSS
Exploits1References1
OSV
OSV
added 2017/03/28 2:59 a.m.7 views

CVE-2016-9469

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix...

8.2CVSS5.6AI score0.02403EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2017/03/28 2:59 a.m.36 views

CVE-2017-0882

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC...

6.3CVSS6.6AI score0.01057EPSS
Exploits2References3
OSV
OSV
added 2017/03/28 2:59 a.m.4 views

UBUNTU-CVE-2016-9469

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix...

8.2CVSS7.2AI score0.02403EPSS
Exploits1References4
Hacker One
Hacker One
added 2017/03/27 4:26 p.m.24 views

GitLab: Unfiltered `class` attribute in markdown code

This affects merge request/issue comments and probably other parts of the user interface. I am demonstrating PoCs on GitLab.com itself, as they don't affect anything outside of my test repo, which is private. It could be used to execute some js actions by contructing content that uses the...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2017/01/01 8:46 p.m.16 views

GitLab: Users with guest access can post notes to private merge requests, issues, and snippets

Vulnerability details A user with guest access to a group / project can post notes to private merge requests, issues, and snippets. Impact It seems it only allows an attacker to post notes to objects that the user doesn't have access to. I tried creating notes with slash commands, but unfortunate...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/08/16 12:0 a.m.40 views

CentOS Update for httpd CESA-2013:1156 centos6

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:1156 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

4.3CVSS7.1AI score0.29484EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2013/08/16 12:0 a.m.38 views

CentOS Update for httpd CESA-2013:1156 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.8AI score0.29484EPSS
Exploits3References2
Rows per page
Query Builder