UBUNTU-CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

Design/Logic Flaw

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

CVE-2022-3726

GitLab CVE-2022-3726 affects GitLab CE/EE, with no sandboxing of OpenAPI/Swagger viewer. Affected versions are 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. The vulnerability allows an attacker to trick a user into clicking the Swagger OpenAPI viewer, causing HTTP requests...

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

CVE-2022-3726

Removed by vendor...

PT-2022-23901 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.3 GitLab CE/EE versions 15.5 through 15.5.1 Description: The issue is related to the lack of sand-boxing of OpenAPI documents in GitLab CE/EE, which allows an...

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

GitLab 12.6 < 15.3.5 / 15.4 < 15.4.4 / 15.5 < 15.5.2 (CVE-2022-3726)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from its lack of...

PT-2022-6667 · Cisco · Cisco Secure Workload

Name of the Vulnerable Software and Affected Versions: Cisco Secure Workload affected versions not specified Description: A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should...

CATS - REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints

REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive : tests are generated automatically based on a large number scenarios and cover every field and header Intelligent : tests are generated based on data types and...

Security Bulletin: Spoofing vulnerability affect IBM Business Automation Workflow - Process Federation Server component - CVE-2018-25013

Summary Process Federation Server shipped with IBM Business Automation Workflow are vulnerable to a Spoofing attack. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL...

Fedora: Security Advisory for golang-github-deepmap-oapi-codegen (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-k8s-kube-openapi (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-googleapis-gnostic (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-k8s-kube-openapi-0-0.22.20210813git3c81807.fc36

Kubernetes OpenAPI spec generation & serving...

[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-7.fc36

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

[SECURITY] Fedora 36 Update: golang-github-deepmap-oapi-codegen-1.8.2-4.fc36

Generate Go client and server boilerplate from OpenAPI 3 specifications...

Fedora: Security Advisory for golang-k8s-kube-openapi (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...