Lucene search
K

70 matches found

Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.634 views

PrusaSlicer 2.6.1 Arbitrary Code Execution

Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Date: 16/01/2024 Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and...

7.4AI score0.0072EPSS
Exploits4
Veracode
Veracode
added 2023/12/26 1:51 p.m.16 views

Improper Access Control

Gitlab is vulnerable to Improper Access Control. The vulnerability is caused due to a missing permission validation for a user while accessing git lab project dependencies. A user can access composer packages on public projects that have package registry disabled in the project settings...

4.3CVSS7AI score0.00456EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/01 7:2 a.m.4 views

CVE-2023-3964 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disable...

4.3CVSS6.4AI score0.00456EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/07 12:16 a.m.24 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the Google IAP details in Prometheus integration are not properly hidden, which leads to the leak of project settings, instance and group details to other users...

6.4CVSS6.8AI score0.0069EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2023/08/06 11:12 p.m.22 views

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the project settings page, allowing an attacker to inject and execute malicious javascript...

8.1CVSS6.6AI score0.5624EPSS
Exploits0References4Affected Software1
Atlassian
Atlassian
added 2023/06/02 10:22 a.m.28 views

Granting the 'Administer Projects' permission to a 'Custom Field' within a permission scheme allows all users to see the Project Settings

h3. Issue Summary This is reproducible on Data Center: yes Granting the Administer Projects permission to a User custom field value results in users having access to the Project Settings area even when the field is not populated. h3. Steps to Reproduce Create a new project with sample data Create...

6.7AI score
Exploits0Affected Software1
Huntr
Huntr
added 2023/03/23 10:39 a.m.13 views

ProjectID is disclosed and can be used for IDOR attack

I find that we click "Settings" button, we can see all the project, even the login user does not belong to the project. Using burpsuit to hijack the reqeust, we can obtain project ids. We can use projectid to perform IDOR attack. 1 create two projects: project1 and project2, and their admin is...

2.8CVSS6.8AI score0.0067EPSS
Exploits1
Prion
Prion
added 2023/03/09 9:15 p.m.18 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is...

5CVSS5.2AI score0.00786EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/09 9:15 p.m.33 views

CVE-2023-0223

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is...

5.3CVSS6AI score0.00786EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/03/09 12:0 a.m.45 views

CVE-2022-4289

An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...

6.4CVSS6.6AI score0.0069EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/09 12:0 a.m.4 views

PT-2023-14158 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.3 through 15.7.7 GitLab versions 15.8.0 through 15.8.3 GitLab versions 15.9.0 through 15.9.1 Description: An issue has been discovered in GitLab where Google IAP details in Prometheus integration were not hidden and could b...

6.4CVSS6.5AI score0.0069EPSS
Exploits0References14
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.20 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from unhidden Google IAP...

6.4CVSS5.6AI score0.0069EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/07/11 12:0 a.m.32 views

GitLab 14.4 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-2230)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an...

8.1CVSS6.8AI score0.5624EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/01 4:15 p.m.2 views

CVE-2022-2230

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf...

8.1CVSS7AI score0.5624EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/07/01 4:15 p.m.2 views

UBUNTU-CVE-2022-2230

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf...

8.1CVSS6.1AI score0.5624EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/07/01 12:0 a.m.7 views

PT-2022-15342 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.4 through 14.10.4 GitLab CE/EE versions 15.0 through 15.0.3 GitLab CE/EE versions 15.1 through 15.1.0 Description: A Stored Cross-Site Scripting issue in the project settings page allows an attacker to execute arbitra...

8.1CVSS5.7AI score0.5624EPSS
Exploits0References11
Atlassian
Atlassian
added 2022/06/24 9:55 a.m.30 views

REST API falsely updates Project Category without necessary permissions

panel:bgColor=e7f4fa NOTE: This is for JIRA Server and JIRA Data Center . panel h3. Issue Summary A User with Project Administrator permissions is able to update the Project Category via REST API. But in the Jira UI only a Jira Administrator is allowed to update the Project Category. h3. Steps to...

0.1AI score
Exploits0Affected Software1
Gitee
Gitee
added 2022/01/10 4:38 p.m.17 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This is a Java project for a web application that uses the Log4j library. The project is a practice environment for testing and learning about the Log4j vulnerability CVE-2021-44228. The project includes a Maven project settings file, a Java class file, and a Log4j configuration file. The Log4j...

10CVSS8.1AI score0.99999EPSS
Exploits351
Prion
Prion
added 2021/12/08 4:15 a.m.14 views

Authentication flaw

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. T...

5CVSS7.4AI score0.00836EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/11/09 3:15 p.m.23 views

CVE-2021-43201

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project...

5.3CVSS0.00685EPSS
Exploits0References1
Rows per page
Query Builder