CVE-2023-5061 Missing Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

CVE-2023-5061

Removed by vendor...

CVE-2023-6839

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...

CVE-2023-6839

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...

Input validation

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...

CVE-2023-6839

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...

CVE-2023-6839

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...

CVE-2023-6839

CVE-2023-6839 affects WSO2 API Manager. The issue stems from improper error handling in a REST API resource, which can cause server-side errors to disclose an internal WSO2-specific package name in the HTTP response. Documented impacts indicate confidentiality exposure (information disclosed via ...

Named path parameters can be overridden in TrieRouter

Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matche...

GHSA-F6GV-HH8J-Q8VQ Named path parameters can be overridden in TrieRouter

Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matche...

PT-2023-31600 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.3 through 16.4.3 GitLab versions 16.5 through 16.5.3 GitLab versions 16.6 through 16.6.1 Description: An issue has been discovered in GitLab where, in certain situations, it may have been possible for developers to override...

CVE-2023-50710

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

Design/Logic Flaw

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

CVE-2023-50710

Summary: CVE-2023-50710 affects the Hono web framework (TypeScript). Before v3.11.7, when using TrieRouter, a client could override named path parameters from a previous request, potentially causing a privileged user to use unintended parameters when deleting REST API resources. The issue is miti...

CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

FreeBSD : Gitlab -- vulnerabilities (e2fb85ce-9a3c-11ee-af26-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e2fb85ce-9a3c-11ee-af26-001b217b3468 advisory. - Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's...

GitLab 9.3 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-5061)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain...

Gitlab -- vulnerabilities

Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...

CVE-2023-48430

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...