GitLab CE/EE - Information Disclosure

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...

Exposure Of Sensitive Information

github.com/rancher/rancher is vulnerable to Exposure of Sensitive Information. The vulnerability is due to sensitive data being written to Rancher audit logs, which allows an attacker with access to these logs to obtain secret data, cluster import URLs, and registration tokens...

CVE-2024-58269

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

CVE-2024-58269

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

CVE-2024-58269

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

CVE-2024-58269 Rancher exposes sensitive information through audit logs

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

CVE-2024-58269

CVE-2024-58269 affects Rancher Manager where sensitive data (secrets, cluster import URLs, registration tokens) can be exposed to anyone with access to Rancher audit logs. Root cause: leakage through audit logs containing full request/response bodies, including secrets annotated in Kubernetes obj...

CVE-2024-58269 Rancher exposes sensitive information through audit logs

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

Rancher 日志信息泄露漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations deploying containers in production environments. Rancher suffers from a log information disclosure vulnerability that stems from the exposure of sensitive information and...

SUSE CVE-2024-58269

A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs...

Rancher exposes sensitive information through audit logs

Impact Note: The exploitation of this issue requires that the malicious user have access to Rancher’s audit log storage. A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any enti...

Incorrect Authorization

gitlab is vulnerable to Incorrect Authorization. The vulnerability allows unauthorised users to steal runner registration tokens using the quick actions command...

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

Information disclosure

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

CVE-2022-0735

Removed by vendor...

New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances

Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 CVSS score: 5.3, the medium-severity flaw affects all version...