68 matches found
Improper Input Validation
gitlab is vulnerable to Improper Input Validation. The vulnerability exists because the Gitlab's Slack integration is incorrectly validate the user input, which allows an attacker to send maliciously crafted URLs...
PT-2023-10698 · Slack +1 · Slack +2
Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x through 11.2.3, 11.3.x through 11.3.0 Description: The issue is related to Cross Site Request Forgery CSRF in the Slack integration for issuing slash commands. This...
CVE-2018-17451
CVE-2018-17451 affects GitLab Community and Enterprise Edition. It is a CSRF flaw in the Slack integration used for issuing slash commands, present in versions before 11.1.7 (11.1.x), 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The CVSSv3.1 base score is 8.8 (HIGH). Affected component: Slack ...
GitLab 跨站请求伪造漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from cross-site request...
CVE-2018-17451
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery CSRF in the Slack integration for issuing slash commands...
How to Accelerate Your SOAR Program to Full Speed in Less Than a Year
Every new technology comes with a learning curve specific to your organization. First you learn the basics, then you accelerate. Rapid7’s offerings are no different. As a Senior Information Security Engineer at Brooks, I have firsthand experience with this process. I oversaw the implementation of...
GitLab < 14.4.5 (CVE-2022-0124)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and...
CVE-2022-0124
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...
CVE-2022-0124
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...
UBUNTU-CVE-2022-0124
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...
CVE-2022-0124
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...
CVE-2022-0124
Removed by vendor...
CVE-2022-0124
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...
PT-2022-12978 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.1 Description: An issue has been discovered where GitLab's Slack integration is incorrectly validating user input, allowing malicious UR...
FreeBSD : Gitlab -- Multiple Vulnerabilities (43f84437-73ab-11ec-a587-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43f84437-73ab-11ec-a587-001b217b3468 advisory. - Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of sta...
GHSA-553Q-HPVP-Q8PC Server-Side Request Forgery in snipe/snipe-it
Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration. This vulnerability is capable of port-scanning of the internal network, issue POST requests to web servers on the internal network whic...
Server-Side Request Forgery in snipe/snipe-it
Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration. This vulnerability is capable of port-scanning of the internal network, issue POST requests to web servers on the internal network whic...
Server-Side Request Forgery (SSRF)
snipe/snipe-it is vulnerable to server-side request forgery. An attacker can send requests on behalf of the server into the internal network via slack integration...
Server-Side Request Forgery (SSRF) in snipe/snipe-it
Description Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration Performing portscans 1: Go to Slack Integrations 2: Use http://127.0.0.1:1337 as the Slack Endpoint. See the error message:...
Improper Privilege Management in chatwoot/chatwoot
✍️ Description Privilege escalation bug to add slack integration by a agent 🕵️♂️ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . Now here user B cant add slack integration 2. Finally from user B account...