Lucene search
K

68 matches found

Veracode
Veracode
added 2023/08/06 9:2 p.m.13 views

Improper Input Validation

gitlab is vulnerable to Improper Input Validation. The vulnerability exists because the Gitlab's Slack integration is incorrectly validate the user input, which allows an attacker to send maliciously crafted URLs...

4.3CVSS6.8AI score0.00974EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/15 12:0 a.m.6 views

PT-2023-10698 · Slack +1 · Slack +2

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x through 11.2.3, 11.3.x through 11.3.0 Description: The issue is related to Cross Site Request Forgery CSRF in the Slack integration for issuing slash commands. This...

8.8CVSS8.6AI score0.00316EPSS
Exploits0References6
CVE
CVE
added 2023/04/15 12:0 a.m.65 views

CVE-2018-17451

CVE-2018-17451 affects GitLab Community and Enterprise Edition. It is a CSRF flaw in the Slack integration used for issuing slash commands, present in versions before 11.1.7 (11.1.x), 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The CVSSv3.1 base score is 8.8 (HIGH). Affected component: Slack ...

8.8CVSS8.6AI score0.00316EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.7 views

GitLab 跨站请求伪造漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from cross-site request...

8.8CVSS7.7AI score0.00316EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/15 12:0 a.m.6 views

CVE-2018-17451

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery CSRF in the Slack integration for issuing slash commands...

8.7AI score0.00316EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2022/09/21 2:37 p.m.18 views

How to Accelerate Your SOAR Program to Full Speed in Less Than a Year

Every new technology comes with a learning curve specific to your organization. First you learn the basics, then you accelerate. Rapid7’s offerings are no different. As a Senior Information Security Engineer at Brooks, I have firsthand experience with this process. I oversaw the implementation of...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.29 views

GitLab < 14.4.5 (CVE-2022-0124)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and...

4.3CVSS5.1AI score0.00974EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/01/18 5:15 p.m.8 views

CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...

4.3CVSS5.3AI score0.00974EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/01/18 5:15 p.m.18 views

CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...

4.3CVSS0.00974EPSS
Exploits0References3
OSV
OSV
added 2022/01/18 5:15 p.m.1 views

UBUNTU-CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...

4.3CVSS5.7AI score0.00974EPSS
Exploits0References5
OSV
OSV
added 2022/01/18 4:52 p.m.16 views

CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...

4.3CVSS6.5AI score0.00974EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/01/18 4:52 p.m.15 views

CVE-2022-0124

Removed by vendor...

4.3CVSS5.8AI score0.00974EPSS
Exploits0
Cvelist
Cvelist
added 2022/01/18 4:52 p.m.21 views

CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...

4.3CVSS5.1AI score0.00974EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.2 views

PT-2022-12978 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.1 Description: An issue has been discovered where GitLab's Slack integration is incorrectly validating user input, allowing malicious UR...

4.3CVSS4.4AI score0.00974EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2022/01/13 12:0 a.m.59 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (43f84437-73ab-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43f84437-73ab-11ec-a587-001b217b3468 advisory. - Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of sta...

8.7CVSS6.2AI score0.01449EPSS
Exploits1References13
OSV
OSV
added 2021/12/10 8:22 p.m.21 views

GHSA-553Q-HPVP-Q8PC Server-Side Request Forgery in snipe/snipe-it

Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration. This vulnerability is capable of port-scanning of the internal network, issue POST requests to web servers on the internal network whic...

7.2CVSS6.8AI score0.00893EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/12/10 8:22 p.m.28 views

Server-Side Request Forgery in snipe/snipe-it

Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration. This vulnerability is capable of port-scanning of the internal network, issue POST requests to web servers on the internal network whic...

7.2CVSS4AI score0.00893EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/12/07 4:1 a.m.10 views

Server-Side Request Forgery (SSRF)

snipe/snipe-it is vulnerable to server-side request forgery. An attacker can send requests on behalf of the server into the internal network via slack integration...

7.2CVSS4.5AI score0.00893EPSS
Exploits1References3
Huntr
Huntr
added 2021/12/05 6:0 p.m.24 views

Server-Side Request Forgery (SSRF) in snipe/snipe-it

Description Admin users on the external network can perform blind POST-based SSRF issue requests on behalf of the server into the internal network via the Slack Integration Performing portscans 1: Go to Slack Integrations 2: Use http://127.0.0.1:1337 as the Slack Endpoint. See the error message:...

6.5CVSS5.2AI score0.00893EPSS
Exploits1References1
Huntr
Huntr
added 2021/05/06 5:27 p.m.10 views

Improper Privilege Management in chatwoot/chatwoot

✍️ Description Privilege escalation bug to add slack integration by a agent 🕵️‍♂️ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . Now here user B cant add slack integration 2. Finally from user B account...

1.2AI score
Exploits0
Rows per page
Query Builder