CVE-2021-22252

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. A branch/tag name confusion allows an attacker to manipulate pages where the content of the default branch would be expected...

SUSE CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

Design/Logic Flaw

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected...

CVE-2022-3288

GitLab CVE-2022-3288 affects GitLab CE/EE; a branch/tag name confusion allows manipulation of pages where the default-branch content is expected. Affected versions: <15.2.5, <15.3.4, and

CVE-2022-3288

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected...

GitLab < 15.2.5 (CVE-2022-3288)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the defau...

DEBIAN-CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

UBUNTU-CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

PT-2021-6602 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7 and later Description: The issue is related to a confusion between tag and branch names in GitLab, allowing a remote attacker to access confidential data. Specifically, it enables a Developer to access protected CI...

Security Vulnerabilities fixed in Thunderbird 68.5 — Mozilla

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stor...