GitLab 13.7 < 13.12.9 / 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22252)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...

GitLab 12.0 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-2228)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI...

Potential Actions command injection in output filenames (GHSL-2023-275)

Summary The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The verify-changed-files workflow returns the list of files changed within a workflow execution. This could...

GHSA-2X7R-93WW-CXRQ Winter CMS Local File Inclusion through Server Side Template Injection

Impact Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. By default, only th...

Stack overflow

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables...

CVE-2023-6693

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtionetflushtx function if guest features VIRTIONETFHASHREPORT, VIRTIOFVERSION1 and VIRTIONETFMRGRXBUF are enabled. This could allow a malicious user to overwrite local variables...

Information Disclosure

GitLab EE is vulnerable to Information Disclosure.The vulnerability is caused due to improper authorization. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates...

The vulnerability of the Incognito mode in Mozilla Firefox and Firefox ESR browsers relates to the use of uninitialized variables, which allows a hacker to disclose protected information.

The vulnerability of the Incognito mode in Mozilla Firefox and Firefox ESR browsers is related to the use of uninitialized variables. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

Improper Access Control

apacheairflow is vulnerable to Improper Access Control. The vulnerability is due to the variablesimport function within variablecommand.py and the varimport function within views.py. These functions lack permission checks and have inadequate handling of existing variables during imports, allowing...

Apache Airflow 访问控制错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions prior to 2.8.0,...

Buffer Overwrite

vyper is vulnerable to Buffer Overwrite. The vulnerability exists due to an incorrect calculation for storage slots containing large arrays which allows an attacker to overwrite storage variables exceeding the allocated space...

CVE-2023-5061

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

CVE-2023-5061

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

UBUNTU-CVE-2023-5061

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

CVE-2023-5061 Missing Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

CVE-2023-5061

Removed by vendor...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that under...

PT-2023-31600 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.3 through 16.4.3 GitLab versions 16.5 through 16.5.3 GitLab versions 16.6 through 16.6.1 Description: An issue has been discovered in GitLab where, in certain situations, it may have been possible for developers to override...

Sensitive Information Disclosure

laf-client-sdk is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to directly inserting env variables into the the template while constructing the deployment instance of the app. Sensitive information in the secret and configmap can be read through the k8s envFrom...