GitLab < 15.7.8 (SECURITY-RELEASE-GITLAB-15-9-2-RELEASED)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A speciall...

CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

PT-2023-20540 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 15.11.9 GitLab CE/EE versions 16.0 through 16.0.5 GitLab CE/EE versions 16.1 through 16.1.0 Description: An issue has been discovered that allows a maintainer to modify a webhook URL and leak masked webhook...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in Gitlab CE/EE, which stems from the fact tha...

GitLab 15.1 < 15.11.10 / 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-2620)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer...

Malicious Package

Overview Coinbase.Core is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it. It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed. Indicator...

CVE-2022-4462

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API respons...

CVE-2022-4462

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API respons...

PT-2023-14519 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.8 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 Description: The issue could allow a user to unmask the Discord Webhook URL through viewing the raw API response. Recommendations: For...

UBUNTU-CVE-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

PT-2023-13824 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.3 through 15.4.5 GitLab versions 15.5 through 15.5.4 GitLab versions 15.6 through 15.6.0 Description: An issue has been discovered in GitLab where a project maintainer could leak a webhook secret token by changing the webhoo...

PT-2023-14198 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2 Description: A malicious Maintainer can leak masked webhook secrets by changing the target URL of the webhook...

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from the fact tha...

CVE-2020-4719

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861...

Authorization

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861...

CVE-2019-10459

CVE-2019-10459 affects Jenkins Mattermost Notification Plugin ≤ 2.7.0. The vulnerability stems from webhook URLs containing a secret token being stored unencrypted in the plugin’s global configuration and in job config.xml on the Jenkins master, enabling disclosure by users with Extended Read per...

CVE-2012-5551

Multiple cross-site scripting XSS vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 a predictable "webhook URL key" and 2 improper sanitization of "Webhook variables from POST requests."...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 a predictable "webhook URL key" and 2 improper sanitization of "Webhook variables from POST requests."...