83 matches found
CVE-2022-4054
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...
MAL-2025-191763 Malicious code in hyper-request (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d6431cc277fd1d8f82ec5160b5943d5ee9ec08ca1a5c5ff9b1b45d67c233b1d2 The only functionality is to exfiltrated Roblox cookies. However, the current version does not contain the webhook url yet see reqhandler.py --- Category:...
Stripo Inc: [my.stripo.email] Blind SSRF Vulnerability in Stripo App Export via Missing Endpoints Export Email Message to Zapier
A critical Blind SSRF Server-Side Request Forgery vulnerability was identified in the export service of the Stripo app. The vulnerability existed in the endpoint /exportservice/v3/exports/WEBHOOK/accounts, where malicious input could be provided in the webhookUrl parameter, triggering SSRF and...
BIT-GITLAB-2023-0838
An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...
GitLab < 15.7.8 (SECURITY-RELEASE-GITLAB-15-9-2-RELEASED)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A speciall...
CVE-2023-2620
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...
PT-2023-20540 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 15.11.9 GitLab CE/EE versions 16.0 through 16.0.5 GitLab CE/EE versions 16.1 through 16.1.0 Description: An issue has been discovered that allows a maintainer to modify a webhook URL and leak masked webhook...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in Gitlab CE/EE, which stems from the fact tha...
GitLab 15.1 < 15.11.10 / 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-2620)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer...
Malicious Package
Overview Coinbase.Core is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it. It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed. Indicator...
CVE-2022-4462
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API respons...
PT-2023-14519 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.8 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 Description: The issue could allow a user to unmask the Discord Webhook URL through viewing the raw API response. Recommendations: For...
CVE-2022-4462
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API respons...
UBUNTU-CVE-2022-4054
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...
PT-2023-13824 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 9.3 through 15.4.5 GitLab versions 15.5 through 15.5.4 GitLab versions 15.6 through 15.6.0 Description: An issue has been discovered in GitLab where a project maintainer could leak a webhook secret token by changing the webhoo...
PT-2023-14198 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2 Description: A malicious Maintainer can leak masked webhook secrets by changing the target URL of the webhook...
GitLab CE/EE 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from the fact tha...
CVE-2020-4719
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861...
Authorization
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861...