Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists in the Webhook feature in the library, which allows an attacker to cause an application crash...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows a project maintainer to access the DataDog integration API key from webhook logs resulting in disclosure of sensitive information...

Server Side Request Forgery (SSRF)

Description It is possible to access the local environment in the Webhook function. Therefore, Blind SSRF makes it possible to perform a port scan against the local environment. Proof of Concept After logging in, access the webhook setting page, specify the URL with the following pattern, and che...

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Plugin < 6.2 is vulnerable to Cross Site Scripting (XSS)

Software Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Type Plugin Vulnerable versions 6.2 Fixed in 6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer...

CVE-2023-3363

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

CVE-2023-3363

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

Information disclosure

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

UBUNTU-CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

UBUNTU-CVE-2023-3363

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

CVE-2023-2620 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

CVE-2023-2620

CVE-2023-2620 documents an issue in GitLab CE/EE where versions from 15.1 up to 15.11.10, 16.0 up to 16.0.6, and 16.1 up to 16.1.1 allow a maintainer to modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. The description indicates this is an incomplete fix f...

CVE-2023-2620

Removed by vendor...

CVE-2023-3363

CVE-2023-3363 describes an information disclosure in GitLab CE/EE where Sidekiq logs could expose webhook tokens when the log format is set to default. Affected ranges include all 13.6.x versions before 15.11.10, all 16.0.x before 16.0.6, and all 16.1.x before 16.1.1. The root cause is related to...

CVE-2023-3363 Insertion of Sensitive Information into Log File in GitLab

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

CVE-2023-3363

Removed by vendor...

PT-2023-20540 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 15.11.9 GitLab CE/EE versions 16.0 through 16.0.5 GitLab CE/EE versions 16.1 through 16.1.0 Description: An issue has been discovered that allows a maintainer to modify a webhook URL and leak masked webhook...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in Gitlab CE/EE, which stems from the fact tha...

GitLab 日志信息泄露漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in Gitlab CE/EE, which stems from the presence ...