PT-2021-22744 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.6 and later Description: The issue allows a project export to leak the external webhook token value, potentially granting access to the project it was exported from. Recommendations: For GitLab CE/EE versions 10.6 and...

GitLab Information Disclosure Vulnerability (CNVD-2021-91179)

GitLab is a self-hosted Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an information disclosure vulnerability that stems from the fact that project exports can reveal external webhook token values, which can be...

GitLab Access Control Error Vulnerability (CNVD-2021-91187)

GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which stems...

FreeBSD : Gitlab -- Multiple Vulnerabilities (33557582-3958-11ec-90ba-001b217b3468)

Gitlab reports : Stored XSS via ipynb files Pipeline schedules on imported projects can be set to automatically active after import Potential Denial of service via Workhorse Improper Access Control allows Merge Request creator to bypass locked status Projects API discloses ID and name of private...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which stems...

GitLab 信息泄露漏洞

GitLab is a self-hosted Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an information disclosure vulnerability that stems from the fact that project exports can reveal external webhook token values, which can be...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Stored XSS via ipynb files Pipeline schedules on imported projects can be set to automatically active after import Potential Denial of service via Workhorse Improper Access Control allows Merge Request creator to bypass locked status Projects API discloses ID and name of private...

OESA-2021-1373 kubernetes security update

Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not...

Information Disclosure

github.com/kubernetes/kubernetes is vulnerable to information disclosure and malicious redirection. If --profiling is enabled on the kube-apiserver, an attacker with a control over a validating or mutating webhook are able to access the kube-apiserver process logs and are able to redirect...

DEBIAN-CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

UBUNTU-CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

CVE-2020-8561 Webhook redirect in kube-apiserver

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

DEBIAN-CVE-2021-25735

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...

CVE-2021-25735

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...

CVE-2021-25735

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...

CVE-2021-25735

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...

Design/Logic Flaw

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...

UBUNTU-CVE-2021-25735

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...

CVE-2021-25735

CVE-2021-25735 affects kube-apiserver and can allow node updates to bypass a Validating Admission Webhook for Nodes that deny admission based on the old state of the Node object. The Validating Admission Webhook may fail to observe some previous fields, enabling bypass when the webhook’s decision...

CVE-2021-25735 Validating Admission Webhook does not observe some previous fields

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...