10 matches found
EUVD-2024-49397
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-8754
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper inp...
CVE-2024-8754
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...
BIT-GITLAB-2024-8754 External Control of Critical State Data in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...
CVE-2024-8754
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...
UBUNTU-CVE-2024-8754
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...
CVE-2024-8754
GitLab CVE-2024-8754 affects GitLab EE/CE versions 16.9.7–16.9.x, 17.1.x, 17.2.x, and 17.3.x prior to patch releases. The issue is an improper input validation that allows account squatting by linking arbitrary unclaimed provider identities when JWT authentication is enabled. Affected versions re...
CVE-2024-8754 External Control of Critical State Data in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is...
CVE-2024-8754
Removed by vendor...
GitLab 16.9.7 < 17.1.7 / 17.2 < 17.2.5 / 17.3 < 17.3.2 (CVE-2024-8754)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to...