17 matches found
CVE-2019-12442
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...
EUVD-2023-23671
Malicious code in bioql PyPI...
CVE-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...
BIT-GITLAB-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. It is possible for an unauthorized authenticated user to add child epics linked to victim's epic in an unrelated group...
CVE-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...
CVE-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...
PT-2023-16970 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab where it was possible for an unauthorized user to add child epics linked to a victim's epic in an unrelated group...
CVE-2023-1417
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group...
CVE-2023-1417
CVE-2023-1417 affects GitLab versions 15.9 before 15.9.4 and 15.10 before 15.10.1. The issue allows an unauthorised user to add child epics linked to a victim’s epic in an unrelated group, implying a cross-group authorization flaw. The connected sources document the affected ranges and the nature...
GitLab 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-1417)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child...
GitLab: Attacker can create malicious child epics linked to a victim's epic in an unrelated group
A vulnerability existed in GitLab that allowed an attacker to create malicious child epics linked to a victim's epic in an unrelated group. The attacker could create the malicious child epics by referring to the victim's epic via the parentid. The vulnerability was due to the lack of proper acces...
CVE-2019-12442
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...
Cross site scripting
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...
CVE-2019-12442
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...
CVE-2019-12442
CVE-2019-12442 affects GitLab Enterprise Edition 11.7–11.11. The issue is a persistent cross-site scripting (XSS) vulnerability on child epics caused by lack of input validation and insufficient output encoding on the epic details page. This is detailed across multiple sources (GitLab advisories,...
CVE-2019-12442
Removed by vendor...