CVE-2023-4812

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...

EUVD-2020-5608

Malware in sbrugna...

EUVD-2021-26265

Malware in sbrugna...

EUVD-2023-58949

Malicious code in bioql PyPI...

EUVD-2023-34054

Malicious code in bioql PyPI...

EUVD-2024-16205

Malicious code in bioql PyPI...

EUVD-2023-54656

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-6736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions...

Linux Distros Unpatched Vulnerability : CVE-2023-2576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all...

Linux Distros Unpatched Vulnerability : CVE-2024-0199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An...

CVE-2023-6736

An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content...

CVE-2023-2576

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...

CVE-2021-39909

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval...

CVE-2020-13348

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are =10.2, =13.4, =13.5, 13.5.2...

CVE-2024-0199

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions...

CVE-2024-0410

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...

Malicious code in check-codeowners (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 946e4f02e3bc9fafb3561655eaaf71128a7a37469e09460b0b9f3f204e850185 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-11556 Malicious code in check-codeowners (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 946e4f02e3bc9fafb3561655eaaf71128a7a37469e09460b0b9f3f204e850185 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

GitLab 10.2 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-13348)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions...

BIT-GITLAB-2024-0199 Incorrect Authorization in GitLab

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions...