Lucene search
+L

23 matches found

snyk
snyk
added 2026/06/30 5:25 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...

9.2CVSS6AI score0.00546EPSS
Exploits0References2
snyk
snyk
added 2026/06/30 5:25 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...

9.2CVSS6AI score0.00546EPSS
Exploits0References2
euvd
euvd
added 2026/06/30 3:57 p.m.6 views

EUVD-2026-40358

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...

9.2CVSS6AI score0.00546EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/30 3:57 p.m.40 views

CVE-2026-58370 Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...

9.2CVSS0.00546EPSS
Exploits0References4
osv
osv
added 2026/06/30 3:57 p.m.3 views

CVE-2026-58370 Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...

9.2CVSS6.1AI score0.00546EPSS
Exploits0References7
snyk
snyk
added 2026/02/18 12:46 a.m.6 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the update-clawtributors.ts script. An attacker can execute arbitrary system commands by introducing a malicious commit author email that is processed and interpolat...

8.8CVSS6.1AI score0.01709EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.6 views

PT-2026-20369

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...

8.6CVSS5.8AI score0.01709EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/01/09 11:19 a.m.6 views

CVE-2021-22218

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...

4CVSS6.5AI score0.00463EPSS
Exploits0References1
github
github
added 2025/11/06 11:48 p.m.13 views

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00174EPSS
Exploits0References4Affected Software1
osv
osv
added 2025/11/06 11:48 p.m.8 views

GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00174EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-9391

Malicious code in bioql PyPI...

4CVSS3.7AI score0.01366EPSS
Exploits0References3
nessus
nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-22245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

4CVSS4.9AI score0.01366EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/22 8:47 p.m.6 views

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

4CVSS6.8AI score0.01366EPSS
Exploits0References1
nessus
nessus
added 2024/01/03 12:0 a.m.24 views

GitLab < 13.12.9 (CVE-2021-22245)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view CVE-2021-22245 Note that Nessus has not tested for...

4CVSS5AI score0.01366EPSS
Exploits0References4
osv
osv
added 2021/08/25 7:15 p.m.24 views

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

2.7CVSS6.2AI score0.01366EPSS
Exploits0References3
osv
osv
added 2021/08/25 7:15 p.m.6 views

UBUNTU-CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

2.7CVSS5.8AI score0.01366EPSS
Exploits0References5
cvelist
cvelist
added 2021/08/25 6:31 p.m.36 views

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

2.7CVSS3.6AI score0.01366EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2021/08/25 12:0 a.m.6 views

PT-2021-6754 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to the fixed version Description: The issue is related to improper validation of commit author in GitLab, allowing an attacker to make several pages in a project impossible to view. This can be exploited by a remot...

4CVSS3.5AI score0.01366EPSS
Exploits0References15
nessus
nessus
added 2021/06/03 12:0 a.m.30 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (5f52d646-c31f-11eb-8dcf-001b217b3468)

Gitlab reports : Stealing GitLab OAuth access tokens using XSLeaks in Safari Denial of service through recursive triggered pipelines Unauthenticated CI lint API may lead to information disclosure and SSRF Server-side DoS through rendering crafted Markdown documents Issue and merge request length...

7.7CVSS6.8AI score0.01058EPSS
Exploits0References3
freebsd
freebsd
added 2021/06/01 12:0 a.m.45 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Stealing GitLab OAuth access tokens using XSLeaks in Safari Denial of service through recursive triggered pipelines Unauthenticated CI lint API may lead to information disclosure and SSRF Server-side DoS through rendering crafted Markdown documents Issue and merge request length...

7.7CVSS1.4AI score0.01058EPSS
Exploits0References1
Rows per page
Query Builder