85 matches found
Gitlab -- vulnerabilities
Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of Service issue in container registry impacts GitLab CE/EE Denial of Service issue in Jira events endpoint impacts GitLab CE/EE Regular Expression Denial of Service issue in GitLab merge requests impacts...
EUVD-2020-5558
Malware in sbrugna...
EUVD-2022-34545
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2270
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions...
Linux Distros Unpatched Vulnerability : CVE-2020-13298
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied...
CVE-2022-2270
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...
CVE-2020-13298
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure...
barbarian (>=0.1.0 <=0.3.0), bincrafters-remove-outdated (=0.5.0) +47 more potentially affected by unknown CVE via conan (>=2.0.0b10 <=2.8.1)
conan PYPI version =2.0.0b10, =0.1.0, =1.0.5, =0.1.0, =0.1.0, =0.1.0, =2.2.0, =0.36.0, =0.1.0, =0.1.0, =0.0.1, =0.1.0a1, =0.1.0, =2.3.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-CONAN-8400482...
Improper Authorization
Overview conan is a Conan C/C++ package manager Affected versions of this package are vulnerable to Improper Authorization in the server's authorization mechanism, by the checkreadconan, checkwriteconan, and checkdeleteconan methods in the authorize function, as well as via authentication checks ...
gitea -- multiple issues
Problem Description: Replace v-html with v-text in search inputbox Fix nuget/conan/container packages upload bugs...
FreeBSD : forgejo -- The scope of application tokens was not verified when writing containers or Conan packages. (eb437e17-66a1-11ef-ac08-75165d18d8d2)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb437e17-66a1-11ef-ac08-75165d18d8d2 advisory. The forgejo team reports: The scope of application tokens was not verified when writing containers or...
forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.
The forgejo team reports: The scope of application tokens was not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be...
GitLab 13.1 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13298)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limit...
BIT-GITLAB-2020-13298
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure...
BIT-GITLAB-2022-2270
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...
Information Disclosure
gitlab is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by sending a specially crafted request to the GitLab server. This request would allow the attacker to leak the names of all Conan packages on the server, even if they do not have permission to access the...
CVE-2022-2270
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...
CVE-2022-2270
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...
UBUNTU-CVE-2022-2270
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification...