Hardcoded credentials

An Insecure Permissions issue issue 1 of 3 was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credential...

GitLab: Access Projects And create projects in gitlab pre production server

Steps to reproduce Go to https://pre.gitlab.com Here any one can register and can view the pre production projects of gitlab developers. I have registered in https://pre.gitlab.com/users/signin and have created one test group and test project go to https://pre.gitlab.com/explore/groups i have...

Atlassian JIRA 'Jira-importers-plugin' Cross-Site Request Forgery Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace.Jira-importers-plugin is one of the plugins used to provide the core functionality of the Atlassian product. A cross-site request...

CVE-2017-18033

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...