15 matches found
EUVD-2024-27140
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-2177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1....
FreeBSD : Gitlab -- vulnerabilities (6943cbf2-2d55-11f0-9471-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6943cbf2-2d55-11f0-9471-2cf05da270f3 advisory. Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of...
Gitlab -- vulnerabilities
Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...
The vulnerability of the OAuth-based software platform implementation for Git-based collaborative code development on GitLab allows a perpetrator to carry out a Cross-Window Forgery attack.
The vulnerability of the OAuth-based software platform’s implementation for collaborative code development on GitLab is related to an incorrect restriction on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to execute a Cross-Window Forgery...
BIT-GITLAB-2024-2177 Improper Restriction of Rendered UI Layers or Frames in GitLab
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
GitLab 16.3 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-2177)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker...
CVE-2024-2177
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
CVE-2024-2177
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
UBUNTU-CVE-2024-2177
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
CVE-2024-2177 Improper Restriction of Rendered UI Layers or Frames in GitLab
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
CVE-2024-2177 Improper Restriction of Rendered UI Layers or Frames in GitLab
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
CVE-2024-2177
Removed by vendor...
CVE-2024-2177 Improper Restriction of Rendered UI Layers or Frames in GitLab
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload...
PT-2024-6686 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.3 through 16.11.4 GitLab CE/EE versions 17.0 through 17.0.2 GitLab CE/EE versions 17.1 through 17.1.0 Description: A Cross Window Forgery issue exists within GitLab CE/EE due to an incorrect restriction of visualizabl...