Lucene search
+L

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-9359

Malicious code in bioql PyPI...

8.8CVSS7.4AI score0.01668EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/06 4:19 a.m.10 views

CVE-2021-22213

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...

8.8CVSS6.2AI score0.01668EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.29 views

GitLab 7.10 < 13.10.5 / 13.11 < 13.11.5 / 13.12 < 13.12.2 (CVE-2021-22213)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safa...

8.8CVSS6.8AI score0.01668EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2022/07/15 2:53 p.m.38 views

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

A group of academics from the New Jersey Institute of Technology NJIT has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target i.e.,...

6.4AI score
Exploits0
NVD
NVD
added 2021/06/08 7:15 p.m.19 views

CVE-2021-22213

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...

8.8CVSS0.01668EPSS
Exploits0References3
OSV
OSV
added 2021/06/08 7:15 p.m.22 views

CVE-2021-22213

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...

6.5CVSS6.2AI score0.01668EPSS
Exploits0References3
CVE
CVE
added 2021/06/08 6:3 p.m.58 views

CVE-2021-22213

CVE-2021-22213 is a cross-site leak in the OAuth flow of all GitLab CE/EE versions since 7.10, enabling an attacker to leak an OAuth access token when a victim visits a malicious page in Safari. The issue is documented across multiple sources, noting the vulnerability affects GitLab CE/EE and tha...

8.8CVSS6.1AI score0.01668EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/01/05 12:0 a.m.2 views

PT-2021-4082 · Gitlab +1 · Gitlab Ce/Ee +2

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.10 and later Description: The issue is related to a cross-site leak vulnerability in the OAuth flow, allowing an attacker to leak an OAuth access token. This can be achieved by convincing a user to visit a malicious pa...

8.8CVSS6.9AI score0.01668EPSS
Exploits0References15
Hacker One
Hacker One
added 2020/12/29 12:34 p.m.19 views

Slack: Cross-site leak allows attacker to de-anonymize members of his team from another origin

This issue was reported by researcher @jub0bs via HackerOne on December 29, 2020. The Slack security team reviewed the issue, understanding the nature of information disclosure on Dec 30th. We closed the issue as informative, which we do to reflect that the report, while accurate, has not taken...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2019/12/19 2:26 p.m.202 views

Keybase: SOP bypass using browser cache

Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker's website. Information disclosed:...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2014/06/18 10:31 p.m.25 views

Internet Bug Bounty: Cross-site information assertion leak via Content Security Policy

It is possible to test for the satisfaction of certain assertions across origins by abuse of Content Security Policy. These could be assertions such as 'is the client logged into this website', or 'is the client logged in as this user', or 'does the client have access to these panels'. This gener...

6.6AI score
Exploits0
Rows per page
Query Builder