Lucene search
K

7 matches found

Wallarm Lab
Wallarm Lab
added 2022/05/16 3:36 p.m.69 views

Three new API exploits causes GitLab data privacy and availability issues

On May 10, 2022, and May 11, 2022, CVE-2022-1352 CVE-2021-1431, and CVE-2022-1545 were fixed and published on Gitlab-ORG public repository. There are no technical details or exploits yet, but according to the high-level description and titles, they gonna be critical Gitlab API vulnerabilities tha...

7.8CVSS1.5AI score0.01601EPSS
Exploits0
NVD
NVD
added 2022/05/11 3:15 p.m.23 views

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

5.3CVSS0.01269EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/05/11 3:15 p.m.23 views

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

5.3CVSS6.4AI score0.01269EPSS
Exploits0References4
CVE
CVE
added 2022/05/11 2:30 p.m.2457 views

CVE-2022-1352

GitLab EE/CE is affected by CVE-2022-1352 due to an insecure direct object reference. Versions affected: 11.0 and newer up to but excluding 14.8.6 (i.e., 11.0–14.8.5), 14.9 until before 14.9.4 (i.e., 14.9.0–14.9.3), and 14.10 until before 14.10.1 (i.e., 14.10.0). The vulnerability allows an endpo...

5.3CVSS5.4AI score0.01269EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/11 2:30 p.m.16 views

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

5.3CVSS6.6AI score0.01269EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/05/11 2:30 p.m.40 views

CVE-2022-1352

Removed by vendor...

5.3CVSS6.4AI score0.01269EPSS
Exploits0
Cvelist
Cvelist
added 2022/05/11 2:30 p.m.25 views

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

5.3CVSS5.4AI score0.01269EPSS
Exploits0References3
Rows per page
Query Builder