2310 matches found
SUSE CVE-2015-3010
ceph-deploy before 1.5.23 uses weak permissions 644 for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...
SUSE CVE-2015-4053
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...
SUSE CVE-2017-1000113
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...
SUSE CVE-2019-13509
In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to cross-site scripting ( CVE-2022-46771 )
Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...
CVE-2022-3820
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...
CVE-2022-3820
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
Authentication flaw
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...
Authorization
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
UBUNTU-CVE-2022-3820
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...
UBUNTU-CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
PT-2023-1338
Name of the Vulnerable Software and Affected Versions Argo CD versions 2.5.0-rc1 through 2.5.7 Argo CD version 2.6.0-rc4 Description The issue is related to an authorization bypass bug in Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. This bug allows a malicious Argo CD...
PT-2023-1347 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.9 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.3 GitLab CE/EE versions 15.5 through 15.5.1 Description: The issue is related to a flaw in the authorization procedure when managing keys and tokens using...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
CVE-2022-3820
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...
CVE-2022-3820
CVE-2022-3820 affects GitLab versions 15.4 up to 15.4.3 and 15.5 up to 15.5.1, where GitLab did not perform correct authentication with certain Package Registries when IP address restrictions were configured. This allowed an attacker who already possessed a valid Deploy Token to misuse it from an...
CVE-2022-3740
Removed by vendor...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...