PT-2023-13596 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.4 through 15.4.3 GitLab versions 15.5 through 15.5.1 Description: An issue has been discovered in GitLab where it was not performing correct authentication with some Package Registries when IP address restrictions were...

CVE-2022-3820

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...

CVE-2022-3820

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...

GitLab 12.9 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-3740)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External...

GitLab 15.4 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-3820)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registrie...

Front-running "deployCounterFactualWallet"

Lines of code Vulnerability details Description The deployCounterFactualWallet function deploys a smart wallet using the create2 function with a salt value that depends on the owner and index parameters. However, the address derivation for the deployed wallet does not depend on the entryPoint and...

CVE-2022-3614

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation...

CVE-2022-3614

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation...

Authentication flaw

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

Code injection

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

CVE-2022-3614

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation...

Octopus Deploy 输入验证错误漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy that stems from the ability of users logging into certain browsers of Octopus Server using AD to bypass...

PT-2023-13457 · Microsoft · Active Directory

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows users of certain browsers using Active Directory AD to sign-in to Octopus Server to bypass authentication checks. These users can be redirected to the configured...

CVE-2022-3614

CVE-2022-3614 affects Octopus Deploy. The vulnerability enables users authenticating via AD in certain browsers to bypass authentication checks during sign-in and be redirected to the configured redirect URL without validation, effectively leaking session/auth context through an unchecked redirec...

CVE-2022-3614

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation...

CVE-2022-3460

CVE-2022-3460 affects Octopus Deploy; certain types of sensitive variables may be unmasked when viewed in the variable preview. The CVSS 3.1 metrics indicate a HIGH impact (7.5) with Network attack vector, Low attack complexity, and no privileges or user interaction required, but confidentiality ...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

PT-2023-13416 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows certain types of sensitive variables to become unmasked when viewed in variable preview. Recommendations: At the moment, there is no information about a newer versio...