PT-2024-7210 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.16 through 17.2.9 GitLab CE/EE versions 17.3 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 Description: An issue was discovered in GitLab CE/EE, which allows deploy keys to push to an archived repository. Th...

PT-2024-29904 · Litestar · Litestar

Name of the Vulnerable Software and Affected Versions: Litestar versions 2.10.0 and prior Description: The issue is related to Environment Variable injection in Litestar's docs-preview.yml workflow, which may lead to secret exfiltration and repository manipulation. This grants a malicious actor...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-43045 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.452.3)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-43045 Source advisory: OSV:GHSA-8PV9-QH96-9HC6...

The vulnerability of the Dashboard component of the software control panel allows for the insertion of arbitrary HTML code by attackers, enabling them to implement applications through IBM App Connect Enterprise.

The vulnerability of the Dashboard component of the software platform for integrating IBM App Connect Enterprise applications exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code remotely...

eisen (=0.1.9), eisen-deploy (>=0.0.1 <=0.0.2) potentially affected by CVE-2024-35198 via torchserve (=0.0.1b20200409)

torchserve PYPI version =0.0.1b20200409 is affected by a known vulnerability. The following packages have a transitive dependency on torchserve and may be impacted: - eisen =0.1.9 - eisen-deploy =0.0.1, =0.0.2 Source cves: CVE-2024-35198 Source advisory: OSV:GHSA-WXCX-GG9C-FWP2...

CVE-2024-6395

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

CVE-2024-6395

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

PT-2024-37592 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An exposure of sensitive information issue in GitHub Enterprise Server allows an attacker to enumerate the names of private repositories that utilize deploy keys. This issue does no...

Malicious code in health-and-wellness-collab-macro-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 490467d98a5f3dcce3605ce769912fad8036917a2da1ab4065e039e6a970a34b The OpenSSF Package Analysis project identified 'health-and-wellness-collab-macro-deploy' @ 1.0.8 npm as malicious. It is considered malicious...

CVE-2024-5470

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

UBUNTU-CVE-2024-5470

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

CVE-2024-5470 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

CVE-2024-5470 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

CVE-2024-5470

GitLab CE/EE CVE-2024-5470 affects all versions from 17.0 up to, but not including, 17.0.4 and from 17.1 up to, but not including, 17.1.2. A Guest user with the admin_push_rules permission may have been able to create project-level deploy tokens. The description explicitly identifies the vulnerab...

CVE-2024-5470

Removed by vendor...

FreeBSD : Gitlab -- vulnerabilities (acb4eab6-3f6d-11ef-8657-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the acb4eab6-3f6d-11ef-8657-001b217b3468 advisory. Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with...

Gitlab -- vulnerabilities

Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...

CVE-2024-22377

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users...