Linux Distros Unpatched Vulnerability : CVE-2024-8312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inje...

SUSE CVE-2025-23216

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

CVE-2025-23216 Argo CD does not scrub secret values from patch errors

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write...

PT-2025-5629 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.13.4 Argo CD versions prior to 2.12.10 Argo CD versions prior to 2.11.13 Description: A vulnerability was discovered that exposes secret values in error messages and the diff view when an invalid Kubernetes Secret...

UBUNTU-CVE-2024-8312

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...

PT-2024-9136 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.0 Description: An issue has been discovered in GitLab CE/EE that could allow an attacker to inject HTML into the Glob...

DRUPAL-CONTRIB-2024-042

This module adds a tab for sufficiently permissioned users. The tab shows all revisions like standard Drupal but it also allows pretty viewing of all added/changed/deleted words between revisions. The module doesn't sufficiently check revision access before rendering a diff report for 1 nodes or ...

SUSE CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

Fedora 13 : cgit-0.9-1.fc13 (2011-2815)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

Fedora 14 : cgit-0.9-1.fc14 (2011-2803)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

Fedora Core 11 FEDORA-2009-13634 (viewvc)

The remote host is missing an update to viewvc announced via advisory FEDORA-2009-13634. OpenVAS Vulnerability Test $Id: fcore200913634.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13634 viewvc Authors: Thomas Reinke Copyright: Copyright c 2009...

Fedora Core 12 FEDORA-2009-13610 (viewvc)

The remote host is missing an update to viewvc announced via advisory FEDORA-2009-13610. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

Fedora 11 : viewvc-1.1.3-1.fc11 (2009-13634)

security fix: add root listing support of per-root authz config security fix: query.py requires 'forbidden' authorizer or none in config fix URL- ification of truncated log messages issue 3 fix regexp input validation issue 426, 427, 440 add support for configurable tab-to-spaces conversion fix...

Fedora 12 : viewvc-1.1.3-1.fc12 (2009-13610)

security fix: add root listing support of per-root authz config security fix: query.py requires 'forbidden' authorizer or none in config fix URL- ification of truncated log messages issue 3 fix regexp input validation issue 426, 427, 440 add support for configurable tab-to-spaces conversion fix...

SuSE 10 Security Update : Subversion (ZYPP Patch Number 5362)

This update of subversion fixes multiple vulnerabilities. - list CVS or SVN commits on 'all-forbidden' files. CVE-2008-1290 - directly access hidden CVSROOT folders. CVE-2008-1291 - expose restricted content via the revision view, the log history, or the diff view. CVE-2008-1292 %NASLMINLEVEL 703...

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

GLSA-200803-29 : ViewVC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-29 ViewVC: Multiple vulnerabilities Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact : A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on...