PT-2025-5629 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.13.4 Argo CD versions prior to 2.12.10 Argo CD versions prior to 2.11.13 Description: A vulnerability was discovered that exposes secret values in error messages and the diff view when an invalid Kubernetes Secret...

CVE-2024-13278

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0...

CVE-2024-13278

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0...

CVE-2024-13278

Drupal Diff vulnerability (CVE-2024-13278) stems from an incorrect authorization check in the Diff module, enabling functionality misuse. Affected: Diff module in Drupal (versions 0.0.0 through 1.7.9; fixed in 1.8.0+). Impact: access bypass and information disclosure due to insufficient revision ...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Diff prior to version 1.8.0, which stems from the inclusion of an authorization error vulnerability...

BIT-GITLAB-2024-10043 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature,...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions 11.0 to 17.6.2. The vulnerabilities are located in several versions of GitLab CE/EE and allow attackers to create groups with names that match existing unique domains, which can lead to domain confusion. In addition, users...

CVE-2024-10043

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature,...

UBUNTU-CVE-2024-10043

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature,...

UBUNTU-CVE-2024-8233

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request...

CVE-2024-8233

CVE-2024-8233 affects GitLab CE/EE: all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. The issue allows an attacker to cause a denial of service by sending requests for diff files on a commit or merge request. Root cause details are not fully enumerated in the provid...

CVE-2024-8233 Inefficient Algorithmic Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request...

CVE-2024-10043 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature,...

CVE-2024-10043 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature,...

CVE-2024-10043

Removed by vendor...

CVE-2024-10043 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature,...

CVE-2024-10043

CVE-2024-10043 affects GitLab EE versions 14.3–before 17.4.6, 17.5–before 17.5.4, and 17.6–before 17.6.2. The issue allows group users to view confidential incident titles via the Wiki History Diff feature, leading to information disclosure. The documents indicate fixes in the applicable lines: u...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from requesting a diff fi...

PT-2024-9582 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue affects GitLab CE/EE and is related to an uncontrolled resource consumption. An attacker could...

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...