95 matches found
BIT-GITLAB-2022-3060
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...
GitLab 11.8 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4365)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A...
Improper Access Control
gitlab:sid is vulnerable of Improper Access Control. The vulnerability due to leak the sentry token by changing the configured URL in the Sentry error tracking settings page. It allow an attacker to leak sentry token under specific circumstances...
CVE-2023-4378
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...
UBUNTU-CVE-2023-4378
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...
PT-2023-28979 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.8 through 16.1.4 GitLab CE/EE versions 16.2 through 16.2.4 GitLab CE/EE versions 16.3 through 16.3.0 Description: An issue has been discovered that allows a malicious Maintainer to leak the sentry token under specific...
Code injection
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...
CVE-2023-39349 Sentry vulnerable to privilege escalation via ApiTokensEndpoint
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...
CVE-2023-39349
Sentry vulnerability CVE-2023-39349 affects self-hosted Sentry and the hosted service prior to 23.7.2. A attacker with a token that has few or no scopes can query the /api/0/api-tokens/ endpoint to enumerate all tokens created by a user, including tokens with greater scopes, and reuse them in oth...
Information Disclosure
gitlab is vulnerable to Information Disclosure. A malicious authenticated maintainer is able to leak the sentry token by changing the configured URL in the sentry error tracking settings page...
Improper Authorization
gitlab is vulnerable to Improper Authorization. This vulnerability allows project members to manage issues in the error tracking feature if they are assigned the reporter role...
Improper Access Control
gitlab is vulnerable to Improper Access Control. Improper control of a resource identifier in Error Tracking allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...
Authorization
Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the...
PYSEC-2023-115
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
CVE-2023-36829
Sentry CORS misconfiguration (CVE-2023-36829): in versions 23.6.0 through
CVE-2022-4365
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...
Code injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...
UBUNTU-CVE-2022-4365
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...
CVE-2022-4365
GitLab CE/EE is affected by CVE-2022-4365 and CVE-2023-4378: a malicious Maintainer can leak the Sentry token by changing the URL in the Sentry error tracking settings. Affected are GitLab versions starting from 11.8 up to 15.5.7, 15.6 up to 15.6.4, and 15.7 up to 15.7.2. The issue stems from an ...
PT-2023-14273 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.8 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2 Description: A malicious Maintainer can exploit an issue in GitLab CE/EE to leak the sentry token. This is achieved ...