Lucene search
K

35 matches found

UbuntuCve
UbuntuCve
added 2023/01/26 9:15 p.m.34 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.1AI score0.0089EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.30 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.7AI score0.0089EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.5 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.8AI score0.0089EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/01/24 12:0 a.m.60 views

CVE-2022-3740

Removed by vendor...

6.5CVSS6.2AI score0.0089EPSS
Exploits0
CVE
CVE
added 2023/01/24 12:0 a.m.225 views

CVE-2022-3740

GitLab CE/EE prior to 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2 are affected. The issue lets a group owner bypass the External Authorization check when enabled, by using Deploy tokens or Deploy keys to access git repositories and package registries. Root cause is an authorization flaw in...

6.5CVSS4.7AI score0.0089EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/16 12:0 a.m.31 views

GitLab 12.9 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-3740)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External...

6.5CVSS5.8AI score0.0089EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.6 views

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from the fact tha...

6.5CVSS5.8AI score0.0089EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/12/01 12:0 a.m.47 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (3cde510a-7135-11ed-a28b-bff032704f00)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3cde510a-7135-11ed-a28b-bff032704f00 advisory. - Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP...

9.3CVSS6.2AI score0.01074EPSS
Exploits9References12
Positive Technologies
Positive Technologies
added 2022/10/05 12:0 a.m.5 views

PT-2022-24861 · Unknown · Flyteadmin

Name of the Vulnerable Software and Affected Versions: FlyteAdmin versions prior to 1.1.44 Description: The default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable authentication without changing the default clientid hashes will be exposed...

7.5CVSS7.3AI score0.0067EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.19 views

Istio may not check inbound TCP connections against istio-policy

Istio 1.1.x through 1.1.6 has Incorrect Access Control. When disablePolicyChecks is set to false, inbound TCP connections do not generate Check requests to istio-policy and external authorization is not applied. This behavior is a result of a change to...

7.5CVSS7.2AI score0.01175EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2021/08/25 9:37 a.m.3 views

envoyproxy/envoy: HTTP request with multiple value headers can bypass authorization policies

An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...

8.6CVSS5.8AI score0.03325EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/08/25 9:37 a.m.3 views

envoyproxy/envoy: HTTP request with multiple value headers can bypass authorization policies

An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...

8.6CVSS5.8AI score0.03325EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/08/24 12:0 a.m.4 views

Envoy 安全漏洞

Envoy is an open source distributed proxy server. A security vulnerability exists in Envoy. The vulnerability allows an attacker to bypass rule policies that use the extauthz extension. The biggest threats from this vulnerability are confidentiality, integrity, and system availability...

8.6CVSS7.8AI score0.03325EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/08/24 12:0 a.m.6 views

PT-2021-19922 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.16.5 through 1.19.0 Description: The issue affects Envoy, an open source L7 proxy and communication bus. In the affected versions, when the ext-authz extension sends request headers to the external authorization service, it...

8.6CVSS8.6AI score0.03325EPSS
Exploits0References12
Prion
Prion
added 2018/12/28 3:29 p.m.29 views

Authorization

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failur...

4.3CVSS5.7AI score0.01427EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder