35 matches found
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
CVE-2022-3740
Removed by vendor...
CVE-2022-3740
GitLab CE/EE prior to 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2 are affected. The issue lets a group owner bypass the External Authorization check when enabled, by using Deploy tokens or Deploy keys to access git repositories and package registries. Root cause is an authorization flaw in...
GitLab 12.9 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-3740)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External...
GitLab CE/EE 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from the fact tha...
FreeBSD : Gitlab -- Multiple Vulnerabilities (3cde510a-7135-11ed-a28b-bff032704f00)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3cde510a-7135-11ed-a28b-bff032704f00 advisory. - Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP...
PT-2022-24861 · Unknown · Flyteadmin
Name of the Vulnerable Software and Affected Versions: FlyteAdmin versions prior to 1.1.44 Description: The default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable authentication without changing the default clientid hashes will be exposed...
Istio may not check inbound TCP connections against istio-policy
Istio 1.1.x through 1.1.6 has Incorrect Access Control. When disablePolicyChecks is set to false, inbound TCP connections do not generate Check requests to istio-policy and external authorization is not applied. This behavior is a result of a change to...
envoyproxy/envoy: HTTP request with multiple value headers can bypass authorization policies
An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...
envoyproxy/envoy: HTTP request with multiple value headers can bypass authorization policies
An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...
Envoy 安全漏洞
Envoy is an open source distributed proxy server. A security vulnerability exists in Envoy. The vulnerability allows an attacker to bypass rule policies that use the extauthz extension. The biggest threats from this vulnerability are confidentiality, integrity, and system availability...
PT-2021-19922 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions 1.16.5 through 1.19.0 Description: The issue affects Envoy, an open source L7 proxy and communication bus. In the affected versions, when the ext-authz extension sends request headers to the external authorization service, it...
Authorization
When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failur...