13 matches found
EUVD-2022-34514
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1....
BIT-GITLAB-2022-2235
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link...
CVE-2022-2235
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link...
CVE-2022-2235
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link...
Cross site scripting
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link...
CVE-2022-2235
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link...
UBUNTU-CVE-2022-2235
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link...
CVE-2022-2235
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link...
CVE-2022-2235
GitLab CE/EE external issue tracker sanitization flaw leads to cross-site scripting (XSS) in affected GitLab releases. Affected versions are 14.5 up to 14.10.5 (exclusive), 15.0 up to 15.0.4 (exclusive), and 15.1 up to 15.1.1 (exclusive). The vulnerability arises from insufficient input sanitizat...
PT-2022-15381 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.5 through 14.10.4 GitLab EE versions 15.0 through 15.0.3 GitLab EE versions 15.1 through 15.1.0 Description: Insufficient sanitization in GitLab EE's external issue tracker allows an attacker to perform cross-site...
GitLab: XSS in ZenTao integration affecting self hosted instances without strict CSP
Summary The ZenTao issue integration premium feature is susceptible to an XSS attack by delivering modified API responses to GitLab. This is related and similar to my report https://hackerone.com/reports/1533976 but this time affecting the ZenTao integration. A user can create a project and...
GitLab: GFM renderer leaks external issue tracker URL of private project
Vulnerability details The GFM renderer has the ability to cross-link issues between projects. When this project is private and the user doesn't have access, the link isn't made. This is good. However, when the private project has an external issue tracker set up, an attacker can extract the...