EUVD-2021-26272

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-39916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check i...

BIT-GITLAB-2021-39916

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....

Authorization

An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call...

PT-2022-11091 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.1 through 14.3.5 GitLab EE versions 14.4 through 14.4.3 GitLab EE versions 14.5 through 14.5.1 Description: An authorization logic error in the External Status Check API allowed a user to update the status of the check v...

CVE-2021-39916

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....

CVE-2021-39916

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....

Design/Logic Flaw

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....

UBUNTU-CVE-2021-39916

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....

CVE-2021-39916

The CVE-2021-39916 entry describes a lack of an access control check in GitLab EE’s External Status Check feature, enabling any authenticated user to retrieve the configuration of any External Status Check. Affected versions are 14.1–14.3.5, 14.4 before 14.4.4, and 14.5 before 14.5.2. The root ca...

CVE-2021-39916

Removed by vendor...

PT-2021-22762 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.1 through 14.3.5 GitLab EE versions 14.4 through 14.4.3 GitLab EE versions 14.5 through 14.5.1 Description: The issue is related to a lack of access control check in the External Status Check feature, allowing any...

GitLab: IDOR in "external status check" API leaks data about any status check on the instance

Summary The API endpoint for returning approval from an external status check contains an IDOR that lets a user list information about all external status checks on the GitLab instance. The feature is an Ultimate feature, but can be accessed by starting an Ultimate trial on GitLab.com. So the...