PT-2023-18346 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.10 through 15.10.4 GitLab EE versions 15.11 through 15.11.0 Description: An issue has been discovered in GitLab EE that may allow users who are marked as external to become regular users under certain conditions when...

GitLab 15.10 < 15.10.5 / 15.11 < 15.11.1 (CVE-2023-2182)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is...

How to Configure GSLB Setup for Internal Users From GUI

This article contains information about how to configure a GSLB setup for internal users using the same host name. In some scenarios, the administrator requires that all external users coming through the Internet must go through the Citrix Gateway using a public or external IP Address, whereas al...

HelpSystems GoAnywhere MFT 路径遍历漏洞

HelpSystems GoAnywhere MFT is a hosted file transfer software from HelpSystems USA. A path traversal vulnerability exists in HelpSystems GoAnywhere MFT prior to version 6.8.3, which originates from allowing an external user who self-registers with a specific username or profile information to gai...

Intermittent Session Launch Failure with Active/Active StoreFront Server Groups

Users intermittently fail to receive ICA files from StoreFront when trying to launch a new session in the following circumstances all of the below conditions must apply: Multiple active StoreFront server groups are in use, connected by GSLB, configured either for direct access or authentication...

Sandbox Escape by math function in smarty

Impact Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Patches Please upgrade to 4.0.2 or 3.1.42 or...

Server-Side Request Forgery (SSRF) in chocobozzz/peertube

Description There is an SSRF vulnerability in PeerTube, registered users outside of the external network can issue GET requests into the internal network via the Import With URL option. Proof of Concept Setting a Python3 server on 8080 python3 -m http.server 8080 And importing this URL...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...

UBUNTU-CVE-2021-39935

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API...

Worried About SaaS Misconfigurations? Check These 5 Settings Everybody Misses

Enterprises depend on SaaS applications for countless functions, like collaboration, marketing, file sharing, and more. But problematically, they often lack the resources to configure those apps to prevent cyberattacks, data exfiltration, and other risks. Catastrophic and costly data breaches...

UBUNTU-CVE-2020-12275

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API...

FreeBSD : Gitlab -- Multiple Vulnerabilities (08fba28b-6f9f-11ea-bd0b-001b217b3468)

Gitlab reports : Arbitrary File Read when Moving an Issue Path Traversal in NPM Package Registry SSRF on Project Import External Users Can Create Personal Snippet Triggers Decription Can be Updated by Other Maintainers in Project Information Disclosure on Confidential Issues Moved to Private...

CVE-2019-7319

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...

CVE-2019-7319

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...

HackerOne: Reporter, external users, collaborators can mark sent swag awarded to reporter as unsent

An Insecure Direct Object Reference IDOR vulnerability allow the reporter, external users, and collaborators to mark sent swag that was awarded to the reporter as unsent. This may result in swag being sent multiple times. Proof of concept Follow the steps below to reproduce the vulnerability. sig...

Various Connection Method Behaviours of Mobile Citrix Receiver with StoreFront and NetScaler Gateway

The following scenarios provide an understanding of when to use the StoreFront server FQDN and/or NetScaler Gateway FQDN in an App Controller solution when connecting from a mobile device: Internal Users Connecting to StoreFront Server Scenario 1 – Legacy PNA Site and No Store Available Scenario ...

HackerOne: Disclosure of external users invited to a specific report

It is possible to verify whether a specific user is invited to participate as an external user to a specific report. Thus it is possible to enumerate all external users added to a specific non-public report of interest. PoC: curl 'https://hackerone.com/reports/reportid/externalusers/userid' -X...

How to Use Listen Policy to Create Virtual Servers with Same IP and Perform Selective Dual Authentication

You can use the Listen Policy feature of Citrix ADC NetScaler to use the same IP and FQDN and have selective authentication on the basis of the IP range. Example : Single authentication for internal users and dual authentication for external users...

Application Navigator shows full list of links, including restricted ones

If a user has access to JIRA, but not Confluence, and try to go to a Confluence page, the access error page itself will have the hamburger menu with a full, unrestricted list of all links set up. We have a couple links pointing to code repositories and an older, archived issue tracker. The former...

adding "Project Member" to User/Group/Projectrole options list for security level

I'm looking for a fast and easy way to handle security viewability of issues over all projects. Scenario is: We have setup the Jira company environment and several different projects. We have some external developers that are assinged to their specific projects. I did not yet use the security...