CVE-2023-3413

CVE-2023-3413 affects GitLab: all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. The vulnerability allows reading the source code of a project through a fork created before changing visibility to only pr...

CVE-2023-3920

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

UBUNTU-CVE-2023-0989

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...

UBUNTU-CVE-2023-3920

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

CVE-2023-3920 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

PT-2023-24693 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab, allowing an attacker to read the source code of a project through a fork created...

PT-2023-10706 · Bitcoin · Bitcoind

Name of the Vulnerable Software and Affected Versions: Bitcoin versions prior to the fix for BIP-0050 Description: A issue occurred due to a large number of total transaction inputs being broadcasted, which were rejected by some nodes and not rejected by others, causing a fork. Recommendations: A...

GitLab 11.2 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-3920)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was...

PT-2023-16670 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.11 through 16.2.7 GitLab CE/EE versions 16.3 through 16.3.4 GitLab CE/EE versions 16.4 through 16.4.0 Description: An information disclosure issue in GitLab CE/EE allows an attacker to extract non-protected CI/CD...

PT-2023-26833 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.2 through 16.2.8 GitLab versions 16.3 through 16.3.5 GitLab versions 16.4 through 16.4.1 Description: An issue has been discovered in GitLab where a maintainer could create a fork relationship between existing projects...

Important: golang

Issue Overview: An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library stdlib and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice array causing a panic when...

CVE-2023-23763

An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles project forks. An attacker can exploit this vulnerability to access data of an internal repository through a project fork done by a project member...

Information Disclosure

gitlab is vulnerable to Information Disclosure. When an attacker has a fork of a project that has been turned to private, the branch names can be accessed...

CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...

The fork mechanism of Nouns DAO may be completely ineffective or abused, because there is no reasonable limit to the maximum or minimum value of the fork threshold.

Lines of code Vulnerability details Impact Nouns Fork is a Last-Resort Minority Protection Mechanism, created to protect the minority from the tyranny of the majority. As described in this article: . In the initial case, if a quorum of 20% of tokens signals to exit, the fork will succeed, but sin...

The 'Nouns Fork' is considered unfair towards contributors, given they are not awarded any new tokens.

Lines of code Vulnerability details Impact The 'Nouns Fork' is considered unfair towards contributors, given they are not awarded any new tokens. Proof of Concept The Nouns Fork mechanism allows members of the minority in the Nouns DAO to exit to a new forked Nouns DAO, but the current approach m...

The fork escrow voting should use the snapshot mechanism to save whether the current DAO state reaches the fork threshold

Lines of code Vulnerability details Impact The fork escrow vote does not use the snapshot mechanism or checkpoint mechanism to save whether the current DAO state reaches the fork threshold, which may cause the timing of the fork to be missed. Proof of Concept Suppose the following scenario: 1. Wh...

Escrow Premature Closure and Fork ID Manipulation in closeEscrow function.

Lines of code Vulnerability details Impact closeEscrow Function: Attack Surface: This function allows the DAO contract to close the escrow and increment the fork ID. Attack Vectors: Unauthorized Access: If an attacker gains control over the DAO contract, they can call this function and close the...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in Gitlab CE/EE, which stems from the fact tha...