81 matches found
Gitaly Insufficient Session Expiration vulnerability
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: =1.79.0, =13.4, =13.5, 13.5.2...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. When importing repos via URL, one time use git credentials were persisted beyond the expected time window. Remediation Upgrade gitaly to version 13.3.9, 13.4.5, 13.5.2 or higher...
CVE-2020-13353
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above...
DEBIAN-CVE-2020-13353
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above...
CVE-2020-13353
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above...
CVE-2020-13353
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above...
CVE-2020-13353
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above...
CVE-2020-13353
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above...
FreeBSD : Gitlab -- Multiple vulnerabilities (174e466b-1d48-11eb-bd0f-001b217b3468)
Gitlab reports : Path Traversal in LFS Upload Path traversal allows saving packages in arbitrary location Kubernetes agent API leaks private repos Terraform state deletion API exposes object storage URL Stored-XSS in error message of build-dependencies Git credentials persisted on disk Potential...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Path Traversal in LFS Upload Path traversal allows saving packages in arbitrary location Kubernetes agent API leaks private repos Terraform state deletion API exposes object storage URL Stored-XSS in error message of build-dependencies Git credentials persisted on disk Potential...
git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak
A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this...
Github-Dorks - Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks
Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to ...
Information Disclosure
gradle-info-plugin is vulnerable to information disclosure. User credentials are not stripped from the Git repository URL...
GitLab CE/EE Information Disclosure Vulnerability (CNVD-2019-32223)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...
CVE-2019-11549
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...
CVE-2019-11549
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...
Information disclosure
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...
CVE-2019-11549
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors...
CVE-2019-11549
Removed by vendor...
UBUNTU-CVE-2015-6918
salt before 2015.5.5 leaks git usernames and passwords to the log...