MAL-2026-4699 Malicious code in utils-mf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d338ea2a5c454a5a0352e6fb29bd940027bc4b8c349649f6356c4fc4f396272 Package metadata advertises 'utility mf' with main 'index.js', but the shipped main is a 15.7MB obfuscator.io-style blob preceded by 8MB of...

CVE-2026-0830 Command Injection in Kiro GitLab Merge Request Helper

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...

EUVD-2019-6664

Malware in sbrugna...

EUVD-2022-41758

Malicious code in bioql PyPI...

EUVD-2023-48045

Malicious code in bioql PyPI...

CVE-2023-6033

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

CVE-2022-3483

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the...

CVE-2022-39233

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users ca...

Backstage Information Disclosure Vulnerability

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage that stems from the GitlabDiscoveryEntityProvider leaking gitlab integration tokens in logs when tokens with newlines are supplied...

PT-2022-24829 · Tuleap +1 · Tuleap +1

Name of the Vulnerable Software and Affected Versions: Tuleap versions 12.9.99.228 through 14.0.99.23 Description: The issue concerns improper verification of authorizations when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix...

CVE-2022-39233 Tuleap subject to Missing Authorization allowing for branch prefix modification

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users ca...

CVE-2022-39233 Tuleap subject to Missing Authorization allowing for branch prefix modification

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users ca...

[SECURITY] Fedora 36 Update: gitqlient-1.5.0-2.fc36

GitQlient, pronounced as git+client /g=EF=BF=BD=EF=BF=BDt=EF=BF=BD=EF=BF=BDk la=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BDnt/ is a multi-platform Git client originally forked from QGit. Nowadays it goes beyond of just a fork and adds a lot of new functionality. Some of the major feature you can find are...

Server side request forgery (ssrf)

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery SSRF attacks...

Design/Logic Flaw

An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration...

Zammad 代码问题漏洞

Zammad is a web-based open source help desk/customer support system. server-side request forgery vulnerability exists in GitHub, GitLab integration in versions prior to Zammad 4.1.1. No detailed vulnerability details are currently available...

3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle

DevSecOps is the concept and practice of integrating security into the DevOps cycle. The idea is to bring the different phases of security into the DevOps model and try to automate the entire process, so security is integrated directly into the initial application builds. In this post, we’ll take...

PT-2019-11809 · Jenkins · Jenkins Violation Comments To Gitlab Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Violation Comments to GitLab Plugin version 2.28 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner. Specifically, the plugin stored API tokens unencrypted in job config.xml files and its...