13 matches found
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...
CVE-2026-27882
Coolify prior to 4.0.0-beta.461 uses a non-constant-time string comparison (!=) to validate the GitLab webhook secret token, enabling timing-based disclosure of the secret. The issue is fixed in 4.0.0-beta.461. Remediation: upgrade to 4.0.0-beta.461.
CVE-2026-27882 Coolify: Timing Attack in GitLab Webhook Token Validation
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison operator !== to validate the webhook secret token. This implementation is vulnerable to timing attack...
CVE-2021-22246
A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...
EUVD-2020-22915
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-22246
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...
CVE-2020-35236
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...
PT-2021-6486 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 14.0.2 GitLab versions prior to 13.12.6 GitLab versions prior to 13.11.6 Description: The issue is related to the GitLab Webhook feature, which can be exploited to cause a denial of service. This is due to the potenti...
CVE-2020-35236
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...
CVE-2020-35236
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...
Amazee Lagoon Access Control Error Vulnerability
Amazee Lagoon is a rapid delivery platform for OpenShift and Kubernetes from Amazee. A security vulnerability exists in Amazee Lagoon versions prior to 1.12.3 that stems from incorrect access control and project deletion in the GitLab Webhook Handler...
UBUNTU-CVE-2020-13306
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...