Lucene search
+L

13 matches found

Snyk
Snyk
added 2026/06/30 5:25 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...

9.2CVSS6AI score0.00546EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/30 5:25 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the pipeline.Author process. An attacker can execute unauthorized pipeline steps and exfiltrate CI secrets by setting the commit author name in a GitLab webhook payload to match an entry in the approval list,...

9.2CVSS6AI score0.00546EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 2:26 p.m.24 views

CVE-2026-27882

Coolify prior to 4.0.0-beta.461 uses a non-constant-time string comparison (!=) to validate the GitLab webhook secret token, enabling timing-based disclosure of the secret. The issue is fixed in 4.0.0-beta.461. Remediation: upgrade to 4.0.0-beta.461.

4.8CVSS5.8AI score0.00146EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 2:26 p.m.5 views

CVE-2026-27882 Coolify: Timing Attack in GitLab Webhook Token Validation

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison operator !== to validate the webhook secret token. This implementation is vulnerable to timing attack...

4.8CVSS6AI score0.00146EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.9 views

CVE-2021-22246

A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...

7.7CVSS6.3AI score0.01335EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-22915

Malware in sbrugna...

5.3CVSS5.6AI score0.01209EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-22246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks...

7.7CVSS6.7AI score0.01335EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 p.m.8 views

CVE-2020-35236

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...

5.3CVSS6.8AI score0.01209EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/08/20 12:0 a.m.7 views

PT-2021-6486 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 14.0.2 GitLab versions prior to 13.12.6 GitLab versions prior to 13.11.6 Description: The issue is related to the GitLab Webhook feature, which can be exploited to cause a denial of service. This is due to the potenti...

7.7CVSS6.4AI score0.01335EPSS
Exploits0References12
OSV
OSV
added 2020/12/14 5:15 a.m.19 views

CVE-2020-35236

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...

5.3CVSS6.7AI score
Exploits0References4
Cvelist
Cvelist
added 2020/12/14 4:44 a.m.23 views

CVE-2020-35236

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion...

5.2AI score0.01209EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/14 12:0 a.m.7 views

Amazee Lagoon Access Control Error Vulnerability

Amazee Lagoon is a rapid delivery platform for OpenShift and Kubernetes from Amazee. A security vulnerability exists in Amazee Lagoon versions prior to 1.12.3 that stems from incorrect access control and project deletion in the GitLab Webhook Handler...

5.3CVSS6AI score0.01209EPSS
Exploits0References5
OSV
OSV
added 2020/09/14 10:15 p.m.3 views

UBUNTU-CVE-2020-13306

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation...

7.5CVSS5.8AI score0.01828EPSS
Exploits0References3
Rows per page
Query Builder