123 matches found
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: prometheus-node-exporter, crossplane-provider-aws-eks, spire-server-fips, kube-fluentd-operator, kubernetes-csi-driver-hostpath, cri-tools, boring-registry-fips, kine, kube-rbac-proxy-fips, volume-modifier-for-k8s, kubernetes-csi-livenessprobe, terraform-provider-aws...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: cortex, aactl, terraform-provider-sendgrid, kubescape, scorecard, buildkitd, kubeflow, k3d, prometheus-blackbox-exporter, src, dgraph, kubevela, spark-operator, up, falco, slsa-verifier...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: kubernetes-csi-livenessprobe-fips, kubescape, kubeflow-fips, conftest-fips, bank-vaults-fips, scorecard, falco, metrics-server-fips, cortex, timestamp-authority-fips, aactl, terraform-provider-sendgrid, prometheus-blackbox-exporter, dgraph, up, kubeflow,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: terraform-provider-sendgrid, aactl, gobuster, certificate-transparency, ip-masq-agent, pulumi-language-dotnet, kaf, bom, cue, spark-operator, fuse-overlayfs-snapshotter, flux-source-controller, terraform-provider-aws, frp, kubeflow-katib, prometheus-blackbox-exporter...
CVE-2023-4008
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known...
CVE-2023-4008
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known...
CVE-2023-4008 Incorrect Ownership Assignment in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known...
PT-2023-27254 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.9 through 16.0.7 GitLab CE/EE versions 16.1 through 16.1.2 GitLab CE/EE versions 16.2 through 16.2.1 Description: An issue has been discovered in GitLab CE/EE, where it was possible to takeover GitLab Pages with uniqu...
UBUNTU-CVE-2023-0042
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols...
CVE-2023-0042
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols...
SUSE SLES15: ruby2.5-rubygem-kramdown / ruby2.5-rubygem-kramdown-doc / etc (SUSE-SU-2022:3259-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3259-1 advisory. - CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution...
GitLab 11.5 < 14.7.7 / 14.8 < 14.8.5 / 14.9 < 14.9.2 (CVE-2022-1148)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's...
CVE-2022-1121
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption...
CVE-2022-1148
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the...
CVE-2022-1148
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the...
Authorization
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the...
CVE-2022-1121
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption...
UBUNTU-CVE-2022-1148
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the...
UBUNTU-CVE-2022-1121
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption...
CVE-2022-1121
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption...