6 matches found
GitLab 13.9 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Information Exposure Vulnerability
GitLab is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...
UBUNTU-CVE-2021-22262
Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect...
GitLab: Store-XSS in error message of build-dependencies
Hi, A stored-XSS is existing in error message of build-dependencies. Fortunately it currently does not exist in gitlab.com. It seems that gitlab.com disables the dependencies validation. However this feature is enable by default in self-managed installation. Steps to reproduce The following steps...
CVE-2019-15580
CVE-2019-15580 is an information exposure vulnerability in gitlab.com versions <12.3.2, <12.2.6, and
CVE-2019-15580
An information exposure vulnerability exists in gitlab.com v12.3.2, v12.2.6, and v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted...
GitLab: Server Side Request Forgery mitigation bypass
Summary This vulnerability allows attacker to send arbitrary requests to local network which hosts GitLab and read the response. This is possible due to flawed DNS rebinding protection. The attack is possible due to flaw here:...