27 matches found
CVE-2026-44784
Discourse has a vulnerability where non-staff group owners can access a group’s outgoing SMTP credentials in plaintext via the group history log (/groups/:name/logs.json). Affected fields include email_password, email_username, smtp_server, smtp_port, and smtp_ssl_mode, with SMTP password being t...
PT-2026-48981
Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description Group owners who are not administrators or moderators can view a group's outgoing email and SMTP...
GitLab Enterprise Edition(EE) 安全漏洞
GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE prior to 15.5, 18.10.8, 18.11.5, and 19.0.2 contained security vulnerabilities. These vulnerabilities were caused by improper authorization in the Group SAML identity...
EUVD-2020-27899
Malware in sbrugna...
EUVD-2023-44576
Malicious code in bioql PyPI...
CVE-2023-3950
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...
GitLab 9.4 < 13.7.8 / 13.8 < 13.8.5 / 13.9 < 13.9.2 (CVE-2021-22186)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners CVE-2021-22186 Note that Nessus has not...
BIT-GITLAB-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
Information disclosure
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...
CVE-2023-3950 Cleartext Storage of Sensitive Information in GitLab
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...
CVE-2023-3950 Cleartext Storage of Sensitive Information in GitLab
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...
CVE-2023-3950
Removed by vendor...
CVE-2023-3950 Cleartext Storage of Sensitive Information in GitLab
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...
PT-2023-26806 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.1 through 16.1.4 GitLab EE versions 16.2 through 16.2.4 GitLab EE versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab EE where an external user with an owner role on any group can escalate...
PT-2023-26981 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.2 through 16.2.4 GitLab EE versions 16.3 through 16.3.0 Description: An information disclosure issue in GitLab EE allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab has a security vulnerability that stems from the existence of an...
CVE-2022-3413
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should...
CVE-2022-3413
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should...
CVE-2022-3413
Removed by vendor...
GitLab 访问控制错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. An Access Control Error vulnerability exists in GitLab Community Edition and GitLab...