Lucene search
K

27 matches found

CVE
CVE
added 2026/06/12 8:23 p.m.18 views

CVE-2026-44784

Discourse has a vulnerability where non-staff group owners can access a group’s outgoing SMTP credentials in plaintext via the group history log (/groups/:name/logs.json). Affected fields include email_password, email_username, smtp_server, smtp_port, and smtp_ssl_mode, with SMTP password being t...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48981

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description Group owners who are not administrators or moderators can view a group's outgoing email and SMTP...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

GitLab Enterprise Edition(EE) 安全漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE prior to 15.5, 18.10.8, 18.11.5, and 19.0.2 contained security vulnerabilities. These vulnerabilities were caused by improper authorization in the Group SAML identity...

8.7CVSS5.3AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27899

Malware in sbrugna...

5.5CVSS4.7AI score0.00554EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-44576

Malicious code in bioql PyPI...

5.5CVSS4.8AI score0.00212EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.5 views

CVE-2023-3950

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...

5.5CVSS6AI score0.00212EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.16 views

GitLab 9.4 < 13.7.8 / 13.8 < 13.8.5 / 13.9 < 13.9.2 (CVE-2021-22186)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners CVE-2021-22186 Note that Nessus has not...

4.9CVSS5.3AI score0.00861EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:13 a.m.27 views

BIT-GITLAB-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS5.5AI score0.0089EPSS
Exploits0References4
Prion
Prion
added 2023/09/01 11:15 a.m.120 views

Information disclosure

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...

4.7CVSS4.1AI score0.00212EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/01 10:30 a.m.18 views

CVE-2023-3950 Cleartext Storage of Sensitive Information in GitLab

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...

5.5CVSS6AI score0.00212EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/01 10:30 a.m.31 views

CVE-2023-3950 Cleartext Storage of Sensitive Information in GitLab

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...

5.5CVSS5.5AI score0.00212EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/09/01 10:30 a.m.21 views

CVE-2023-3950

Removed by vendor...

5.5CVSS5.8AI score0.00212EPSS
Exploits0
OSV
OSV
added 2023/09/01 10:30 a.m.21 views

CVE-2023-3950 Cleartext Storage of Sensitive Information in GitLab

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it...

5.5CVSS4.4AI score0.00212EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.3 views

PT-2023-26806 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.1 through 16.1.4 GitLab EE versions 16.2 through 16.2.4 GitLab EE versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab EE where an external user with an owner role on any group can escalate...

7.2CVSS6.8AI score0.00565EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.5 views

PT-2023-26981 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.2 through 16.2.4 GitLab EE versions 16.3 through 16.3.0 Description: An information disclosure issue in GitLab EE allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming...

5.5CVSS3.6AI score0.00212EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.4 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab has a security vulnerability that stems from the existence of an...

5.5CVSS6.4AI score0.00212EPSS
Exploits0References4
NVD
NVD
added 2022/11/10 12:15 a.m.21 views

CVE-2022-3413

Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should...

4.3CVSS0.00458EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/11/10 12:15 a.m.29 views

CVE-2022-3413

Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should...

4.3CVSS5.8AI score0.00458EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/11/09 12:0 a.m.24 views

CVE-2022-3413

Removed by vendor...

4.3CVSS5.8AI score0.00458EPSS
Exploits0
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.5 views

GitLab 访问控制错误漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. An Access Control Error vulnerability exists in GitLab Community Edition and GitLab...

9.9CVSS8.6AI score0.15471EPSS
Exploits0References5
Rows per page
Query Builder