CVE-2023-1710

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue...

CVE-2025-27399

Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" localized English string: "To logged-in users", users that are not yet approved can view the block reasons. Instance admins...

CVE-2024-57509

creationtimestamp| type| source ---|---|--- 2025-01-29 03:14:02+00:00| seen| https://gist.github.com/G2FUZZ/91a1cc3b8f2b0720e984353d59023b24 2025-01-29 21:26:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113913758233447474 2025-01-29 21:31:34+00:00| seen|...

CVE-2023-47241

creationtimestamp| type| source ---|---|--- 2025-01-02 12:17:45+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2n5y77h2m 2025-01-02 15:23:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113759446210640077...

PT-2022-13821 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab EE/CE versions 11.0 through 14.8.5 Gitlab EE/CE versions 14.9 through 14.9.3 Gitlab EE/CE versions 14.10 through 14.10.0 Description: The issue is related to an insecure direct object reference vulnerability. This vulnerability may all...

CVE-2019-15074

CVE-2019-15074 describes a stored XSS in MantisBT (Timeline feature in my_view_page.php) affecting versions up to 2.21.1. The vulnerability occurs when an attacker uploads an attachment with a crafted filename; the injected script is executed for any user who can view the issue when My View Page ...

CVE-2019-10116

An Insecure Permissions issue issue 3 of 3 was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue...

UBUNTU-CVE-2017-16804

In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages...

CVE-2017-16804

In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages...

Issues not shown in issue navigator that a user has permission for according to the issue security level

Users may not be able to see certain issues in the IssueNavigator, if they create an issue level security, where the permission depends on a user custom field where the customfield does not have a searcher set. Browsing the issue directly, works fine, however when running a search the issue wont ...