CVE-2026-3160

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a...

CVE-2026-3160

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a...

CVE-2026-3160

GitLab CVE-2026-3160 affects GitLab CE/EE versions 13.7–18.9.7, 18.10–18.10.5, and 18.11–18.11.2. An authenticated user could view Jira issues outside the configured project scope due to an integration filter that functioned only as display control rather than enforcing access boundaries. The iss...

CVE-2026-3160 Unintended Proxy or Intermediary ('Confused Deputy') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a...

EUVD-2017-18445

Malware in sbrugna...

EUVD-2018-12808

Malware in sbrugna...

EUVD-2022-35003

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.12.0 security and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.12.0 GA release images are now available, which contain security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

The "Your Jira Issues" section on the Bitbucket dashboard is fetching images via the internal Application URL rather than the external Display URL

h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce Create an Application link to Jira Instance with different "Application" and 'Display URLs' !image-2024-05-14-18-13-31-601.png|thumbnail! Block the 'Application URL' access on the client system browser using...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.6 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.5 security and bug fix container updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.5 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...

Unauthorized Access

Mattermost Jira Plugin is vulnerable to unauthorized access. The vulnerability is due to its failure to check the security level of incoming issues or restrict based on the user, allowing registered Jira users to create webhooks granting access to all Jira issues...

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.9.2 security and bug fix container updates

Red Hat Advanced Cluster Management for Kubernetes 2.9.2 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from its ability to...

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

CVE-2022-1940

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues...

Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust

h3. Issue Summary Copying and pasting a status macro or TOC over https in the browser will trigger mix content action, it will break the certificate trust on request of: Status macro plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow TOC macro...

CVE-2017-9513

Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although th...

Design/Logic Flaw

Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although th...