16 matches found
EUVD-2020-5544
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-13284
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token CVE-2020-13284 Note that Ness...
Linux Distros Unpatched Vulnerability : CVE-2024-12570
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2...
Linux Distros Unpatched Vulnerability : CVE-2024-8641
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2...
CVE-2025-7789
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with...
CVE-2024-12570
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...
UBUNTU-CVE-2024-12570
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...
PT-2024-10153 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: An issue has been discovered in GitLab CE/EE that may have allowed an attacker with a victim's CI JOB...
UBUNTU-CVE-2024-8641
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...
BIT-GITLAB-2020-13284
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...
CVE-2020-13284
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...
UBUNTU-CVE-2020-13284
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...
Authorization
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...
CVE-2020-13284
GitLab CVE-2020-13284 affects GitLab versions prior to 13.1.10, 13.2.8, and 13.3.4, where API authorization could be compromised via an outdated CI job token. The connected sources confirm the affected branches and the specific vulnerable component (CI/job token handling) but do not provide attac...
CVE-2020-13284
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token...
FreeBSD : Gitlab -- multiple vulnerabilities (1fb13175-ed52-11ea-8b93-001b217b3468)
Gitlab reports : Vendor Cross-Account Assume-Role Attack Stored XSS on the Vulnerability Page Outdated Job Token Can Be Reused to Access Unauthorized Resources File Disclosure Via Workhorse File Upload Bypass Unauthorized Maintainer Can Edit Group Badge Denial of Service Within Wiki Functionality...