22 matches found
kroki 安全漏洞
kroki is an open source icon creation tool from Yuzu tech. A security vulnerability exists in kroki, which stems from an insufficient cleanup of the convert function, which could result in sending requests to arbitrary URLs and disclosing sensitive information...
Linux Distros Unpatched Vulnerability : CVE-2023-0050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions...
CVE-2023-0050
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
BIT-GITLAB-2023-0050
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
GitLab < 15.7.8 (SECURITY-RELEASE-GITLAB-15-9-2-RELEASED)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A speciall...
Cross-Site Scripting (XSS)
gitlab is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in an attacker to use a specially crafted Kroki diagram to inject and execute arbitrary javascript...
CVE-2023-0050
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
CVE-2023-0050
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
UBUNTU-CVE-2023-0050
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
Cross site scripting
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
CVE-2023-0050
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
CVE-2023-0050
Removed by vendor...
CVE-2023-0050
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
CVE-2023-0050
GitLab vulnerability CVE-2023-0050 affects GitLab versions 13.7–15.7.8, 15.8–15.8.4, and 15.9–15.9.2. A specially crafted Kroki diagram can trigger a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims. Root cause is an XSS condition via Kroki rende...
CVE-2023-0050
An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...
PT-2023-15972
Name of the Vulnerable Software and Affected Versions GitLab versions 13.7 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 Description An issue has been discovered in GitLab where a specially crafted Kroki diagram could lead to a stored XSS on the client sid...
GitLab 跨站脚本漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from a specially craft...
FreeBSD : Gitlab -- Multiple Vulnerabilities (f7c5b3a9-b9fb-11ed-99c6-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f7c5b3a9-b9fb-11ed-99c6-001b217b3468 advisory. - An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8,...
GitLab 13.7 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2023-0050)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A speciall...
GitLab: Stored XSS via Kroki diagram
Arbitrary javascript could be executed when a victim views a comment on GitLab due to a stored XSS vulnerability via Kroki diagram. This was possible by crafting a pre block so that arbitrary attributes can be injected into the resulting img tag. The vulnerability was caused by the lang attribute...