CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

BIT-GITLAB-2023-0838

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...

PYSEC-2023-171

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticatedusers who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.Users are strongly advise...

PT-2023-8625 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.7.1 Description: The issue allows authenticated users who have access to see the task/dag in the UI to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be...

UBUNTU-CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

PT-2023-20540 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 15.11.9 GitLab CE/EE versions 16.0 through 16.0.5 GitLab CE/EE versions 16.1 through 16.1.0 Description: An issue has been discovered that allows a maintainer to modify a webhook URL and leak masked webhook...

CVE-2023-0838

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...

UBUNTU-CVE-2023-0838

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342...

CVE-2023-0838

GitLab CVE-2023-0838 affects GitLab CE/EE versions 15.1–15.8.4, 15.9.0–15.9.3, and 15.10.0–15.10.0 (i.e., before 15.8.5, 15.9.4, and 15.10.1). The issue allows a maintainer to modify a webhook URL to leak masked webhook secrets by adding a new parameter to the URL, addressing an incomplete fix fo...

PT-2023-14198 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.1 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2 Description: A malicious Maintainer can leak masked webhook secrets by changing the target URL of the webhook...

RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5555 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to...

CVE-2022-31051

A vulnerability was found in semantic-release. Secrets that are normally masked are accidentally disclosed if they contain characters excluded from uri encoding by encodeURI. The vulnerability is further limited to execution contexts where push access to the related repository is unavailable...