11 matches found
CVE-2019-11546
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge...
EUVD-2019-3217
Malware in sbrugna...
EUVD-2021-26265
Malware in sbrugna...
EUVD-2024-44207
Malicious code in bioql PyPI...
EUVD-2023-54656
Malicious code in bioql PyPI...
Gitlab -- vulnerabilities
Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...
CVE-2021-39909
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval...
CVE-2019-5474
An authorization issue was discovered in GitLab EE 12.1.2, 12.0.4, and 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions...
PT-2021-22783 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.4 through 14.3.5 GitLab CE/EE versions 14.4 through 14.4.3 GitLab CE/EE versions 14.5 through 14.5.1 Description: The issue is related to improper access control in the GitLab CE/EE API. This allows an author of a Merg...
PT-2021-22755 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.3 through 14.2.6 GitLab EE versions 14.3 through 14.3.4 GitLab EE versions 14.4 through 14.4.1 Description: The issue is related to a lack of email address ownership verification in the CODEOWNERS feature. This allows an...
FreeBSD : Gitlab -- Multiple Vulnerabilities (1cd89254-b2db-11e9-8001-001b217b3468)
Gitlab reports : GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...