GitLab: Attacker is able to create,Edit & delete notes and leak the title of a victim's private personal snippet

An attacker was able to create, edit, and delete notes on a victim's private personal snippet, leaking the title of the snippet on the attacker's activity page. The attack was achieved by changing the POST parameter noteabletype from "issue" to "personalsnippet" and posting a comment within a...

Consensys: CSV Injection at https://assets-paris-demo.codefi.network/

Summary: Hi consensys Security Team. I have found CSV Injection when generate report at https://assets-paris-demo.codefi.network/ CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or...

CVE-2022-2762 AdminPad < 2.2 - Note Update via CSRF

The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack...

GHSA-X58J-J539-W8MV Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29421, GHSA-ccgm-3xw4-h5p8. Reason: This candidate is a duplicate of CVE-2021-29421. Notes: All CVE users should reference CVE-2021-29421 instead of this candidate. All references and descriptions in this candidate have been removed to...

CVE-2022-43558

REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used...

UBUNTU-CVE-2022-3330

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

CVE-2022-3330

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

CVE-2022-3330

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

PT-2022-21761 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab CE/EE versions 15.0 through 15.2.4 Gitlab CE/EE versions 15.3 through 15.3.3 Gitlab CE/EE versions 15.4 through 15.4.0 Description: It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE...

CVE-2022-3330

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

CVE-2022-3330

Removed by vendor...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

New “Prestige” ransomware impacts organizations in Ukraine and Poland

The Microsoft Threat Intelligence Center MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which...

GitLab 15.0 < 15.2.5 / 15.3 < 15.3.4 / 15.4 < 15.4.1 (CVE-2022-3330)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

create-health.com.au Cross Site Scripting vulnerability OBB-2980469

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ventilateur-plafond.net Cross Site Scripting vulnerability OBB-2966102

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

semba.keizai.biz Cross Site Scripting vulnerability OBB-2965164

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AdminPad < 2.2 - Note Update via CSRF

The plugin does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack Notes are displayed in the Dashboard /wp-admin/index.php...

AdminPad < 2.2 - Note Update via CSRF

The plugin does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack PoC Notes are displayed in the Dashboard /wp-admin/index.php...