4452 matches found
CVE-2018-19578
GitLab EE 11.5 before 11.5.1 is vulnerable to an insecure object reference that allows a user with Reporter privileges to view the Jaeger Tracing Operations page. Root cause: improper access control on the Jaeger operations page. Impact: exposure of tracing page content to users with limited perm...
CVE-2018-19584
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...
CVE-2018-19584
Summary: CVE-2018-19584 affects GitLab Enterprise Edition (GitLab EE). Versions 11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1 are vulnerable to an insecure direct object reference that allows authenticated, but unauthorized, users to view members and milestone details of p...
CVE-2018-19581
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...
CVE-2018-19581
Removed by vendor...
CVE-2018-19582
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...
CVE-2018-19582
CVE-2018-19582 affects GitLab Enterprise Edition (GitLab EE) on versions 11.4 before 11.4.8 and 11.5 before 11.5.1. The issue is an insecure direct object reference that could allow an unauthorized user to publish another user’s draft merge request comments. The connected documents confirm the af...
CVE-2018-19582
Removed by vendor...
CVE-2018-19575
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...
CVE-2018-19575
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...
CVE-2018-19575
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...
Design/Logic Flaw
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...
CVE-2018-19575
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...
CVE-2018-19575
CVE-2018-19575 affects GitLab CE/EE: versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1 are vulnerable to an insecure direct object reference that allows a user to comment on a locked issue. Root cause is an insecure direct object reference in issue commenting log...
CVE-2018-19575
Removed by vendor...
CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
Design/Logic Flaw
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the idaddressdelivery and idaddressinvoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop...
CVE-2019-13461
PrestaShop