15 matches found
EUVD-2021-26232
Malware in sbrugna...
Dust: User Limit Bypass via Pending Invitations in Workspace System
The platform's workspace user limit was found to be vulnerable to bypass through the use of pending invitations. Users were able to join a workspace by signing up with an invited email, even after the workspace had reached its user limit for the current subscription tier. This allowed an unlimite...
ROS-20250214-01
A vulnerability in the Grafana web-based data submission tool is related to the ability to delete pending pending invitations. Exploitation of the vulnerability could allow an attacker acting remotely, modify arbitrary data...
Grafana 安全漏洞
Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana 10.4.0 and earlier versions, which...
Invitation Token Circumvention
deviseinvitable is vulnerable to Invitation Token Circumvention. The vulnerability is due to improper validation of the expiry period of pending invitations, allowing attackers to accept invitations indefinitely through the password reset functionality...
GitLab 13.6 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39875)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. CVE-2021-39875 Note that Nessus has not...
PT-2023-30139 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server versions 3.11 through 3.11.0 Description: An insufficient...
Information Disclosure
gitlab is vulnerable to Information Disclosure. The vulnerability exists due to improper view permissions which allows an attacker to see pending invitations of any public group or public project by visiting an API endpoint...
CVE-2022-1385
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...
PT-2022-13846 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.x and earlier Description: The issue arises from the failure to properly invalidate pending email invitations when the action is performed from the system console. This allows accidentally invited users to join the...
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint...
UBUNTU-CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint...
CVE-2021-39875
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint...
PT-2021-22722 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.6 and later Description: The issue allows an attacker to see pending invitations of any public group or public project by visiting a specific "API endpoint". Recommendations: For GitLab CE/EE versions 13.6 and later,...
GitLab 信息泄露漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...