29 matches found
EUVD-2011-2947
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-39884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are pa...
SUSE CVE-2011-2380
Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during 1 bug creation or 2 bug editing...
SUSE CVE-2011-2979
Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756...
UBUNTU-CVE-2021-39884
In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project...
PT-2021-22730 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 8.13 and later Description: The issue concerns an endpoint that discloses names of private groups with access to a project to low-privileged users who are part of that project. Recommendations: For GitLab EE versions 8.13 a...
GitLab Incorrect Access Control Vulnerability
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
GitLab CE/EE Incorrect Access Control Vulnerability (CNVD-2019-23573)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. An incorre...
CVE-2018-19494
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names...
CVE-2018-19494
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names...
Design/Logic Flaw
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names...
CVE-2018-19494
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names...
CVE-2018-19494
GitLab CE/EE 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 contain an incorrect access control vulnerability that allows an unauthorized user to view private group names. This is a direct access issue in GitLab’s group-name visibility. A fix was released with GitLab security...
CVE-2018-19494
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names...
CVE-2018-19494
Removed by vendor...
GitLab: [Subgroups] Unprivileged User Can Disclose Private Group Names
Hi @briann and team, Congratulations on the launch of GitLab 9.0! While exploring Subgroup functionality, I noticed that an unprivileged user can disclose private group names by incrementing the parentid parameter. Proof of Concept To reproduce this issue, I set up a fresh GitLab 9.0 CE server an...
FreeBSD Ports: bugzilla
The remote host is missing an update to the system as announced in the referenced advisory. VID 2b841f88-2e8d-11e2-ad21-20cf30e32f6d OpenVAS Vulnerability Test $ Description: Auto generated from VID 2b841f88-2e8d-11e2-ad21-20cf30e32f6d Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
CVE-2012-4198
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover privat...
Design/Logic Flaw
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover privat...
CVE-2012-4198
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover privat...