16 matches found
EUVD-2024-49517
Malicious code in bioql PyPI...
CVE-2024-8977
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks...
BIT-GITLAB-2024-8977 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks...
CVE-2024-8977
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks...
CVE-2024-8977 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks...
CVE-2024-8977 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks...
CVE-2024-8977
CVE-2024-8977 describes a Server‑Side Request Forgery (SSRF) in GitLab EE affecting versions from 15.10 up to 17.2.9, 17.3 up to 17.3.4, and 17.4 up to 17.4.2 when the Product Analytics Dashboard is configured and enabled. The vulnerability is exploitable over the network with no user interaction...
CVE-2024-8977 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks...
CVE-2024-8977
Removed by vendor...
PT-2024-6938 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.10 through 17.2.8 GitLab EE versions 17.3 through 17.3.4 GitLab EE versions 17.4 through 17.4.1 Description: An issue has been discovered in GitLab EE that could allow a remote attacker to perform a Server-Side Request...
CVE-2023-46746
CVE-2023-46746 concerns PostHog (self-hosted) where a server-side request forgery (SSRF) vulnerability could be exploited by authenticated users. The root cause is that PostHog did not verify whether a URL is local when enabling webhooks, allowing an authenticated user to forge a POST request. Th...
CVE-2021-32852
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...
Cross site scripting
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...
CVE-2021-32852 countly-server vulnerable to Cross-site Scripting
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched i...
CVE-2021-32852
Countly countly-server (prior to 21.11, community edition) is vulnerable to cross-site scripting (XSS) via malicious links or redirects. An attacker must have or create an account, and successful exploitation results in script execution in the victim’s browser. The issue is patched in version 21....
Default credentials
countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this...