10 matches found
EUVD-2022-25205
Malicious code in bioql PyPI...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
GitLab 12.0.0 < 14.9.5 / 14.10.0 < 14.10.4 / 15.0.0 < 15.0.1 (CVE-2022-1936)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker...
Incorrect Authorization
gitlab is vulnerable to Incorrect Authorization. This allows a malicious attacker in possession of a project deploy token to use it from any location even if IP address restrictions were set...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
Authorization
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
CVE-2022-1936
CVE-2022-1936 is a GitLab EE vulnerability citing incorrect authorization where an attacker with a valid Project Deploy Token could misuse it from any location despite IP allowlisting. Affected versions: GitLab 12.0–before 14.9.5; 14.10–before 14.10.4; 15.0–before 15.0.1. Root cause is improper a...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...