CVE-2021-39936

Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker in possession of a deploy token to access a project's disabled wiki...

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

GitLab 访问控制错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. An Access Control Error vulnerability exists in Gitlab Community Edition versio...

Tuleap Project Wiki Command Injection Vulnerability

Tuleap is a Libre suite for planning, tracking, coding and collaborating on software projects. A command injection vulnerability exists in Tuleap Project Wiki, which can be exploited by remote attackers to execute arbitrary code...

Tuleap 9.6.99.86 Command Injection Vulnerability

Exploit for php platform in category web applications Tuleap - Command Injection in Project Wiki CVE: CVE-2017-7981 CVSSv3: 9.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C Versions affected: = 8.3 and = 9.6.99.86 Introduction Tuleap is a Libre suite to plan, track, code and...

Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection

Tuleap - Command Injection in Project Wiki CVE: CVE-2017-7981 CVSSv3: 9.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C Versions affected: = 8.3 and = 9.6.99.86 Introduction Tuleap is a Libre suite to plan, track, code and collaborate on software projects. Tuleap helps development...

Command injection

Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the procopen PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this...

Tuleap 9.6.99.86 Command Injection

Tuleap - Command Injection in Project Wiki CVE: CVE-2017-7981 CVSSv3: 9.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C Versions affected: = 8.3 and = 9.6.99.86 Introduction Tuleap is a Libre suite to plan, track, code and collaborate on software projects. Tuleap helps development...