Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page

Summary The GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query before returning data. The ping endpoint skips this check entirely,...

Uptime Kuma 安全漏洞

Uptime Kuma is an easy-to-use, self-hosted monitoring tool developed by Louis Lam as a personal project. Versions of Uptime Kuma from 2.0.0 to 2.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification that the monitored devices belonged to public groups...

EUVD-2019-8211

Malware in sbrugna...

EUVD-2021-26232

Malware in sbrugna...

EUVD-2023-44144

Malicious code in bioql PyPI...

CVE-2023-3484

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations...

CVE-2023-0805

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even...

CVE-2021-39875

In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint...

CVE-2019-18461

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control...

BIT-GITLAB-2023-0805

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to improper view permissions which allows an attacker to see pending invitations of any public group or public project by visiting an API endpoint...

CVE-2023-3484 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations...

CVE-2023-3484 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations...

CVE-2023-3484

Removed by vendor...

PT-2023-25026 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.8 through 15.11.10 GitLab EE versions 16.0 through 16.0.6 GitLab EE versions 16.1 through 16.1.1 Description: An issue has been discovered in GitLab EE, allowing an attacker to change the name or path of a public top-lev...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab EE version 12.8 up to and including...

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the possibility...

GitLab: Attacker can create malicious child epics linked to a victim's epic in an unrelated group

A vulnerability existed in GitLab that allowed an attacker to create malicious child epics linked to a victim's epic in an unrelated group. The attacker could create the malicious child epics by referring to the victim's epic via the parentid. The vulnerability was due to the lack of proper acces...

DRUPAL-CONTRIB-2022-060

The Social Base theme is designed as a base theme for Open Social. This base theme holds has a lot of sensible defaults. It doesn't however contain much styling. We expect developers to want to change this for their own project. When content within the Open Social distribution is placed within a...