GitLab 8.13.x < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 Improper Authorization Vulnerability

GitLab is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Design/Logic Flaw

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versio...

Cross site scripting

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting XSS through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory...

CVE-2021-46687

CVE-2021-46687 affects JFrog Artifactory: versions prior to 7.31.10 and prior to 6.23.38 are vulnerable to sensitive data exposure through the Project Administrator REST API . The underlying issue is exposed in the REST API and leads to leakage of sensitive data in affected releases. The provided...

CVE-2021-45721

CVE-2021-45721 affects JFrog Artifactory. Vulnerable through Reflected XSS in a Users REST API XHR parameter due to insufficient input validation. Affected versions: before 7.29.8 and before 6.23.38. Impact: potential client-side JavaScript execution. Remediation (as documented): upgrade to 7.29....

PT-2022-12372 · Jfrog · Jfrog Artifactory

Name of the Vulnerable Software and Affected Versions: JFrog Artifactory versions prior to 7.29.8 JFrog Artifactory versions prior to 6.23.38 Description: The issue is related to Reflected Cross-Site Scripting XSS through one of the XHR parameters in the "Users REST API endpoint". Recommendations...

JFrog Artifactory 安全漏洞

JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog that supports clustering and high-availability Docker registries, and provides an end-to-end solution for automating the tracking of artifacts from development to production. A security...

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

CVE-2022-1999

Removed by vendor...

CVE-2022-1999

CVE-2022-1999 affects GitLab CE/EE, all versions before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1. under certain conditions, an unprivileged user could change a labels description via the REST API. The issue is documented across multiple feeds (NVD, OSV, Nessus plugins) with consistent ...

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

OpenAPI Permissive Input Validation

OpenAPI specification is an API description format for REST APIs. An OpenAPI file is written in YAML or JSON and describes all the API properties like the available endpoints with the related operations or the authentication methods. The Schema object allows the definition of input and output dat...

WordPress Weblizar 8.9 Plugin - Backdoor Vulnerability

Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...

Security Bulletin: IBM MQ is vulnerable to an issue within Jackson

Summary An issue was identified with the Jackson library that is used within the IBM MQ Console to provide REST API functionality. The Jackson library is only used in IBM MQ Versions 9.2.4 and above. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerabl...

REST API falsely updates Project Category without necessary permissions

panel:bgColor=e7f4fa NOTE: This is for JIRA Server and JIRA Data Center . panel h3. Issue Summary A User with Project Administrator permissions is able to update the Project Category via REST API. But in the Jira UI only a Jira Administrator is allowed to update the Project Category. h3. Steps to...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.2.3 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Rest API Endpoint Leaked Project Categories, Project categories, status categories, issue link types, priorities, and resolutions to Unauthorised users

Affected versions of Atlassian Jira Server and Data Center allows an Un-Authenticated attacker to view Project categories, status categories, issue link types, priorities, and resolutions via an Information Disclosure vulnerability on the following Endpoints: /rest/api/2/issueLinkType...