15 matches found
EUVD-2023-57355
Malicious code in bioql PyPI...
CVE-2023-5009
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
BIT-GITLAB-2023-3932 Incorrect User Management in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan...
CVE-2023-3932
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan...
CVE-2023-5009
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
CVE-2023-5009 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...
CVE-2023-5009
CVE-2023-5009 affects GitLab EE versions 13.12–before 16.2.7 and 16.3–before 16.3.4. An attacker could run pipeline jobs as an arbitrary user via scheduled security scan policies, bypassing CVE-2023-3932 and adding impact. The issue is described as a bypass of CVE-2023-3932 with additional impact...
PT-2023-31438 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 13.12 through 16.2.7 GitLab versions 16.3 through 16.3.4 Description: A critical vulnerability in GitLab allows attackers to run pipelines as other users, potentially granting access to internal repositories and closed project...
GitLab 13.12 < 16.2.7 / 16.3 < 16.3.4 (CVE-2023-5009)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs ...
PT-2023-5448
Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.12 through 16.2.7 GitLab EE versions 16.3 through 16.3.4 GitLab Community Edition CE versions 13.12 through 16.2.7 GitLab Community Edition CE versions 16.3 through 16.3.4 Description The issue is related to a flaw in...
Design/Logic Flaw
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan...
CVE-2023-3932 Incorrect User Management in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan...
CVE-2023-3932
Removed by vendor...
OWASP ZAP 2.4.0 - Penetration Testing Tool for Testing Web Applications
ZAP is an OWASP Flagship project, and is currently the most active open source web application security tool. For a quick introduction to the new release see this video: Some of the most significant changes include: ‘Attack’ Mode A new ‘attack’ mode has been added that means that applications tha...
[Netsparker v3.0.2.0 Community Edition] Web Application Security Scanner
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...