EUVD-2021-26257

Malware in sbrugna...

CVE-2022-4331

An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible...

CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

BIT-GITLAB-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

GitLab 11.10 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-39901)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. CVE-2021-39901 Note that Nessus has not tested for this...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An admin of a group can see the SCIM token of that group by visiting a specific endpoint...

CVE-2022-4331

CVE-2022-4331 (GitLab EE) : Affects GitLab EE versions 15.1 up to but not including 15.7.8; 15.8 up to but not including 15.8.4; and 15.9 up to but not including 15.9.2. If a SAML SSO-enabled group is moved to a new namespace as a child group, a previously removed malicious maintainer/owner could...

CVE-2022-4331

An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible...

GitLab 15.1 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2022-4331)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a...

CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

Code injection

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

UBUNTU-CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

CVE-2021-39901

CVE-2021-39901 affects GitLab CE/EE (all versions since 11.10). The vulnerability allows any admin of a group to view that group’s SCIM token by accessing a specific endpoint. The impact is exposure of SCIM credentials for the group, as described in multiple sources. The connected documents confi...

CVE-2021-39901

Removed by vendor...

PT-2021-22748 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 and later Description: The issue allows an admin of a group to see the SCIM token of that group by visiting a specific endpoint. Recommendations: For GitLab CE/EE versions 11.10 and later, consider restricting acce...

FreeBSD : Gitlab -- Multiple Vulnerabilities (33557582-3958-11ec-90ba-001b217b3468)

Gitlab reports : Stored XSS via ipynb files Pipeline schedules on imported projects can be set to automatically active after import Potential Denial of service via Workhorse Improper Access Control allows Merge Request creator to bypass locked status Projects API discloses ID and name of private...

GitLab Information Disclosure Vulnerability (CNVD-2021-91180)

GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An information disclosure vulnerability exists in GitLab CE/EE, which ste...