129 matches found
GitLab 11.10 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-39901)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. CVE-2021-39901 Note that Nessus has not tested for this...
Information Disclosure
gitlab is vulnerable to Information Disclosure. An admin of a group can see the SCIM token of that group by visiting a specific endpoint...
CVE-2022-4331
CVE-2022-4331 (GitLab EE) : Affects GitLab EE versions 15.1 up to but not including 15.7.8; 15.8 up to but not including 15.8.4; and 15.9 up to but not including 15.9.2. If a SAML SSO-enabled group is moved to a new namespace as a child group, a previously removed malicious maintainer/owner could...
CVE-2022-4331
An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible...
GitLab 15.1 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2022-4331)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a...
CVE-2022-41914
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...
Cross site scripting
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...
CVE-2022-41914 Non-constant-time SCIM token comparison in Zulip Server
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...
CVE-2022-41914 Non-constant-time SCIM token comparison in Zulip Server
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...
CVE-2022-41914 Non-constant-time SCIM token comparison in Zulip Server
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...
CVE-2022-41914
Zulip Server versions 5.0–5.6 are affected by a non-constant-time SCIM bearer token comparison, enabling potential timing attacks to infer the token value and impersonate the SCIM client to read or update user accounts within an organization. Impact is limited to deployments with SCIM account man...
Design/Logic Flaw
Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML...
PT-2022-20545 · Wire · Wire
Name of the Vulnerable Software and Affected Versions: Wire versions prior to 2022-07-12/Chart 4.19.0 Description: The issue allows an attacker to delete all SAML authenticated accounts of a targeted team, authenticate as a user of the attacked team, and create arbitrary accounts in the context o...
CVE-2022-31122 Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation
Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML...
GitLab Security Issues: Six Months of Vulnerabilities
Have you ever thought the most popular CI/CD platform – GitLab – may have security issues? In fact, it is inevitable with such a massive infrastructure. Don’t worry! The platform is still reasonably secure: it scores well over 700 on BitSight, monitors alerts in real-time, and addresses them...
GitLab 11.0 < 14.9.5 / 14.10.0 < 14.10.4 / 15.0.0 < 15.0.1 (CVE-2022-1680)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0...
Code injection
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...