135 matches found
GitLab Security Issues: Six Months of Vulnerabilities
Have you ever thought the most popular CI/CD platform – GitLab – may have security issues? In fact, it is inevitable with such a massive infrastructure. Don’t worry! The platform is still reasonably secure: it scores well over 700 on BitSight, monitors alerts in real-time, and addresses them...
GitLab 11.0 < 14.9.5 / 14.10.0 < 14.10.4 / 15.0.0 < 15.0.1 (CVE-2022-1680)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0...
Code injection
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...
CVE-2022-1680
The CVE-2022-1680 vulnerability, described across multiple sources, affects GitLab Enterprise Edition with group SAML SSO when SCIM is enabled. Affected versions are 11.10 up to 14.9.5, 14.10 up to 14.10.4, and 15.0 up to 15.0.1. The root issue is that SCIM, available on Premium+ groups, could al...
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...
CVE-2022-1680
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...
GitLab Issues Security Patch for Critical Account Takeover Vulnerability
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of...
com.yubico.java:yubico-validation-client (=2.0RC3), com.yubico:yubico-jaas-module (>=2.0.1 <=3.1.0) +4 more potentially affected by CVE-2014-3607 via edu.vt.middleware:vt-ldap (>=3.3.2 <=3.3.5)
edu.vt.middleware:vt-ldap MAVEN version =3.3.2, =2.0.1, =2.0.0, =2.2.0, =2.0.0, =2.3.0 Source cves: CVE-2014-3607 Source advisory: OSV:GHSA-273V-G3X4-R3RC...
CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...
Wire 数据伪造问题漏洞
Wire is a chat program from the German company Wire. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. A data forgery vulnerability exists in Wire Wire-server, which stems from the...
How to Automate Offboarding to Keep Your Company Safe
In the midst of 'The Great Resignation,' the damage from employees or contractors leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. When...
CVE-2021-39901
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...
CVE-2021-39901
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...
UBUNTU-CVE-2021-39901
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...
Code injection
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...
CVE-2021-39901
CVE-2021-39901 affects GitLab CE/EE (all versions since 11.10). The vulnerability allows any admin of a group to view that group’s SCIM token by accessing a specific endpoint. The impact is exposure of SCIM credentials for the group, as described in multiple sources. The connected documents confi...
CVE-2021-39901
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...
CVE-2021-39901
Removed by vendor...
PT-2021-22748 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 and later Description: The issue allows an admin of a group to see the SCIM token of that group by visiting a specific endpoint. Recommendations: For GitLab CE/EE versions 11.10 and later, consider restricting acce...