Lucene search
K

135 matches found

Wallarm Lab
Wallarm Lab
added 2022/08/01 1:31 p.m.178 views

GitLab Security Issues: Six Months of Vulnerabilities

Have you ever thought the most popular CI/CD platform – GitLab – may have security issues? In fact, it is inevitable with such a massive infrastructure. Don’t worry! The platform is still reasonably secure: it scores well over 700 on BitSight, monitors alerts in real-time, and addresses them...

7.5CVSS0.87369EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2022/06/28 12:0 a.m.41 views

GitLab 11.0 < 14.9.5 / 14.10.0 < 14.10.4 / 15.0.0 < 15.0.1 (CVE-2022-1680)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0...

9.9CVSS8.8AI score0.15471EPSS
Exploits0References3
Prion
Prion
added 2022/06/06 6:15 p.m.23 views

Code injection

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

6.5CVSS8.5AI score0.15471EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/06/06 6:15 p.m.34 views

CVE-2022-1680

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

9.9CVSS7.2AI score0.15471EPSS
Exploits0References2
CVE
CVE
added 2022/06/06 5:5 p.m.148 views

CVE-2022-1680

The CVE-2022-1680 vulnerability, described across multiple sources, affects GitLab Enterprise Edition with group SAML SSO when SCIM is enabled. Affected versions are 11.10 up to 14.9.5, 14.10 up to 14.10.4, and 15.0 up to 15.0.1. The root issue is that SCIM, available on Premium+ groups, could al...

9.9CVSS8.3AI score0.15471EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/06/06 5:5 p.m.32 views

CVE-2022-1680

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

9.9CVSS6.6AI score0.15471EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/06/06 5:5 p.m.153 views

CVE-2022-1680

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

9.9CVSS9.2AI score0.15471EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2022/06/03 3:1 p.m.59 views

GitLab Issues Security Patch for Critical Account Takeover Vulnerability

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of...

1.4AI score0.15471EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 3:47 a.m.5 views

com.yubico.java:yubico-validation-client (=2.0RC3), com.yubico:yubico-jaas-module (>=2.0.1 <=3.1.0) +4 more potentially affected by CVE-2014-3607 via edu.vt.middleware:vt-ldap (>=3.3.2 <=3.3.5)

edu.vt.middleware:vt-ldap MAVEN version =3.3.2, =2.0.1, =2.0.0, =2.2.0, =2.0.0, =2.3.0 Source cves: CVE-2014-3607 Source advisory: OSV:GHSA-273V-G3X4-R3RC...

5.9CVSS6.2AI score0.00867EPSS
Exploits0
Cvelist
Cvelist
added 2022/03/16 5:40 p.m.20 views

CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server

wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...

9.1CVSS9.4AI score0.0067EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/16 12:0 a.m.5 views

Wire 数据伪造问题漏洞

Wire is a chat program from the German company Wire. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. A data forgery vulnerability exists in Wire Wire-server, which stems from the...

9.1CVSS7.7AI score0.0067EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/03/03 1:17 p.m.24 views

How to Automate Offboarding to Keep Your Company Safe

In the midst of 'The Great Resignation,' the damage from employees or contractors leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. When...

0.3AI score
Exploits0
NVD
NVD
added 2021/11/05 12:15 a.m.15 views

CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

4CVSS0.00913EPSS
Exploits0References3
OSV
OSV
added 2021/11/05 12:15 a.m.20 views

CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

2.7CVSS6.5AI score0.00913EPSS
Exploits0References3
OSV
OSV
added 2021/11/05 12:15 a.m.2 views

UBUNTU-CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

2.7CVSS5.8AI score0.00913EPSS
Exploits0References2
Prion
Prion
added 2021/11/05 12:15 a.m.16 views

Code injection

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

4CVSS3.9AI score0.00913EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/11/04 11:9 p.m.64 views

CVE-2021-39901

CVE-2021-39901 affects GitLab CE/EE (all versions since 11.10). The vulnerability allows any admin of a group to view that group’s SCIM token by accessing a specific endpoint. The impact is exposure of SCIM credentials for the group, as described in multiple sources. The connected documents confi...

4CVSS3.9AI score0.00913EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/11/04 11:9 p.m.36 views

CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

2.7CVSS4.4AI score0.00913EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/11/04 11:9 p.m.21 views

CVE-2021-39901

Removed by vendor...

4CVSS5.8AI score0.00913EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.4 views

PT-2021-22748 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 and later Description: The issue allows an admin of a group to see the SCIM token of that group by visiting a specific endpoint. Recommendations: For GitLab CE/EE versions 11.10 and later, consider restricting acce...

4CVSS3.1AI score0.00913EPSS
Exploits0References11
Rows per page
Query Builder