Lucene search
K

204 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-13313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to th...

4.3CVSS5.2AI score0.00981EPSS
Exploits0References2
Wiz blog
Wiz blog
added 2025/07/28 1:17 p.m.2 views

TraderTraitor: Deep Dive

Inside the Lazarus subgroup that’s hijacking cloud platforms, poisoning supply chains, and stealing billions in digital assets...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/07 12:0 a.m.5 views

Phantom Subgroup Poisoning: Stealth Attacks on Federated Recommender Systems

Federated recommender systems FedRec have emerged as a promising solution for delivering personalized recommendations while safeguarding user privacy. However, recent studies have demonstrated their vulnerability to poisoning attacks. Existing attacks typically target the entire user group, which...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.8 views

CVE-2022-1821

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group...

4.3CVSS6.4AI score0.00816EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 p.m.15 views

CVE-2021-39897

Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred...

5.3CVSS6.4AI score0.01001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.8 views

CVE-2021-39883

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...

4.3CVSS6.5AI score0.00747EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.3 views

CVE-2020-13313

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control...

4.3CVSS6.4AI score0.00981EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.7 views

CVE-2019-18461

An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control...

4.3CVSS6.5AI score0.0077EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/02/12 5:2 p.m.43 views

Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries

A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enabl...

10CVSS10AI score0.99999EPSS
Exploits85
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.28 views

GitLab 16.4.3 < 16.4.4 / 16.5.3 < 16.5.4 / 16.6.1 < 16.6.2 (CVE-2023-6564)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, the...

6.5CVSS6.5AI score0.0038EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:18 a.m.18 views

BIT-GITLAB-2021-39883

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows subgroup members to see epics from all parent subgroups...

4.3CVSS4.6AI score0.00747EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:18 a.m.14 views

BIT-GITLAB-2021-39897

Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred...

5.3CVSS5.2AI score0.01001EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:15 a.m.23 views

BIT-GITLAB-2022-1821

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group...

4.3CVSS4.5AI score0.00816EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:54 a.m.22 views

BIT-GITLAB-2023-6564 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or...

6.5CVSS6.5AI score0.0038EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/02/08 12:15 p.m.17 views

CVE-2023-6564

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or...

6.5CVSS6.5AI score0.0038EPSS
Exploits0References1
CVE
CVE
added 2024/02/08 11:30 a.m.88 views

CVE-2023-6564

GitLab CVE-2023-6564 affects GitLab EE Premium and Ultimate versions 16.4.3, 16.5.3, and 16.6.1. In projects that use subgroups to define who can push or merge to protected branches, subgroup members with the Developer role could push or merge to those protected branches, indicating an authorizat...

6.5CVSS6.2AI score0.0038EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.4 views

GitLab Enterprise Edition Security Vulnerability

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition Premium, Ultimate 16.4.3, 16.5.3, and 16.6.1 versions, which stems from a project that uses subgroups to define who can push or merge in...

6.5CVSS6.7AI score0.0038EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/01/02 12:0 a.m.22 views

GitLab 13.11 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39883)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows...

4.3CVSS5.2AI score0.00747EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.47 views

FreeBSD : Gitlab -- vulnerabilities (e2fb85ce-9a3c-11ee-af26-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e2fb85ce-9a3c-11ee-af26-001b217b3468 advisory. - Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's...

8.8CVSS6.6AI score0.00733EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2023/12/13 12:0 a.m.24 views

Gitlab -- vulnerabilities

Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...

8.8CVSS7.8AI score0.00733EPSS
Exploits0References1
Rows per page
Query Builder