2 matches found
CVE-2020-27816
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link kibana console to different one, created based on the new CR for the new kibana resource. This could lead to an...
GitLab: Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests
I've found a three minor vulnerabilities which, when combined, allow an attacker to copy private repositories, confidential issues, private snippets, and then some. I'll go through the code path to explain the vulnerabilities and how they are combined. See the Proof of Concept section if you want...