CVE-2021-22225

Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

EUVD-2021-9371

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-22225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a...

GitLab 13.11 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4167)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after t...

libpq security update

13.11-1 - Rebase to 13.11 Resolves: 2171369...

libpq security update

13.11-1 - Update to 13.11 Resolves: 2171370...

CVE-2023-0989

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...

CVE-2023-0989 Improper Ownership Management in GitLab

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration...

PT-2023-16670 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.11 through 16.2.7 GitLab CE/EE versions 16.3 through 16.3.4 GitLab CE/EE versions 16.4 through 16.4.0 Description: An information disclosure issue in GitLab CE/EE allows an attacker to extract non-protected CI/CD...

SUSE-SU-2023:2219-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Updated to version 13.11: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that coul...

CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability in GitLab CE/EE versions 13.11 through 15.5.7 prior, 15.6...

GitLab 13.11.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 Access Control Vulnerability

GitLab is prone to an access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if descriptio...

PT-2021-6534 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.11 and up Description: The issue is related to insufficient input sanitization in markdown, allowing an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown. This can be exploited...