EUVD-2023-59151

Malicious code in bioql PyPI...

CVE-2023-6955

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite

GitLab once again released fixes to address a critical security flaw in its Community Edition CE and Enterprise Edition EE that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An...

CVE-2024-0402

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

UBUNTU-CVE-2024-0402

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

PT-2024-1286

Name of the Vulnerable Software and Affected Versions GitLab versions 16.0 through 16.5.7 GitLab versions 16.6 through 16.6.5 GitLab versions 16.7 through 16.7.3 GitLab versions 16.8 through 16.8.0 Description The issue is related to an incorrect restriction of the path name to a directory with...

UBUNTU-CVE-2023-6955

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

CVE-2023-6955 Missing Authorization in GitLab

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group...

Slack: Unauthorized access to GovSlack

An unauthorized user could create a workspace on GovSlack by copying and sending a fetch request payload from slack.com to slack-gov.com, which would bypass the disabled option to create a workspace for new users. This could result in unauthorized access to GovSlack...

Slack: Workspace configuration metadata disclosure

Slack allows users to create a Workspace using the Get Started page, located at https://slack.com/get-started/create. This process uses workspace metadata to direct the user-provided email address to existing Slack accounts. However, if a domain pertaining to an Enterprise customer is submitted...