Improper Authorization

gitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...

Improper Authentication

GitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...

Missing Sanitization

gitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...

Use Of Hard-coded Credentials

gitLab is vulnerable to Use of Hard-coded Credentials. This vulnerability exists because of hardcoded passwords being set for accounts registered through omniauth in gitLab, resulting in an authentication issue...

Improper Neutralization

gtLab is vulnerable to Improper Neutralization. This vulnerability exists because it does not properly validate HTML input, allowing an attacker to inject malicious code into the browser...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability allows an attack to occur through the repository mirroring feature in gitlab resulting in a blind SSRF...

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape user input in multi-word milestone references in issue descriptions and comments, etc, allowing an attacker to inject and execute malicious javascript on victim's browser...

Information Disclosure

gitlab is vulnerable to Information Disclosure. Under certain conditions, improper access control in the library allows a malicious actor to gain information of the most recent commit in a private project via Merge Requests...

Denial Of Service (DoS)

github.com/pcre2project/pcre2 is vulnerable to Denial Of Service DoS. A malicious user is able to cause an integer overflow via triggering an infinite loop through a negative input, causing the application to crash...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. Because OpenAPI documents are not sandboxed, an attacker is able to deceive a user into clicking on the Swagger OpenAPI reader and issuing HTTP requests that harm the victim's account...

Information Disclosure

gitlab is vulnerable to Information Disclosure. When external authorization is enabled, a group owner may be able to overcome it in order to access git repositories and package registries by utilizing deploy tokens or deploy keys...

Authorization Bypass

phpLiteAdmin is vulnerable to Authorization Bypasses. Due to improper permissions checks an authenticated attacker is able to perform unauthorized operations such as read, add or edit a user's private snippet...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. An attacker might use a forged CI job artifact zip file in a project that employs dynamic child pipelines to cause a sidekiq task to use a large amount of RAM. This may result in a Denial of Service on GitLab instances where Sidekiq is...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An improper access control vulnerability allows an unauthorized user to access pipeline analytics even when public pipelines are disabled, resulting in disclosure of sensitive information...

Information Disclosure

gitlab is vulnerable to Information Disclosure. Missing validation in DAST analyzer allows custom request headers to be sent with every request, regardless of the host...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. Due to a regex check, the API for changing asset links produced backtracks, resulting in significant CPU consumption for some user-supplied values, causing the application to crash...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. A business logic error in Project Import under certain conditions may show an unauthorized user in the Access Granted column in the project membership pages, which allows an authenticated attacker to bypass authorizations...

Information Disclosure

org.jenkins-ci.plugins:dimensionsscm is vulnerable to Information Disclosure. A remote authenticated attacker is able to retrieve a login certificate of a victim via tricking them into using an attacker-controlled Dimensions CM server, resulting in disclosure of sensitive information...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. A lack of appropriate timeouts allows an attacker to cause unlimited resource consumption, resulting in denial of service conditions...

Information Disclosure

twisted is vulnerable to Information Disclosure. Missing filtering of an error message exposes sensitive information to authenticated attackers, when an include directive fails in the CI/CD configuration...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An improper authorization issue allows Guest project members to access trace log of jobs when it is enabled, resulting in disclosure of sensitive information...

Information Disclosure

org.jenkins-ci.plugins:dimensionsscm is vulnerable to Information Disclosure. A remote authenticated attacker with Item/Configure permission is able to gain access to confidential user credentials due to improper authorization checks, resulting in the disclosure of sensitive information...

Improper Authorization

gitlab is vulnerable to Improper Authorization. The vulnerability allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project...

Improper Access Control

org.springframework.security:spring-security-config is vulnerable to Improper Access Control. The vulnerability exists due to lack of checks in multiple files, which allows an attacker to use as a pattern in the configurations for WebFlux, creating a mismatch in pattern matching, resulting in a...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string, resulting in an application crash...

Remote Code Execution (RCE)

suricata is vulnerable to Remote Code Execution RCE. Lack of proper checking user input allows an attacker who controls an external source of Lua rules to upload and execute malicious code on the system...

Directory Traversal

suricata is vulnerable to Directory Traversal. A dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. The library does not correctly handle bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. An attacker can crash the application by using the math feature with a specific formula in issue comments...

Uncontrolled Resource Consumption

gitlab is vulnerable to Uncontrolled Resource Consumption. This occurs when a timeout is triggered on a page with markdown when using specific amounts of block-quotes...

Improper Privilege Management

gitlab is vulnerable to Improper Privilege Management. The vulnerability exists because the missing sanitization of HTML attributes in Jupyter notebooks, which allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

Missing Authorization

odoo is vulnerable to Missing Authorization. The vulnerability exists due to the issue in the sandboxing, which allows an attacker to access and modify the database contents of other tenants in a multi-tenant system...

Improper Access Control

odoo is vulnerable to Improper Access Control. The vulnerability allows an attacker to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

Improper Access Control

odoo is vulnerable to Improper Access Control. The vulnerability exists in reporting engine of l10nfrfec module, which allows an attacker to extract accounting information via crafted RPC packets...

Improper Input Validation

odoo is vulnerable to Improper Input Validation. The vulnerability exists due to the sandboxing issue in the library, which allows an authenticated attacker to read and write local files on the server...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of input validation of the library, which allows an attacker to inject and execute malicious code via the import from the GitHub API endpoint...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the library's search option allows authenticated users to search other users by their respective private emails, even if a user sets their email to private...

Authorization Bypass

gitlab is vulnerable to Authorization Bypass. The vulnerability exists due to the improper access control in the library, which allows project non-members to retrieve the service desk email address...

Authorization Bypass

gitlab is vulnerable to Authorization Bypass. The vulnerability exists due to improper access control in the library, which allows non-members of the project to retrieve issue details when it is linked to an item from the vulnerability dashboard...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of sanitization in the external status checks of the library, allowing an attacker to inject and execute malicious javascript...

Information Disclosure

gitlab is vulnerable to Information Disclosure. An attacker can read repository content by an unauthorised user if a project member used a crafted link...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. An attacker can trigger high CPU usage via a special crafted input added in the Commit message field, leading to an application crash...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists because the attacker can add maliciously crafted content to the library's description section, leading to high CPU usage and crashing the application...

Open Redirect

gitlab is vulnerable to Open Redirect. The vulnerability exists due to the lack of sanitization in the input URLs of the library, which allows an attacker to redirect users to malicious URLs...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of sanitization in the colour feature of the library, which allows an attacker to inject and execute malicious javascript...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. An authenticated user is able to upload and execute malicious code on the system via the Import from GitHub API endpoint...

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists because the shared address spaces are not blocked for requests, allowing an attacker to cause blind SSRF attacks...