Page 101 of 548 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una divulgación de datos sensibles en los logs Sidekiq mediante un mensaje de error. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/46967 https://gitlab.com/gitlab-org/gitlab-ce/issues/49272 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.6, versiones 10.8.x anteriores a la 10.8.5 y versiones 11.x anteriores a la 11.0.1. La wiki contiene un problema de Cross-Site Scripting (XSS) persistente debido a la falta de cifrado de salida que afecta a una característica de marcado determinada. • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/46957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 10.7.x anteriores a la 10.7.6. El uso de "url_for" contenía un problema de Cross-Site Scripting (XSS) debido a que se permiten protocolos arbitrarios como parámetro. • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/45168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.6, versiones 10.8.x anteriores a la 10.8.5 y versiones 11.x anteriores a la 11.0.1. La característica charts contenía un problema de Cross-Site Scripting (XSS) persistente debido a la falta de cifrado de salida. • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/45903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir una divulgación de información porque la característica de métricas de Prometheus revela nombres de rutas de proyectos privados. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-com/infrastructure/issues/4423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •