Page 107 of 710 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 8.6 hasta 12.2.1. Bajo condiciones muy específicas, los títulos de commit y los comentarios de los miembros del equipo podrían ser visualizables para usuarios que no tenían permiso para acceder a ellos. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/64711 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 7.12 hasta 12.2.1. El nombre predeterminado de la derivación especificada podría estar expuesto a usuarios no autorizados. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61210 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 12.2 hasta 12.2.1. La API de importación de proyectos podría ser usada para omitir las restricciones de visibilidad del proyecto. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/57015 •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.2.1. Los no miembros eran capaces de comentar en las peticiones de fusión a pesar de que el repositorio se configuró para permitir que solo los miembros del proyecto lo hagan. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/60465 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 8.14 hasta 12.2.1. La integración de Jira contiene una vulnerabilidad de tipo SSRF como resultado de una omisión de los mecanismos de protección actuales contra este tipo de ataque, lo que permitiría enviar peticiones a cualquier recurso accesible en la red local por parte del servidor de GitLab. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61349 • CWE-918: Server-Side Request Forgery (SSRF) •