Page 112 of 586 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 13.2. Al consultar las ramas del repositorio por medio de API, GitLab ignoraba un parámetro de consulta y devolvía una cantidad considerable de resultados • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22210.json https://gitlab.com/gitlab-org/gitlab/-/issues/322500 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 13.7. GitLab Dependency Proxy, bajo determinadas circunstancias, puede hacerse pasar por un usuario, resultando en un manejo de acceso incorrecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22211.json https://gitlab.com/gitlab-org/gitlab/-/issues/298847 • CWE-863: Incorrect Authorization •

CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 25

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de 11.9. GitLab no estaba comprobado apropiadamente archivos de imagen que fueron pasados a un analizador de archivos, lo que resultó en una ejecución de comando remoto GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files. • https://www.exploit-db.com/exploits/50532 https://github.com/Al1ex/CVE-2021-22205 https://github.com/inspiringz/CVE-2021-22205 https://github.com/mr-r3bot/Gitlab-CVE-2021-22205 https://github.com/XTeam-Wing/CVE-2021-22205 https://github.com/r0eXpeR/CVE-2021-22205 https://github.com/whwlsfb/CVE-2021-22205 https://github.com/c0okB/CVE-2021-22205 https://github.com/Seals6/CVE-2021-22205 https://github.com/antx-code/CVE-2021-22205 https://github.com/keven1z • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 12.9. GitLab era vulnerable a un ataque de tipo XSS almacenado si etiquetas de ámbito eran usadas • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22199.json https://gitlab.com/gitlab-org/gitlab/-/issues/291004 https://hackerone.com/reports/1050189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0

A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token Una vulnerabilidad de salto ruta por medio del GitLab Workhorse en todas las versiones de GitLab podría resultar en la fuga de un token JWT • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22190.json https://gitlab.com/gitlab-org/gitlab/-/issues/300281 https://hackerone.com/reports/1040786 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •