Page 12 of 418 results (0.007 seconds)

CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones posteriores a 13.7 anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. La sanitización inadecuada de la entrada del nombre de usuario permite solicitudes PUT de API arbitrarias. • https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released https://gitlab.com/gitlab-org/gitlab/-/issues/430236 https://hackerone.com/reports/2225710 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project Existe una vulnerabilidad de autorización en las versiones de GitLab 14.0 anteriores a 16.6.6, 16.7 anteriores a 16.7.4 y 16.8 anteriores a 16.8.1. Un atacante no autorizado puede asignar usuarios arbitrarios a los MR que crearon dentro del proyecto. • https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released https://gitlab.com/gitlab-org/gitlab/-/issues/430726 • CWE-285: Improper Authorization CWE-425: Direct Request ('Forced Browsing') •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1

An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 12.2 anterior a 16.5.6, 16.6 anterior a 16.6.4 y 16.7 anterior a 16.7.2 en el que un atacante podría modificar los metadatos de las confirmaciones firmadas. • https://gitlab.com/gitlab-org/gitlab/-/issues/407252 https://hackerone.com/reports/1929929 • CWE-345: Insufficient Verification of Data Authenticity CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1

Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user. Verificaciones de autorización incorrectas en GitLab CE/EE desde todas las versiones desde 8.13 anteriores a 16.5.6, todas las versiones desde 16.6 anteriores a 16.6.4, todas las versiones desde 16.7 anteriores a 16.7.2, permiten que un usuario abuse de las integraciones de slack/mattermost para ejecutar slash commands como otro usuario. • https://gitlab.com/gitlab-org/gitlab/-/issues/427154 https://hackerone.com/reports/2188868 • CWE-863: Incorrect Authorization •

CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0

An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. Existe una vulnerabilidad de control de acceso inadecuado en GitLab Remote Development que afecta a todas las versiones anteriores a 16.5.6, 16.6 anterior a 16.6.4 y 16.7 anterior a 16.7.2. Esta condición permite a un atacante crear un workspace en un grupo asociado con un agente de otro grupo. A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. • https://gitlab.com/gitlab-org/gitlab/-/issues/432188 • CWE-284: Improper Access Control CWE-668: Exposure of Resource to Wrong Sphere CWE-862: Missing Authorization •