Page 120 of 749 results (0.010 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. Se descubrió un problema en GitLab Community and Enterprise Edition versiones hasta 12.2.1. Las imágenes y los archivos multimedia insertados en Markdown podrían ser apuntados hacia un servidor arbitrario, que revelaría la dirección IP de los clientes que solicitan el archivo desde ese servidor. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/55115 •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.2.1. Un IDOR en la API de notas épicas que podría resultar en la divulgación de hitos privados, etiquetas y otra información. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ee/issues/11431 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 11.10 hasta 12.2.1. Las descripciones de etiquetas son vulnerables a la inyección HTML. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/60888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 11.9.x y versiones 11.10.x anteriores a 11.10.1. Las peticiones de fusión creadas por medio del correo electrónico podrían ser usadas para omitir las reglas de inserción en ciertas situaciones. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ee/issues/11302 • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 8.15 hasta 12.2.1. Las expresiones matemáticas particulares en GitLab Markdown pueden agotar los recursos del cliente. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61410 • CWE-770: Allocation of Resources Without Limits or Throttling •