Page 149 of 979 results (0.007 seconds)

CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. En GitLab EE versiones 11.3 hasta 12.5.3, 12.4.5 y 12.3.8, un saneamiento de parámetro insuficiente para el registro del paquete Maven podría derivar a una escalada de privilegios y vulnerabilidades de ejecución de código remota bajo determinadas condiciones. • https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. GitLab EE versiones 8.4 hasta 12.5, 12.4.3 y 12.3.6, almacenaron varios tokens en texto plano. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/32381 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. GitLab EE versiones 12.3 hasta 12.5, 12.4.3 y 12.3.6, permite una Denegación de Servicio. Ciertos caracteres hacían imposible crear, editar o visualizar problemas y confirmaciones. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/14947 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API. GitLab EE versiones 8.14 hasta las versiones 12.5, 12.4.3 y 12.3.6, tiene un Control de Acceso Incorrecto. Después de que un proyecto cambió a privado, los repositorios previamente bifurcados podían aún ser capaces de obtener información sobre el proyecto privado mediante la API. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/28802 •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. GitLab Enterprise Edition (EE) versiones 9.0 y posteriores hasta la versión 12.5, permite una Divulgación de Información. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-522: Insufficiently Protected Credentials •