Page 16 of 473 results (0.004 seconds)

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json https://gitlab.com/gitlab-org/gitlab/-/issues/381815 https://hackerone.com/reports/1778009 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json https://gitlab.com/gitlab-org/gitlab/-/issues/394745 https://hackerone.com/reports/1881598 •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json https://gitlab.com/gitlab-org/gitlab/-/issues/404613 https://hackerone.com/reports/1923293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json https://gitlab.com/gitlab-org/gitlab/-/issues/407374 https://hackerone.com/reports/1939987 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released https://gitlab.com/gitlab-org/gitlab-pages/issues/232 • CWE-319: Cleartext Transmission of Sensitive Information •