Page 16 of 401 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. Se identificó una vulnerabilidad blind SSRF en todas las versiones de GitLab EE anteriores a 15.4.6, 15.5 anteriores a 15.5.5 y 15.6 anteriores a 15.6.1 que permite a un atacante conectarse a un host local. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4335.json https://gitlab.com/gitlab-org/gitlab/-/issues/353018 https://hackerone.com/reports/1462437 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. En Gitlab EE/CE anterior a 15.6.1, 15.5.5 y 15.4.6, el uso de una rama con un nombre hexadecimal podía anular un hash existente. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json https://gitlab.com/gitlab-org/gitlab/-/issues/374082 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers. Se ha descubierto un problema en GitLab en el que se ven afectadas todas las versiones de la 9.3 a la 15.4.6, de la 15.5 a la 15.5.5 y de la 15.6 a la 15.6.1. Era posible que un mantenedor de proyecto filtrara un token secreto de webhook cambiando la URL del webhook a un endpoint que les permitiera capturar encabezados de peticiones. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json https://gitlab.com/gitlab-org/gitlab/-/issues/382260 https://hackerone.com/reports/1758126 •

CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks. Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 9.3 anteriores a 15.4.6, todas las versiones desde 15.5 anteriores a 15.5.5, todas las versiones desde 15.6 anteriores a 15.6.1. Un responsable del proyecto pudo desenmascarar los tokens secretos de los webhooks revisando los registros después de probar los webhooks. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json https://gitlab.com/gitlab-org/gitlab/-/issues/381895 https://hackerone.com/reports/1757999 •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Una consulta del servidor Prometheus manipulada puede provocar un alto consumo de recursos y provocar una denegación de servicio. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3613.json https://gitlab.com/gitlab-org/gitlab/-/issues/378456 https://hackerone.com/reports/1723106 •