Page 188 of 1028 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. Se encontró un problema en GitLab Community and Enterprise Edition anterior11.7.10, 11.8.x anterior 11.8.6, and 11.9.x anterior 11.9.4.Un problema de validación de entrada de expresiones regulares para el valor de refs .gitlab-ci.yml permite el consumo de recursos no controlados. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/49665 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. Se descubrió un problema en GitLab Enterprise Edition antes de la versión 11.7.11, 11.8.x anterior a la versión 11.8.7, y 11.9.x anterior a 11.9.7. Permite la Divulgación de Información. • http://www.securityfocus.com/bid/108301 https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released https://about.gitlab.com/blog/categories/releases •

CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 1

GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. GitLab Community y Enterprise Edition versiones posteriores a 8.9 y anteriores a 11.5.0-rc12, 11.4.6, y 11.3.10 tienen Control de Acceso Incorrecto. • https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/54189 •

CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 0

GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. GitLab CE & EE versiones posteriores a 11.2 y anteriores a 11.5.0-rc12, 11.4.6 y 11.3.10 tienen Cross-site scripting (XSS) persistente. • https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/53385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins GitLab Plugin versión 1.5.11 y anteriores, en el método de validación de formulario GitLabConnectionConnectionConfig#doTestConnection permitió a los atacantes con permiso Overall/Read conectarse a una URL especificada por el atacante, utilizando ID de credenciales especificadas por el atacante, y que fueron obtenidas por otro método, capturando las credenciales almacenadas en Jenkins. • http://www.securityfocus.com/bid/108045 https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1357 • CWE-862: Missing Authorization •