Page 21 of 566 results (0.008 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1167.json https://gitlab.com/gitlab-org/gitlab/-/issues/392715 • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json https://gitlab.com/gitlab-org/gitlab/-/issues/387185 https://hackerone.com/reports/1805604 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json https://gitlab.com/gitlab-org/gitlab/-/issues/392665 https://hackerone.com/reports/1723124 •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json https://gitlab.com/gitlab-org/gitlab/-/issues/376046 https://hackerone.com/reports/1711497 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 2.7EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1084.json https://gitlab.com/gitlab-org/gitlab/-/issues/390696 https://hackerone.com/reports/1805549 •