Page 21 of 518 results (0.008 seconds)

CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released https://gitlab.com/gitlab-org/gitaly/issues/1801 https://gitlab.com/gitlab-org/gitaly/issues/1802 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 3.7EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3375.json https://gitlab.com/gitlab-org/gitlab/-/issues/376041 https://hackerone.com/reports/1710533 •

CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json https://gitlab.com/gitlab-org/gitlab/-/issues/388962 https://hackerone.com/reports/1831547 •

CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json https://gitlab.com/gitlab-org/gitlab/-/issues/383745 https://hackerone.com/reports/1784294 •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1167.json https://gitlab.com/gitlab-org/gitlab/-/issues/392715 • CWE-862: Missing Authorization •