Page 22 of 387 results (0.003 seconds)

CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. Un manejo inapropiado de la entrada del usuario en GitLab CE/EE versiones 8.3 anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2, permitía a un atacante explotar un ataque de tipo XSS almacenado al abusar de las referencias de hitos de varias palabras en las descripciones de incidencias, comentarios, etc • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1190.json https://gitlab.com/gitlab-org/gitlab/-/issues/352392 https://hackerone.com/reports/1455036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. Una falta de tiempos de espera apropiados en GitLab Pages incluidos en GitLab CE/EE todas las versiones anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2, permite a un atacante causar un consumo no limitado de recursos • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1121.json https://gitlab.com/gitlab-org/gitlab-pages/-/issues/684 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. Una falta de filtrado en un mensaje de error en GitLab CE/EE afectando a todas las versiones anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2, expone información confidencial cuando falla una directiva de inclusión en la configuración de CI/CD • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1120.json https://gitlab.com/gitlab-org/gitlab/-/issues/343466 https://hackerone.com/reports/1408731 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab La adición de un número muy grande de etiquetas a un corredor en GitLab CE/EE afectando a todas las versiones anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2 permite a un atacante afectar al rendimiento de GitLab • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1099.json https://gitlab.com/gitlab-org/gitlab/-/issues/328593 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. Una autorización incorrecta en la funcionalidad integration's branch restriction de Asana en todas las versiones de GitLab CE/EE a partir de la versión 7.8.0 antes de la 14.7.7, todas las versiones a partir de la 14.8 anteriores a 14.8.5, todas las versiones a partir de la 14.9 anteriores a 14.9.2 permite cerrar tareas de Asana desde ramas no restringidas • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0740.json https://gitlab.com/gitlab-org/gitlab/-/issues/349359 https://hackerone.com/reports/1411216 • CWE-863: Incorrect Authorization •