Page 25 of 676 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. Se identificó una vulnerabilidad blind SSRF en todas las versiones de GitLab EE anteriores a 15.4.6, 15.5 anteriores a 15.5.5 y 15.6 anteriores a 15.6.1 que permite a un atacante conectarse a un host local. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4335.json https://gitlab.com/gitlab-org/gitlab/-/issues/353018 https://hackerone.com/reports/1462437 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. Un blind SSRF en GitLab CE/EE que afecta a todas las versiones 11.3 anteriores a 15.4.6, 15.5 anteriores a 15.5.5 y 15.6 anteriores a 15.6.1 permite a un atacante conectarse a direcciones locales al configurar un GitLab Runner malicioso. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4201.json https://gitlab.com/gitlab-org/gitlab/-/issues/30376 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. En Gitlab EE/CE anterior a 15.6.1, 15.5.5 y 15.4.6, el uso de una rama con un nombre hexadecimal podía anular un hash existente. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json https://gitlab.com/gitlab-org/gitlab/-/issues/374082 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers. Se ha descubierto un problema en GitLab en el que se ven afectadas todas las versiones de la 9.3 a la 15.4.6, de la 15.5 a la 15.5.5 y de la 15.6 a la 15.6.1. Era posible que un mantenedor de proyecto filtrara un token secreto de webhook cambiando la URL del webhook a un endpoint que les permitiera capturar encabezados de peticiones. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4054.json https://gitlab.com/gitlab-org/gitlab/-/issues/382260 https://hackerone.com/reports/1758126 •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json https://gitlab.com/gitlab-org/gitlab/-/issues/377802 https://hackerone.com/reports/1725841 • CWE-862: Missing Authorization •