Page 28 of 297 results (0.011 seconds)

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1178.json https://gitlab.com/gitlab-org/gitlab/-/issues/381815 https://hackerone.com/reports/1778009 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0485.json https://gitlab.com/gitlab-org/gitlab/-/issues/389191 https://hackerone.com/reports/1837937 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json https://gitlab.com/gitlab-org/gitlab/-/issues/391433 https://hackerone.com/reports/1850046 •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json https://gitlab.com/gitlab-org/gitlab/-/issues/394960 https://hackerone.com/reports/1888690 • CWE-384: Session Fixation •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4376.json https://gitlab.com/gitlab-org/gitlab/-/issues/385246 https://hackerone.com/reports/1794713 •