Page 29 of 351 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json https://gitlab.com/gitlab-org/gitlab/-/issues/388242 https://hackerone.com/reports/1829768 •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json https://gitlab.com/gitlab-org/gitlab/-/issues/387185 https://hackerone.com/reports/1805604 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json https://gitlab.com/gitlab-org/gitlab/-/issues/392665 https://hackerone.com/reports/1723124 •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json https://gitlab.com/gitlab-org/gitlab/-/issues/376046 https://hackerone.com/reports/1711497 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4462.json https://gitlab.com/gitlab-org/gitlab/-/issues/385669 https://hackerone.com/reports/1796210 •