Page 29 of 452 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

28 Jan 2020 — An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. Se detectó un problema de divulgación de información en GitLab CE/EE versiones 8.14 y posteriores, mediante el uso de la funcionalidad move issue lo que podría resultar en la divulgación del ID de un problema creado recientemente. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

28 Jan 2020 — A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. Se detectó un problema de fallo de protección de un reenlace de DNS en GitLab CE/EE versiones 10.2 y posteriores, en el archivo "url_blocker.rb" que podría resultar en vulnerabilidad de tipo SSRF donde la biblioteca es utilizada. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

28 Jan 2020 — A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. Se detectó un problema de escalada de privilegios en GitLab CE/EE versiones 9.0 y posteriores, cuando los tokens de activación no son rotados una vez que la propiedad de ellos ha cambiado. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-613: Insufficient Session Expiration •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 9.1 hasta la versión 12.6.1. tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 8.13 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 5.1 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

13 Jan 2020 — An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. Se descubrió un problema en GitLab Enterprise Edition (EE) versiones 8.9.0 hasta la versión 12.6.1. Usando la funcionalidad de importación de proyectos, fue posible que alguien obtuviera problemas a partir de proyectos privados. • https://about.gitlab.com/blog/categories/releases •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

05 Jan 2020 — GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. GitLab EE versiones 8.4 hasta 12.5, 12.4.3 y 12.3.6, almacenaron varios tokens en texto plano. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0

05 Jan 2020 — GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API. GitLab EE versiones 8.14 hasta las versiones 12.5, 12.4.3 y 12.3.6, tiene un Control de Acceso Incorrecto. Después de que un proyecto cambió a privado, los repositorios previamente bifurcados podían aún ser capaces de obtener información sobre el proyecto privado mediante la API. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

03 Jan 2020 — GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. GitLab Enterprise Edition (EE) versiones 9.0 y posteriores hasta la versión 12.5, permite una Divulgación de Información. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released • CWE-522: Insufficiently Protected Credentials •