Page 32 of 181 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1825.json https://gitlab.com/gitlab-org/gitlab/-/issues/384035 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0508.json https://gitlab.com/gitlab-org/gitlab/-/issues/389328 https://hackerone.com/reports/1842314 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they import members from another project that those other users are Owners of. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2485.json https://gitlab.com/gitlab-org/gitlab/-/issues/407830 https://hackerone.com/reports/1934811 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2589.json https://gitlab.com/gitlab-org/gitlab/-/issues/407891 https://hackerone.com/reports/1941803 •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform arbitrary actions on behalf of victims. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2015.json https://gitlab.com/gitlab-org/gitlab/-/issues/407137 https://hackerone.com/reports/1941091 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •