Page 34 of 228 results (0.004 seconds)

CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta una Distinción Visual Insuficiente de Homoglifos Presentados a un Usuario. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/29365 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Permite la divulgación de información (problema 5 de 6). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54353 • CWE-269: Improper Privilege Management •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Esta permite un ataque de tipo XSS (problema 1 de 2). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. GitLab versiones anteriores a 11.5.1, 11.4.8 y 11.3.11, no envían un correo electrónico a la dirección de correo electrónico anterior cuando es realizado un cambio de dirección de correo electrónico. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/39809 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. Se detectó un problema en Community and Enterprise Edition versiones anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Se presenta una vulnerabilidad de tipo SSRF en la integración de Prometheus. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ee/issues/8167 • CWE-918: Server-Side Request Forgery (SSRF) •