Page 36 of 424 results (0.011 seconds)

CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json https://gitlab.com/gitlab-org/gitlab/-/issues/388962 https://hackerone.com/reports/1831547 •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0523.json https://gitlab.com/gitlab-org/gitlab/-/issues/389487 https://hackerone.com/reports/1842867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0838.json https://gitlab.com/gitlab-org/gitlab/-/issues/391685 https://hackerone.com/reports/1871136 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1071.json https://gitlab.com/gitlab-org/gitlab/-/issues/385434 • CWE-863: Incorrect Authorization •

CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1098.json https://gitlab.com/gitlab-org/gitlab/-/issues/383745 https://hackerone.com/reports/1784294 •