Page 37 of 1035 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to commit to projects even from a restricted IP address. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1621.json https://gitlab.com/gitlab-org/gitlab/-/issues/399774 https://hackerone.com/reports/1914049 •

CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 5

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. • https://github.com/cc3305/CVE-2023-2825 https://github.com/Occamsec/CVE-2023-2825 https://github.com/Rubikcuv5/CVE-2023-2825 https://github.com/caopengyan/CVE-2023-2825 https://github.com/Tornad0007/CVE-2023-2825-Gitlab https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json https://gitlab.com/gitlab-org/gitlab/-/issues/412371 https://hackerone.com/reports/1994725 https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json https://gitlab.com/gitlab-org/gitlab/-/issues/407859 https://hackerone.com/reports/1938185 •

CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2478.json https://gitlab.com/gitlab-org/gitlab/-/issues/409470 https://hackerone.com/reports/1969599 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json https://gitlab.com/gitlab-org/gitlab/-/issues/394745 https://hackerone.com/reports/1881598 •