Page 38 of 1007 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json https://gitlab.com/gitlab-org/gitlab/-/issues/403012 •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json https://gitlab.com/gitlab-org/gitlab/-/issues/391433 https://hackerone.com/reports/1850046 •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1265.json https://gitlab.com/gitlab-org/gitlab/-/issues/394960 https://hackerone.com/reports/1888690 • CWE-384: Session Fixation •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. . • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •