Page 38 of 1031 results (0.008 seconds)

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0155.json https://gitlab.com/gitlab-org/gitlab/-/issues/387638 https://hackerone.com/reports/1817250 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1965.json https://gitlab.com/gitlab-org/gitlab/-/issues/406235 https://hackerone.com/reports/1923672 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1836.json https://gitlab.com/gitlab-org/gitlab/-/issues/404613 https://hackerone.com/reports/1923293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2069.json https://gitlab.com/gitlab-org/gitlab/-/issues/407374 https://hackerone.com/reports/1939987 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2182.json https://gitlab.com/gitlab-org/gitlab/-/issues/403012 •