Page 40 of 207 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Request Forgery (CSRF) en la característica Test del componente System Hooks. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) en el tooltip del job dento del pipeline CI/CD. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) mediante un nombre Milestone durante una promoción. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/48617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 11%CPEs: 6EXPL: 2

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component. Las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.7, versiones 10.8.x anteriores a la 10.8.6 y versiones 11.x anteriores a la 11.0.4, permiten un salto de directorio con acceso de escritura y una ejecución remota de código resultante mediante el componente de importación de proyectos de GitLab. • https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released https://gitlab.com/gitlab-org/gitlab-ce/issues/49133 https://hackerone.com/reports/378148 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. Las ediciones Community y Enterprise de Gitlab, en versiones anteriores a la 10.1.6, 10.2.6 y 10.3.4, son vulnerables a un problema de cambio de contraseña sin verificar en el componente PasswordsController, lo que resulta en la toma de control de la cuenta si la sesión de la víctima se ve comprometida. • https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •