Page 44 of 411 results (0.016 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address Un control de acceso inapropiado en GitLab CE/EE versiones 12.4 a 14.5.4, 14.5 a 14.6.4 y 12.6 a 14.7.1, permite que personas que no son miembros del proyecto recuperen la dirección de correo electrónico del servicio de asistencia técnica • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0373.json https://gitlab.com/gitlab-org/gitlab/-/issues/349881 https://hackerone.com/reports/1439254 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. Un control de acceso inapropiado en Gitlab CE/EE versiones 12.7 a 14.5.4, 14.6 a 14.6.4 y 14.7 a 14.7.1, permitía a personas que no eran miembros del proyecto recuperar los detalles de las incidencias cuando estaban vinculadas a un elemento del panel de control de vulnerabilidades • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0390.json https://gitlab.com/gitlab-org/gitlab/-/issues/330030 https://hackerone.com/reports/1179733 • CWE-862: Missing Authorization •

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 8.15 . Era posible desencadenar un DOS usando la función de matemáticas con una fórmula específica en los comentarios de la edición • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0489.json https://gitlab.com/gitlab-org/gitlab/-/issues/341832 https://hackerone.com/reports/1350793 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.3EPSS: 66%CPEs: 6EXPL: 1

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. Se ha detectado un problema en GitLab CE/EE afectando las versiones 13.0 a 14.6.5, 14.7 a 14.7.4 y 14.8 a 14.8.2. Las instancias privadas de GitLab con registros restringidos pueden ser vulnerables a una enumeración de usuarios a usuarios no autenticados mediante la API GraphQL • https://github.com/K3ysTr0K3R/CVE-2021-4191-EXPLOIT https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4191.json https://gitlab.com/gitlab-org/gitlab/-/issues/343898 https://hackerone.com/reports/1089609 •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. Se ha detectado una vulnerabilidad en GitLab versiones 10.5 a 14.5.4, 14.6 a 14.6.4 y 14.7 a 14.7.1. GitLab era vulnerable a un ataque de tipo SSRF ciego mediante la funcionalidad Project Import • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0136.json https://gitlab.com/gitlab-org/gitlab/-/issues/28561 https://hackerone.com/reports/560658 • CWE-918: Server-Side Request Forgery (SSRF) •