Page 44 of 285 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. GitLab Pages contiene una vulnerabilidad de salto de directorio que podría conllevar a la ejecución de comandos remota. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/55827 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.8.9. Presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/58505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Presenta una Codificación Incorrecta o un Escape de Salida. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released https://gitlab.com/gitlab-org/gitlab-ee/issues/11515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.x, 9.x, 10.x y versiones 11.x anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Permite la divulgación de información. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/58372 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. EE, versiones 8.3 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, es susceptible a una vulnerabilidad de referencia de objeto no segura que permite a un usuario Guest establecer el peso de un problema que han diseñado. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ee/issues/7696 • CWE-285: Improper Authorization •