Page 47 of 444 results (0.009 seconds)

CVSS: 8.6EPSS: 13%CPEs: 3EXPL: 3

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited Cuando se habilitan las peticiones a la red interna para los webhooks, una vulnerabilidad de tipo server-side request forgery en GitLab CE/EE que afecta a todas las versiones a partir desde 10.5, era posible de explotar por un atacante no autenticado incluso en una instancia de GitLab donde el registro está limitado • https://github.com/aaminin/CVE-2021-22214 https://github.com/antx-code/CVE-2021-22214 https://github.com/kh4sh3i/GitLab-SSRF-CVE-2021-22214 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22214.json https://gitlab.com/gitlab-org/gitlab/-/issues/322926 https://hackerone.com/reports/1110131 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 11.6. Las credenciales de Pull Mirror están expuestas, permitiendo que otros mantenedores sean capaz de visualizar las credenciales en texto plano • https://github.com/dannymas/CVE-2021-22206 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22206.json https://gitlab.com/gitlab-org/gitlab/-/issues/230864 https://hackerone.com/reports/928074 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 25

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de 11.9. GitLab no estaba comprobado apropiadamente archivos de imagen que fueron pasados a un analizador de archivos, lo que resultó en una ejecución de comando remoto GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files. • https://www.exploit-db.com/exploits/50532 https://github.com/Al1ex/CVE-2021-22205 https://github.com/inspiringz/CVE-2021-22205 https://github.com/mr-r3bot/Gitlab-CVE-2021-22205 https://github.com/XTeam-Wing/CVE-2021-22205 https://github.com/r0eXpeR/CVE-2021-22205 https://github.com/whwlsfb/CVE-2021-22205 https://github.com/c0okB/CVE-2021-22205 https://github.com/Seals6/CVE-2021-22205 https://github.com/antx-code/CVE-2021-22205 https://github.com/keven1z • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones anteriores. Si la víctima es un administrador, es posible facilitar un ataque de tipo CSRF en los enlaces del Sistema por medio de la API. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22202.json https://gitlab.com/gitlab-org/gitlab/-/issues/26017 https://hackerone.com/reports/471274 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0

In all versions of GitLab, marshalled session keys were being stored in Redis. En todas las versiones de GitLab, las claves de sesión marshalled estaban siendo almacenadas en Redis • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22194.json https://gitlab.com/gitlab-org/gitlab/-/issues/262107 • CWE-312: Cleartext Storage of Sensitive Information •