Page 49 of 777 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1417.json https://gitlab.com/gitlab-org/gitlab/-/issues/396720 https://hackerone.com/reports/1892200 • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json https://gitlab.com/gitlab-org/gitlab/-/issues/387185 https://hackerone.com/reports/1805604 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1710.json https://gitlab.com/gitlab-org/gitlab/-/issues/388242 https://hackerone.com/reports/1829768 •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1733.json https://gitlab.com/gitlab-org/gitlab/-/issues/392665 https://hackerone.com/reports/1723124 •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1787.json https://gitlab.com/gitlab-org/gitlab/-/issues/394817 •