Page 50 of 314 results (0.004 seconds)

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. CE versión 8.17 y posteriores y EE versión 8.3 y posteriores de GitLab, presenta una condición de carrera de tiempo de comprobación en el tiempo de uso de un symlink que permitiría el acceso no autorizado a archivos en el entorno chroot de Páginas de GitLab. Esto se corrige en las versiones 11.5.1, 11.4.8 y 11.3.11. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-pages/issues/98 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. CE/EE, versiones 8.6 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de Gitlab, son susceptibles a una vulnerabilidad de control de acceso incorrecta que muestra a un usuario no autorizado el título y el espacio de nombres de un problema confidencial • http://www.securityfocus.com/bid/109179 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/52444 • CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. Se detectó un problema en Community and Enterprise Edition versiones anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Se presenta una vulnerabilidad de tipo SSRF en la integración de Prometheus. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ee/issues/8167 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Fue encontrado un problema en GitLab Community and Enterprise Edition anteriores a la versión 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta permisos no seguros. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released https://about.gitlab.com/blog/categories/releases •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). Fue encontrado un problema en GitLab Community and Enterprise Edition anterior a la versión 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta un control de acceso incorrecto (problema 3 de 5). • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released https://about.gitlab.com/blog/categories/releases • CWE-20: Improper Input Validation •