Page 52 of 387 results (0.015 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 11.4.13, versiones 11.5.x anteriores a la versión 11.5.6 y versiones 11.6.x anteriores a la versión 11.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released https://gitlab.com/gitlab-org/gitlab-foss/issues/41500 • CWE-287: Improper Authentication •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6). Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.4.13, versiones 11.5.x anteriores a 11.5.6 y versiones 11.6.x anteriores a 11.6.1. Presenta un Control de Acceso Incorrecto (problema 2 de 6). • https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released https://about.gitlab.com/blog/categories/releases • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. Se presenta una denegación de servicio en gitlab versiones anteriores a v12.3.2, versiones anteriores a v12.2.6 y versiones anteriores a v12.1.10, que permitiría a un atacante omitir la comprobación de entrada en los campos markdown para suspender la página afectada. • https://hackerone.com/reports/670572 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1

An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. Se presenta una vulnerabilidad de control de acceso inapropiado en Gitlab versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitiría que un usuario bloqueado pudiera ser capaz de usar el clon GIT y extraer si hubiera obtenido un token CI/CD antes. • https://hackerone.com/reports/497047 • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1

An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits. Se presenta una vulnerabilidad de control de acceso inapropiado en Gitlab EE versiones anteriores a v12.3.3, versiones anteriores a v12.2.7 y versiones anteriores a v12.1.13, lo que permitió que la funcionalidad de búsqueda grupal con Elasticsearch devolviera código privado y fusionara peticiones y confirmaciones. • https://hackerone.com/reports/692252 • CWE-284: Improper Access Control •