Page 54 of 439 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. Se ha detectado un problema afectando GitLab versiones anteriores a 13.5. Ha sido corregido una vulnerabilidad de redireccionamiento abierto en la integración de GitLab con Jira que podía causar que la aplicación web redirigiera la petición a la URL especificada por el atacante • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0283.json https://gitlab.com/gitlab-org/gitlab/-/issues/349422 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. Se ha detectado una vulnerabilidad en GitLab versiones 10.5 a 14.5.4, 14.6 a 14.6.4 y 14.7 a 14.7.1. GitLab era vulnerable a un ataque de tipo SSRF ciego mediante la funcionalidad Project Import • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0136.json https://gitlab.com/gitlab-org/gitlab/-/issues/28561 https://hackerone.com/reports/560658 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. En todas las versiones de GitLab CE/EE desde versión 11.3, el endpoint para autocompletar la asignación divulga los miembros de los grupos privados • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39876.json https://gitlab.com/gitlab-org/gitlab/-/issues/29683 https://hackerone.com/reports/627507 • CWE-863: Incorrect Authorization •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 8.10. Era posible desencadenar un tiempo de espera en una página con markdown al usar una cantidad específica de comillas de bloque • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0488.json https://gitlab.com/gitlab-org/gitlab/-/issues/23520 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. Se ha detectado una vulnerabilidad en GitLab a partir de la versión 12. GitLab era vulnerable a un ataque de tipo SSRF ciego ya que no son bloqueados las peticiones al espacio de direcciones compartido • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0249.json https://gitlab.com/gitlab-org/gitlab/-/issues/29395 https://hackerone.com/reports/579934 • CWE-918: Server-Side Request Forgery (SSRF) •