Page 59 of 719 results (0.006 seconds)

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 11.6. Las credenciales de Pull Mirror están expuestas, permitiendo que otros mantenedores sean capaz de visualizar las credenciales en texto plano • https://github.com/dannymas/CVE-2021-22206 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22206.json https://gitlab.com/gitlab-org/gitlab/-/issues/230864 https://hackerone.com/reports/928074 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 25

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de 11.9. GitLab no estaba comprobado apropiadamente archivos de imagen que fueron pasados a un analizador de archivos, lo que resultó en una ejecución de comando remoto GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files. • https://www.exploit-db.com/exploits/50532 https://github.com/Al1ex/CVE-2021-22205 https://github.com/inspiringz/CVE-2021-22205 https://github.com/mr-r3bot/Gitlab-CVE-2021-22205 https://github.com/XTeam-Wing/CVE-2021-22205 https://github.com/r0eXpeR/CVE-2021-22205 https://github.com/whwlsfb/CVE-2021-22205 https://github.com/c0okB/CVE-2021-22205 https://github.com/Seals6/CVE-2021-22205 https://github.com/antx-code/CVE-2021-22205 https://github.com/keven1z • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones anteriores. Si la víctima es un administrador, es posible facilitar un ataque de tipo CSRF en los enlaces del Sistema por medio de la API. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22202.json https://gitlab.com/gitlab-org/gitlab/-/issues/26017 https://hackerone.com/reports/471274 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 10.6, donde se presenta un bucle infinito cuando un usuario autenticado con derechos específicos accede a un MR que tiene la rama de origen y de destino apuntando entre sí. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22197.json https://gitlab.com/gitlab-org/gitlab/-/issues/323198 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0

In all versions of GitLab, marshalled session keys were being stored in Redis. En todas las versiones de GitLab, las claves de sesión marshalled estaban siendo almacenadas en Redis • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22194.json https://gitlab.com/gitlab-org/gitlab/-/issues/262107 • CWE-312: Cleartext Storage of Sensitive Information •