Page 6 of 291 results (0.004 seconds)

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 1

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow. • https://gitlab.com/gitlab-org/gitlab/-/issues/458502 https://hackerone.com/reports/2474286 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members. • https://gitlab.com/gitlab-org/gitlab/-/issues/472012 https://hackerone.com/reports/2584372 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template. • https://gitlab.com/gitlab-org/gitlab/-/issues/479315 • CWE-424: Improper Protection of Alternate Path •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs. • https://gitlab.com/gitlab-org/gitlab/-/issues/460289 https://hackerone.com/reports/2477062 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. • https://gitlab.com/gitlab-org/gitlab/-/issues/471923 https://hackerone.com/reports/2595495 • CWE-290: Authentication Bypass by Spoofing •