Page 65 of 797 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2

An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access control allows unauthorised users to access project details using Graphql. Se ha descubierto un problema en GitLab que afecta a todas las versiones anteriores a la 13.11.6, a todas las versiones a partir de la 13.12 antes de la 13.12.6 y a todas las versiones a partir de la 14.0 antes de la 14.0.2. Un control de acceso inadecuado permite a usuarios no autorizados acceder a los detalles del proyecto utilizando Graphql • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22228.json https://gitlab.com/gitlab-org/gitlab/-/issues/332605 https://hackerone.com/reports/1192460 •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE Una inyección de HTML era posible por medio del campo full name en versiones anteriores a 13.11.6, 13.12.6 y 14.0.2 en GitLab CE • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22232.json https://gitlab.com/gitlab-org/gitlab/-/issues/300713 https://hackerone.com/reports/1090634 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la versión 12.8. Bajo una condición especial era posible acceder a los datos de un repositorio interno por medio del fork del proyecto realizado por un miembro del proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22229.json https://gitlab.com/gitlab-org/gitlab/-/issues/332609 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers. • https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18- https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323 https://github.com/rubysec/ruby-advisory-db/issues/476 https://rubygems.org/gems/bindata • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0

A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. Una vulnerabilidad de denegación de servicio en GitLab CE/EE que afecta a todas las versiones desde 11.8, permite a un atacante crear una relación de pipeline recursiva y agotar los recursos • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22181.json https://gitlab.com/gitlab-org/gitlab/-/issues/249100 • CWE-400: Uncontrolled Resource Consumption •