Page 74 of 462 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.9 y posteriores hasta 12.0.2. GitLab Snippets eran vulnerables a un problema de autorización que permitía a usuarios no autorizados agregar comentarios a un fragmento privado. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31599 • CWE-269: Improper Privilege Management •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. Se detectó un Acceso no Autorizado en Container Registry de otros grupos en GitLab Enterprise versión 12.0.0-pre. • https://about.gitlab.com/blog/categories/releases https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. GitLab versiones 12.2.2 y por debajo, contienen una vulnerabilidad de seguridad que permite a un usuario invitado en un proyecto privado visualizar el ID de la petición de combinación asociada a un problema por medio de la línea de tiempo de la actividad. • https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://hackerone.com/reports/588876 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. Se detectó un problema en GitLab EE versiones 11.3 y posteriores. Una omisión de GitLab Workhorse podría conllevar a una divulgación de paquetes y archivos mediante el tráfico no autorizado de peticiones. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released •