Page 74 of 382 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. Las ediciones Community y Enterprise de Gitlab, en versiones anteriores a la 10.1.6, 10.2.6 y 10.3.4, son vulnerables a un problema de omisión de autorización en el componente de importación de GitLab. Esto resulta en que un atacante puede realizar operaciones bajo un grupo en el que antes no estaban autorizados. • https://hackerone.com/reports/301137 • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. Se ha descubierto un problema en GitLab Community Edition (CE) y Enterprise Edition (EE), en versiones anteriores a la 10.5.8, versiones 10.6.x anteriores a la 10.6.5 y versiones 10.7.x anteriores a la 10.7.2. La característica Move Issue contenía una vulnerabilidad Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/104491 https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. Las ediciones Community y Enterprise de GitLab, desde la versión 8.3 hasta las versiones 10.x anteriores a la 10.3, son vulnerables a SSRF en el componente Services and webhooks. • https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md https://gitlab.com/gitlab-org/gitlab-ce/issues/41642 https://hackerone.com/reports/301924 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. Las ediciones Community y Enterprise de GitLab, de la versión 8.4 hasta la 10.4, son vulnerables a Cross-Site Scripting (XSS) debido a la falta de validación de entradas en el componente merge request que desemboca en Cross-Site Scripting (XSS) (específicamente, los nombres de archivo en las pestañas de cambios de merge requests). La vulnerabilidad se ha solucionado en las versiones 10.6.3, 10.5.7 y 10.4.7. • https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/42028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. La integración de Auth0 en GitLab, en versiones anteriores a la 10.3.9, versiones 10.4.x anteriores a la 10.4.6 y versiones 10.5.x anteriores a la 10.5.6 tiene una configuración omniauth-auth0 incorrecta, lo que da lugar al firmado de usuarios no deseados. • https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released https://www.debian.org/security/2018/dsa-4206 • CWE-20: Improper Input Validation •