Page 76 of 649 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. GitLab EE versiones 3.0 hasta 12.8.1, permite un ataque de tipo SSRF. Una investigación interna reveló que un servicio obsoleto en particular estaba creando un riesgo de falsificación de petición del lado del servidor. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Se determinó que el formulario de solicitud de una petición de fusión presenta una vulnerabilidad de tipo cross-site scripting almacenado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. GitLab versiones 7.10 hasta 12.8.1, presenta un Control de Acceso Incorrecto. En determinadas condiciones donde los usuarios debieron haber sido requeridos para configurar la autenticación de 2 factores, no habían sido requeridos. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. GitLab versiones 8.3 hasta 12.8.1, permite una Divulgación de Información. Era posible que determinados no miembros accedieran a la página Contribution Analytics de un grupo privado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. GitLab versiones anteriores a 12.8.2, presentan un Control de Acceso Incorrecto. Se detectó internamente que el proceso de importación de LFS podría ser usado potencialmente para acceder incorrectamente a objetos LFS que no son propiedad del usuario. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html •