Page 78 of 624 results (0.017 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. Se detectó un problema de autorización en GitLab EE versiones anteriores a 12.1.2, versiones anteriores a 12.0.4 y versiones anteriores a 11.11.6, permitiendo que las reglas de aprobación de petición de fusión sea anuladas sin los permisos apropiados. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ee/issues/11423 https://hackerone.com/reports/544756 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. Se detectó un problema de divulgación de información en GitLab CE/EE versiones 8.14 y posteriores, mediante el uso de la funcionalidad move issue lo que podría resultar en la divulgación del ID de un problema creado recientemente. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/62070 https://hackerone.com/reports/584534 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. Se detectó un problema de fallo de protección de un reenlace de DNS en GitLab CE/EE versiones 10.2 y posteriores, en el archivo "url_blocker.rb" que podría resultar en vulnerabilidad de tipo SSRF donde la biblioteca es utilizada. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/63959 https://hackerone.com/reports/632101 • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. Se detectó un problema de escalada de privilegios en GitLab CE/EE versiones 9.0 y posteriores, cuando los tokens de activación no son rotados una vez que la propiedad de ellos ha cambiado. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/58312 https://hackerone.com/reports/495282 • CWE-613: Insufficient Session Expiration •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 10.8 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released •