Page 80 of 400 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-11506

https://notcve.org/view.php?id=CVE-2020-11506

An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. Se descubrió un problema en GitLab versiones 10.7.0 y posteriores hasta la versión 12.9.2. Una omisión de Workhorse podría conllevar a una carga de artefactos de trabajo y una divulgación de archivos (Exposición de información confidencial) por medio del tráfico no autorizado de peticiones. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-11505

https://notcve.org/view.php?id=CVE-2020-11505

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones anteriores a la versión 12.7.9, versiones 12.8.x anteriores a la versión 12.8.9 y versiones 12.9.x anteriores a la versión 12.9.3. Una omisión de Workhorse podría conllevar a una divulgación de paquetes y archivos NuGet (Exposición de información confidencial) por medio del tráfico no autorizado de peticiones. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10952

https://notcve.org/view.php?id=CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. GitLab EE/CE versiones 8.11 hasta 12.9.1, permite a usuarios bloqueados extraer y empujar imágenes de docker. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-10955

https://notcve.org/view.php?id=CVE-2020-10955

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. GitLab EE/CE versiones 11.1 hasta 12.9, es vulnerable a una manipulación de parámetros en una funcionalidad de carga que permite a un usuario no autorizado leer el contenido disponible bajo carpetas específicas. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases https://www.debian.org/security/2020/dsa-4691 • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10956

https://notcve.org/view.php?id=CVE-2020-10956

GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. GitLab versiones 8.10 y posteriores a 12.9, es vulnerable a un ataque de tipo SSRF en una funcionalidad de nota de importación de proyecto. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •