Page 86 of 517 results (0.018 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. Se presenta una divulgación de información en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE), donde el o los cesionarios de un problema confidencial en un proyecto privado serían revelados a un invitado por medio de hitos. • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released https://hackerone.com/reports/635516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1

An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. Se detectó un problema de escalada de privilegios en GitLab versiones anteriores a 12.1.2, versiones anteriores a 12.0.4 y versiones anteriores a 11.11.6, cuando los comandos de barra de Mattermost son usados con una cuenta bloqueada. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/57556 https://hackerone.com/reports/493562 • CWE-269: Improper Privilege Management •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. Se presenta un IDOR en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE), que permitió al propietario o mantenedor del proyecto visualizar a los miembros de cualquier grupo privado mediante las reglas de aprobación de petición de fusión. • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released https://hackerone.com/reports/518995 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. Se detectó un IDOR en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE), que permitió a un mantenedor agregar cualquier grupo privado a un entorno protegido. • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released https://hackerone.com/reports/566216 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration Se presenta un problema de control de acceso en versiones anteriores a 12.3.5, versiones anteriores a 12.2.8 y versiones anteriores a 12.1.14 para GitLab Community Edition (CE) y Enterprise Edition (EE), donde las peticiones y problemas de fusión privada serían divulgados con la funcionalidad Group Search proporcionada por la integración Elasticsearch. • https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released https://hackerone.com/reports/701144 • CWE-284: Improper Access Control •