Page 88 of 552 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. EE, versiones 8.3 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, es susceptible a una vulnerabilidad de referencia de objeto no segura que permite a un usuario Guest establecer el peso de un problema que han diseñado. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ee/issues/7696 • CWE-285: Improper Authorization •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. CE/EE, versiones 8.0 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, registraría tokens de acceso en los registros Workhorse, permitiendo a los administradores con acceso a los registros visualizar otros tokens de usuario. • http://www.securityfocus.com/bid/109166 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. GitLab versiones anteriores a 11.5.1, 11.4.8 y 11.3.11, no envían un correo electrónico a la dirección de correo electrónico anterior cuando es realizado un cambio de dirección de correo electrónico. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/39809 • CWE-20: Improper Input Validation •

CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 2

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. CE/EE, versiones 8.18 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son susceptibles a una vulnerabilidad de tipo SSRF en los webhooks. • https://www.exploit-db.com/exploits/49334 https://www.exploit-db.com/exploits/49257 http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.html http://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.html https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/53242 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. CE/EE, versiones 7.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en la página de autorización OAuth. • http://www.securityfocus.com/bid/109163 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/42057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •