Page 92 of 513 results (0.008 seconds)

CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 14.0. Era posible explotar una vulnerabilidad de tipo cross-site-scripting almacenado por medio de un nombre de rama predeterminado específicamente diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22241.json https://gitlab.com/gitlab-org/gitlab/-/issues/336460 https://hackerone.com/reports/1256777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled Un control de acceso inapropiado en GitLab EE versiones 13.11.6, 13.12.6 y 14.0.2, permite la creación de usuarios por medio de single sign on a pesar de estar habilitado el user cap • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22240.json https://gitlab.com/gitlab-org/gitlab/-/issues/327641 https://hackerone.com/reports/1166566 • CWE-863: Incorrect Authorization •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details Una vulnerabilidad de divulgación de información en GitLab EE versiones 13.10 y posteriores, permitía a un usuario leer detalles del proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22233.json https://gitlab.com/gitlab-org/gitlab/-/issues/329446 • CWE-862: Missing Authorization •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim Una vulnerabilidad de tipo cross-site request forgery en la API GraphQL en GitLab desde la versión 13.12 y versiones anteriores a 13.12.6 y 14.0.2, permitía a un atacante llamar a mutaciones como la víctima • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22224.json https://gitlab.com/gitlab-org/gitlab/-/issues/324397 https://hackerone.com/reports/1122408 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown Un saneamiento insuficiente de entrada en markdown en GitLab versión 13.11 y superiores permite a un atacante explotar una vulnerabilidad de tipo cross-site scripting almacenada por medio de un markdown especialmente diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22225.json https://gitlab.com/gitlab-org/gitlab/-/issues/331051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •