Page 99 of 536 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 10.7.x anteriores a la 10.7.6. El uso de "url_for" contenía un problema de Cross-Site Scripting (XSS) debido a que se permiten protocolos arbitrarios como parámetro. • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/45168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.6, versiones 10.8.x anteriores a la 10.8.5 y versiones 11.x anteriores a la 11.0.1. La característica charts contenía un problema de Cross-Site Scripting (XSS) persistente debido a la falta de cifrado de salida. • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/45903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir una divulgación de información porque la característica de métricas de Prometheus revela nombres de rutas de proyectos privados. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-com/infrastructure/issues/4423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab en versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir una denegación de servicio (DoS) porque los tiempos de renderizado de Markdown son lentos. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/49409 •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) en el nombre de branch durante un commit de archivo IDE web. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/47793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •