Page 99 of 559 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. EE de GitLab, versiones 11.5 anteriores a 11.5.1, es vulnerable a un problema de referencia de objeto no seguro lo que permite a un usuario con privilegios Reporter visualizar la página de Jaeger Tracing Operations . • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54228 • CWE-285: Improper Authorization •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. EE versión 11.5 de GitLab, es susceptible a una vulnerabilidad de tipo XSS persistente en la página Operations. Esto se corrige en versión 11.5.1. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/53917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. EE, versiones 11.x y anteriores a 11.3.11, versiones 11.4 y anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab , es susceptible a una vulnerabilidad de referencia de objeto directo no seguro que permite a los usuarios identificados, pero no autorizados, visualizar detalles de miembros y de hitos de grupos privados. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/52522 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. EE, versiones 8.3 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, es susceptible a una vulnerabilidad de referencia de objeto no segura que permite a un usuario Guest establecer el peso de un problema que han diseñado. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ee/issues/7696 • CWE-285: Improper Authorization •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. EE, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, esta afectado por una vulnerabilidad de referencia de objeto directo no segura que permite a un usuario no autorizado publicar los comentarios de una petición de fusión preliminar de otro usuario. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ee/issues/8180 • CWE-639: Authorization Bypass Through User-Controlled Key •