A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a sp ...
Continue Reading
February 01, 2024
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.Read More ...
Continue Reading
February 01, 2024
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job...Read More ...
Continue Reading
February 01, 2024
Description: When the application is password-protected (deployed with the ACCESS_CODE option), it is possible to access plugins without proper authorization (without password). Proof-of-Concept: Let� ...
Continue Reading
February 01, 2024
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job...Read More ...
Continue Reading
February 01, 2024
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.Read More ...
Continue Reading
February 01, 2024
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through...Read More ...
Continue Reading
February 01, 2024
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through...Read More ...
Continue Reading
February 01, 2024
Back to Main
