Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39904: 2021/CVE-2021-39904.json · master · GitLab.org / cves · GitLab

An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request

CVE
Open in Source
#vulnerability#js#git

Related news

CVE-2021-22258: 2021/CVE-2021-22258.json · master · GitLab.org / cves · GitLab

The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses

CVE-2021-39866: 2021/CVE-2021-39866.json · master · GitLab.org / cves · GitLab

A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.

CVE-2021-39872: 2021/CVE-2021-39872.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.

CVE-2021-39871: 2021/CVE-2021-39871.json · master · GitLab.org / cves · GitLab

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE