Search CVE reports
1121 – 1130 of 1541 results
GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | Not in release |
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's...
1 affected package
golang-github-containers-buildah
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-containers-buildah | — | — | — | Not in release | Not in release |
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | Not in release | Not in release |
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | Not in release |
GitLab through 12.9 is affected by a potential DoS in repository archive download.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | Not in release | Not in release | Not in release | Not in release |
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | Not in release |
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | Not in release |
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
1 affected package
golang-github-buger-jsonparser
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-buger-jsonparser | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | Not in release |
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
1 affected package
gitlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitlab | — | — | — | — | Not in release |