Download
| Alert*
oval:org.secpod.oval:def:61108
The host is installed with Gitlab-ee 10.5.x through 12.3.8, 12.4.x through 12.4.5 or 12.5.x through 12.5.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a issue in the Group Search API provided by the Elasticsearch integration. S ... oval:org.secpod.oval:def:61107 The host is installed with Gitlab-ee before 12.1.13, 12.2.0 before 12.2.7 or 12.3.0 before 12.3.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an access control issue. Successful exploitation allows attackers to obtain sensitive ... oval:org.secpod.oval:def:61106 The host is installed with Gitlab-ce or Gitlab-ee 8.17 through 12.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a permissions issue. Successful exploitation allows attackers to obtain sensitive information. oval:org.secpod.oval:def:61105 The host is installed with Gitlab-ce or Gitlab-ee 8.15 through 12.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an acess control issue. Successful exploitation allows attackers to obtain sensitive information. oval:org.secpod.oval:def:61104 The host is installed with Gitlab-ee before 12.1.13, 12.2.0 before 12.2.7 or 12.3.0 before 12.3.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an access control issue. Successful exploitation allows attackers to obtain sensitive ... oval:org.secpod.oval:def:61103 The host is installed with Gitlab-ee 10.5.x through 12.3.8, 12.4.x through 12.4.5 or 12.5.x through 12.5.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a issue in the Group Search API provided by the Elasticsearch integration. S ... oval:org.secpod.oval:def:61102 The host is installed with Gitlab-ce or Gitlab-ee 8.17 through 12.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a permissions issue. Successful exploitation allows attackers to obtain sensitive information. oval:org.secpod.oval:def:61101 The host is installed with Gitlab-ce or Gitlab-ee 8.15 through 12.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an acess control issue. Successful exploitation allows attackers to obtain sensitive information. oval:org.secpod.oval:def:59444 gitlab-ee is installed (dpkg) oval:org.secpod.oval:def:78572 The host is installed with GitLab CE/EE 14.7.x prior to 14.7.7, 14.8.x prior to 14.8.5, or 14.9.x prior to 14.9.2 and is prone to an account take over vulnerability. A flaw is present in the application, due to a hardcoded password set for accounts registered using an OmniAuth provider. Successful e ... oval:org.secpod.oval:def:78573 The host is installed with GitLab CE/EE 14.7.x prior to 14.7.7, 14.8.x prior to 14.8.5, or 14.9.x prior to 14.9.2 and is prone to an account take over vulnerability. A flaw is present in the application, due to a hardcoded password set for accounts registered using an OmniAuth provider. Successful e ... oval:org.secpod.oval:def:85350 The host is installed with GitLab CE/EE 15.2 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in the external status checks feature. Successful exploitation could ... oval:org.secpod.oval:def:85353 The host is installed with GitLab CE/EE 10.0 before 12.9.8, 12.10 before 12.10.7 or 13.0 before 13.0.1 and is prone an authorization vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation allows an attacker to cause ... oval:org.secpod.oval:def:85352 The host is installed with GitLab CE/EE 15.2 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in the external status checks feature. Successful exploitation could ... oval:org.secpod.oval:def:85355 The host is installed with GitLab CE/EE 12.6 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a information exposure vulnerability. A flaw is present in the application, which fails to properly handle GitHub integration's access token. Successful exploitation allows a maliciou ... oval:org.secpod.oval:def:85354 The host is installed with GitLab CE/EE 10.0 before 12.9.8, 12.10 before 12.10.7 or 13.0 before 13.0.1 and is prone an authorization vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation allows an attacker to cause ... oval:org.secpod.oval:def:85356 The host is installed with GitLab CE/EE 12.6 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a information exposure vulnerability. A flaw is present in the application, which fails to properly handle GitHub integration's access token. Successful exploitation allows a maliciou ... oval:org.secpod.oval:def:82145 The host is installed with GitLab CE/EE 15.0 before 15.0.1 and is prone to an cross-Site scripting vulnerability. A flaw is present in the application, which fails to validate the input used in quick actions. Successful exploitation allows attackers to exploit XSS. oval:org.secpod.oval:def:82144 The host is installed with GitLab CE/EE 15.0 before 15.0.1 and is prone to an cross-Site scripting vulnerability. A flaw is present in the application, which fails to validate the input used in quick actions. Successful exploitation allows attackers to exploit XSS. oval:org.secpod.oval:def:82143 The host is installed with GitLab EE 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, or 15.0 prior to 15.0.1 and is prone to a stored cross-site scripting vulnerability. A flaw is present in the application, which fails to handle specially crafted Jira Issues. Successful exploitation allows an attack ... oval:org.secpod.oval:def:82142 The host is installed with GitLab EE 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, or 15.0 prior to 15.0.1 and is prone to a stored cross-site scripting vulnerability. A flaw is present in the application, which fails to handle specially crafted Jira Issues. Successful exploitation allows an attack ... oval:org.secpod.oval:def:87974 The host is installed with GitLab CE/EE 15.3 before 15.7.8, 15.8 before 15.8.4 or 15.9 before 15.9.2 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in the title field of work items. Successful exploitation allows at ... oval:org.secpod.oval:def:87975 The host is installed with GitLab CE/EE 15.3 before 15.7.8, 15.8 before 15.8.4 or 15.9 before 15.9.2 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in the title field of work items. Successful exploitation allows at ... oval:org.secpod.oval:def:82141 The host is installed with GitLab EE 11.10 prior to 14.9.5, 14.10 prior to 14.10.4, or 15.0 prior to 15.0.1 and is prone to an account take over vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows any owner of a Premium group to ... oval:org.secpod.oval:def:82140 The host is installed with GitLab EE 11.10 prior to 14.9.5, 14.10 prior to 14.10.4, or 15.0 prior to 15.0.1 and is prone to an account take over vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows any owner of a Premium group to ... oval:org.secpod.oval:def:59439 gitlab-ee is installed oval:org.secpod.oval:def:85351 The host is installed with GitLab CE/EE 9.3 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle issues in webhook logs. Successful exploitation allows a project maintaine ... oval:org.secpod.oval:def:85349 The host is installed with GitLab CE/EE 9.3 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle issues in webhook logs. Successful exploitation allows a project maintaine ... oval:org.secpod.oval:def:93483 The host is installed with GitLab EE 13.12 before 16.2.8, 16.3 before 16.3.5 or 16.4.0 before 16.4.1 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow an attacker to ... oval:org.secpod.oval:def:93484 The host is installed with GitLab EE 13.12 before 16.2.8, 16.3 before 16.3.5 or 16.4.0 before 16.4.1 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow an attacker to ... oval:org.secpod.oval:def:91253 The host is installed with GitLab CE/EE 13.7 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an improper access control. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to leak th ... oval:org.secpod.oval:def:91254 The host is installed with GitLab CE/EE 13.7 before 15.11.0, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an improper access control. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to leak the ... oval:org.secpod.oval:def:91237 The host is installed with GitLab CE/EE 13.10 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an authorization bypass through user-controlled key. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow u ... oval:org.secpod.oval:def:91238 The host is installed with GitLab CE/EE 13.10 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an authorization bypass through user-controlled key. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow u ... oval:org.secpod.oval:def:91239 The host is installed with GitLab CE/EE 7.14 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers ... oval:org.secpod.oval:def:91240 The host is installed with GitLab CE/EE 7.14 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers ... oval:org.secpod.oval:def:91242 The host is installed with GitLab CE/EE 13.7 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an improper access control. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to remove ... oval:org.secpod.oval:def:91241 The host is installed with GitLab CE/EE 13.7 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an improper access control. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to remove ... oval:org.secpod.oval:def:91244 The host is installed with GitLab CE/EE 15.1 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an exposure of sensitive information to an unauthorized actor. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation coul ... oval:org.secpod.oval:def:91243 The host is installed with GitLab CE/EE 15.1 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an exposure of sensitive information to an unauthorized actor. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation coul ... oval:org.secpod.oval:def:90048 The host is installed with GitLab CE/EE 16.0.0 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle the limitation of a pathname to a restricted directory. Successful exploitation allows an unauthenticated attacker to read arbitrary fil ... oval:org.secpod.oval:def:90047 The host is installed with GitLab CE/EE 16.0.0 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle the limitation of a pathname to a restricted directory. Successful exploitation allows an unauthenticated attacker to read arbitrary fil ... oval:org.secpod.oval:def:91246 The host is installed with GitLab CE/EE 16.0 before 16.0.6 or 16.1.0 and is prone to an exposure of sensitive information to an unauthorised actor. A flaw is present in the application, which fails to properly unspecified vectors. Successful exploitation could allow remote attackers to access the im ... oval:org.secpod.oval:def:91245 The host is installed with GitLab CE/EE 16.0 before 16.0.6 or 16.1.0 and is prone to an exposure of sensitive information to an unauthorised actor. A flaw is present in the application, which fails to properly unspecified vectors. Successful exploitation could allow remote attackers to access the im ... oval:org.secpod.oval:def:91248 The host is installed with GitLab CE/EE 13.6 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an insertion of sensitive information into log file. A flaw is present in the application, which fails to properly handle log files. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:91247 The host is installed with GitLab CE/EE 13.6 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an insertion of sensitive information into log file. A flaw is present in the application, which fails to properly handle log files. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:91250 The host is installed with GitLab CE/EE 10.3 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an uncontrolled resource consumption. A flaw is present in the application, which fails to properly handle crafted payloads to the preview_markdown endpoint. Successful exploitation ... oval:org.secpod.oval:def:91249 The host is installed with GitLab CE/EE 10.3 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an uncontrolled resource consumption. A flaw is present in the application, which fails to properly handle crafted payloads to the preview_markdown endpoint. Successful exploitation ... oval:org.secpod.oval:def:91251 The host is installed with GitLab CE/EE 15.3 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an improper control of resource identifiers. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote att ... oval:org.secpod.oval:def:91252 The host is installed with GitLab CE/EE 15.3 before 15.11.10, 16.0 before 16.0.6 or 16.1 before 16.1.1 and is prone to an improper control of resource identifiers. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote att ... oval:org.secpod.oval:def:87862 The host is installed with GitLab CE/EE 14.1 before 15.6.8, 15.7 before 15.7.7 or 15.8 before 15.8.2 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted input to git apply. Successful exploitation allows attackers t ... oval:org.secpod.oval:def:87863 The host is installed with GitLab CE/EE 14.1 before 15.6.8, 15.7 before 15.7.7 or 15.8 before 15.8.2 and is prone to an improper link resolution before file access vulnerability. A flaw is present in the application, which fails to properly handle a specially-crafted repository. Successful exploitat ... oval:org.secpod.oval:def:87860 The host is installed with GitLab CE/EE 14.1 before 15.6.8, 15.7 before 15.7.7 or 15.8 before 15.8.2 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted input to git apply. Successful exploitation allows attackers t ... oval:org.secpod.oval:def:87861 The host is installed with GitLab CE/EE 14.1 before 15.6.8, 15.7 before 15.7.7 or 15.8 before 15.8.2 and is prone to an improper link resolution before file access vulnerability. A flaw is present in the application, which fails to properly handle a specially-crafted repository. Successful exploitat ... oval:org.secpod.oval:def:97377 The host is installed with GitLab CE/EE 16.3 before 16.3.7, 16.1 before 16.1.6, 16.2 before 16.2.9, 16.4 before 16.4.5, 16.5 before 16.5.6, 16.6 before 16.6.4 or 16.7 before 16.7.2 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly ... oval:org.secpod.oval:def:97376 The host is installed with GitLab CE/EE 16.3 before 16.3.7, 16.1 before 16.1.6, 16.2 before 16.2.9, 16.4 before 16.4.5, 16.5 before 16.5.6, 16.6 before 16.6.4 or 16.7 before 16.7.2 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly ... oval:org.secpod.oval:def:98599 The host is installed with GitLab CE/EE 11.3 before 16.7.7, 16.8.0 before 16.8.4, and 16.9.0 before 16.9.2 and is prone to an authorization bypass vulnerability. A flaw is present in the application, which fails to properly handle issues in an old feature branch. Successful exploitation could allow ... oval:org.secpod.oval:def:98600 The host is installed with GitLab CE/EE 11.3 before 16.7.7, 16.8.0 before 16.8.4, and 16.9.0 before 16.9.2 and is prone to an authorization bypass vulnerability. A flaw is present in the application, which fails to properly handle issues in an old feature branch. Successful exploitation could allow ... oval:org.secpod.oval:def:85360 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:85359 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:85358 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:85357 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:99325 The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in validation of input During web page generation. On successful exp ... oval:org.secpod.oval:def:99324 The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in validation of input During web page generation. On successful exp ... oval:org.secpod.oval:def:99327 The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allow an attacker ... oval:org.secpod.oval:def:99326 The host is installed with GitLab CE/EE before 16.8.5, 16.9.0 before 16.9.3 or 16.10.0 before 16.10.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allow an attacker ... |