|
255991
|
7.2 |
HIGH
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaint…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-0925
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255992
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0924
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255993
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0923
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255994
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
|
CWE-863
Incorrect Authorization
|
CVE-2017-0922
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255995
|
8.8 |
HIGH
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
|
CWE-22
Path Traversal
|
CVE-2017-0918
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255996
|
6.1 |
MEDIUM
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
|
CWE-79
CWE-20
Cross-site Scripting
Improper Input Validation
|
CVE-2017-0917
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255997
|
9.8 |
CRITICAL
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
|
CWE-20
Improper Input Validation
|
CVE-2017-0916
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255998
|
9.8 |
CRITICAL
Network
|
gitlab
debian
|
gitlab
debian_linux
|
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
|
CWE-20
Improper Input Validation
|
CVE-2017-0915
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255999
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's d…
|
CWE-89
SQL Injection
|
CVE-2017-0914
|
2024-11-21 12:03 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256000
|
5.4 |
MEDIUM
Network
|
twitter
|
twitter_kit
|
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step …
|
CWE-287
Improper Authentication
|
CVE-2017-0911
|
2024-11-21 12:03 |
2018-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
