Writeup Exploits
60,708 exploits tracked across all sources.
GitLab CE/EE <11.3.11-11.4.8-11.5.1 - Info Disclosure
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.
CVSS 8.1
GitLab CE/EE <11.3.11-11.5.1 - Info Disclosure
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.
CVSS 4.3
GitLab 7.6-11.3.10, 11.4-11.4.7, 11.5 - Cross-Site Scripting in OAuth Authorization Page
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
CVSS 5.4
GitLab 10.3-11.x < 11.3.11, 11.4 < 11.4.8, 11.5 < 11.5.1 - Stored Cross-Site Scripting via Mermaid Markdown Renderer
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
CVSS 5.4
GitLab CE/E 8.17+ - Unauthorized Access
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
CVSS 5.9
GitLab CE/EE <11.3.11-11.5.1 - SSRF
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
CVSS 7.7
GitLab 11.3-11.3.10, 11.4-11.4.7, 11.5 - Cross-Site Scripting via Unrecognized HTML Tags in Markdown Fields
GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
CVSS 5.4
GitLab CE/EE <11.3.11, <11.4.8, <11.5.1 - Auth Bypass
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
CVSS 8.8
GitLab <11.3.11-11.5.1 - Privilege Escalation
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone.
CVSS 6.5
GitLab < 11.3.11, 11.4.x < 11.4.8, 11.5.x < 11.5.1 - Server-Side Request Forgery via Prometheus Integration
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.
CVSS 6.5
GitLab <11.3.11-11.5.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.
CVSS 4.3
GitLab 11.x < 11.3.11, 11.4.x < 11.4.8, 11.5.x < 11.5.1 - Stored Cross-Site Scripting in Environment Pages
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.
CVSS 6.1
GitLab <11.5.0-rc12, 11.4.6, 11.3.10 - Info Disclosure
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVSS 8.8
GitLab 11.0.0-11.2.8 - Server-Side Request Forgery via Kubernetes Integration
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
CVSS 10.0
GitLab 11.2-11.4.6 - Stored Cross-Site Scripting
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVSS 6.1
PHPCMF 4.1.3 - Cross-Site Scripting via Registration Page Input Field
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
CVSS 4.8
recon-ng < 4.9.5 - CSV Injection via Twitter Username Export
An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.
CVSS 9.8
libtiff < 4.0.6 - Out-of-bounds Read in ReadTIFFImage
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
CVSS 8.8
NewsBee - Stored Cross-Site Scripting via Company Name Field
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.
CVSS 4.8
libtiff - Denial of Service via Crafted TIFF File
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
CVSS 6.5
GNU Libtasn1 < 4.13 - Denial of Service via Unlimited Recursion in BER Decoder
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
CVSS 7.5
FineCMS 5.3.0 - Cross-Site Scripting via Linkage Import ID or LID Parameter
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.
CVSS 6.1
GitLab <11.8.10-11.10.3 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token.
CVSS 7.5
GitLab <11.8.9-11.10.2 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.
CVSS 6.5
GitLab 5.4.0-11.8.9 - Unauthenticated Incorrect Access Control in Note Endpoint
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.
CVSS 5.4
By Source