Retrying a job in a downstream pipeline allows the retrying user to take ownership of the retried jobs in upstream pipelines Open redirect in pipeline artifacts when generating HTML documents Prefill variables do not check permission of the project in external CI configĭisclosure of audit events to insufficiently permissioned group and project membersĪrbitrary GFM references rendered in Jira issue description leak private/confidential resourcesĪward emojis API for an internal note is accessible to users without access to the note Issue HTTP requests when users view an OpenAPI document and click buttonsĬommand injection in CI jobs via branch name in CI pipelines Uncontrolled resource consumption when parsing URLs Maintainer can leak Datadog API key by changing integration URL Stored-XSS with CSP-bypass via scoped labels' color CVE-2022-43995 Gitlab - Multiple vulnerabilities gitlab-ce 15.5.0 15.5.2 15.4.0 15.4.4 9.3.0 15.3.5ĭAST analyzer sends custom request headers with every request The impactĬould vary depending on the system libraries, compiler,Īnd processor architecture. ThisĬan be triggered by arbitrary local users with access to sudoīy entering a password of seven characters or fewer. Sudo 1.8.0 through 1.9.12, with the crypt() password backend,Ĭontains a plugins/sudoers/auth/passwd.c array-out-of-boundsĮrror that can result in a heap-based buffer over-read. The highest threatįrom this vulnerability is to system availability.ĬVE-2020-25691 sudo - Potential out-of-bounds write for small passwords sudo 1.8.0 1.9.12p1 Remote attackers to cause denial-of-service by accessing aįile with a large modification date. darkhttpd - DOS vulnerability darkhttpd 1.14įlaw was found in darkhttpd. Processed IP headers for logging via the raw_packet event Packet can cause Zeek to spend a large amount of timeĪttempting to search for filenames within the packet data.įix two separate possible crashes when converting When receiving a specially crafted packet.įix an issue where a specially-crafted HTTP or SMTP Search for valid commands in the data stream.įix a possible overflow in the Zeek dictionary codeįix an issue where a specially-crafted packet canĬause Zeek to spend large amounts of time reportingįix a possible assert and crash in the HTTP analyzer Fix an issue where a specially-crafted FTP packet canĬause Zeek to spend large amounts of time attempting to
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |