Threats Tagged 'bitnami'

GitLab EE versions from 17.9 up to but not including 18.11.6, 19.0 up to 19.0.3, and 19.1 up to 19.1.1 contain an authorization vulnerability. Under certain conditions, authenticated users with custom role permissions could view, create, or delete protected environment configurations even when CI/CD visibility was disabled for the project. This issue has been remediated in the specified fixed versions.

A cross-site scripting (XSS) vulnerability exists in GitLab EE versions from 16.4 up to but not including 18.11.6, 19.0 up to but not including 19.0.3, and 19.1 up to but not including 19.1.1. This vulnerability allows an authenticated user with developer-role permissions to execute arbitrary client-side code in another user's session due to improper sanitization of user-supplied input. The issue has been remediated in the specified fixed versions.

A cross-site scripting (XSS) vulnerability exists in GitLab CE/EE versions from 18.10 up to but not including 18.11.6, 19.0 up to but not including 19.0.3, and 19.1 up to but not including 19.1.1. This vulnerability allows an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation during web page generation. The issue has been remediated in the specified fixed versions.

GitLab Enterprise Edition versions from 13.11 up to but not including 18.11.6, 19.0 up to 19.0.3, and 19.1 up to 19.1.1 contain an incorrect authorization vulnerability in DAST site profile management. This flaw could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions. The issue has been remediated in versions 18.11.6, 19.0.3, and 19.1.1.

A vulnerability in GitLab Enterprise Edition versions 19.1.0 up to but not including 19.1.1 allows insertion of sensitive information into log files due to insufficient output filtering in Duo Workflows. This could enable a user to access sensitive data that had already been committed to a project. The issue has been remediated in version 19.1.1.

GitLab CE/EE versions from 8.3 up to but not including 18.11.6, 19.0 up to 19.0.3, and 19.1 up to 19.1.1 contain a vulnerability where an authenticated maintainer user could make requests to internal network resources via mirror synchronization due to improper URL validation relying on reverse DNS resolution. This issue has been remediated in the specified fixed versions.

GitLab CE/EE versions from 14.8 up to but not including 18.11.6, 19.0 up to but not including 19.0.3, and 19.1 up to but not including 19.1.1 contain a vulnerability where an authenticated user could conceal content within a Snippet due to improper input validation. This issue has been remediated in the specified fixed versions. The vulnerability is classified as medium severity and no known exploits are reported in the wild.

A vulnerability in GitLab CE/EE versions 17.5 up to but not including 18.11.6, 19.0 up to but not including 19.0.3, and 19.1 up to but not including 19.1.1 could allow an unauthenticated user to view confidential issue references on public projects due to missing authorization checks. This issue has been remediated in the specified fixed versions. The severity is assessed as medium.

A vulnerability in GitLab Enterprise Edition versions 18.6 up to but not including 18.11.6, 19.0 up to but not including 19.0.3, and 19.1 up to but not including 19.1.1 could allow an authenticated user with limited permissions to access project information due to missing authorization checks. This issue has been remediated in the specified fixed versions. The severity of this vulnerability is considered low.

A vulnerability in GitLab Enterprise Edition versions 18.6 up to but not including 18.11.6, 19.0 up to but not including 19.0.3, and 19.1 up to but not including 19.1.1 could allow an authenticated user to read or modify another group's virtual registry cleanup policy settings without proper authorization. This issue has been remediated in the specified fixed versions.