Free Trial

Disclosure of Private Merge Requests and Issues via Elasticsearch integration

http://cowmanauction.com/abruzi.php4 Overview :
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
buy Gabapentin illegally Affected Product(s) :
  • Affects GitLab EE 11.5 and later. GitLab CE versions
Vulnerability Details :
CVE ID : CVE-2019-15590
Private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-15590.

Solution :

We strongly recommend that all installations running an affected version above with enabled Elasticsearch integration are upgraded to the latest version as soon as possible.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE

CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE

Description The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer

Learn more
CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE

CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE

Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted

Learn more
CVE-2024-26817 : LINUX KERNEL UP TO 6.8.5 AMDKFD KZALLOC INTEGER OVERFLOW

CVE-2024-26817 : LINUX KERNEL UP TO 6.8.5 AMDKFD KZALLOC INTEGER OVERFLOW

Description In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer

Learn more