GitLab Cross-Site Scripting (XSS) Vulnerability (CVE-2023-0050)

março 5, 2023
Overview Recently, NSFOCUS CERT found that GitLab has issued an official security notice to fix a cross-site scripting vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-0050). A remote attacker with low privileges can cause the client to store XSS through a specially crafted Kroki diagram, and finally perform arbitrary operations on the […]
GitLab Remote Command Execution Vulnerability (CVE-2021-22205) Threat Alert

novembro 23, 2021
Overview Recently, NSFOCUS monitored that researchers disclosed the exploitation program of GitLab remote command execution vulnerability (CVE-2021-22205), and found that the existence of unauthorized endpoints in GitLab cause the vulnerability exploitable without authentication. Both Community Edition (CE) and Enterprise Edition (EE) are affected. On April 15, GitLab official released a security update to fix the […]