Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
SSRF GCP access token disclosure
Persistent XSS on issue details
Diff formatter DoS in Sidekiq jobs
Confidential information disclosure in events API endpoint
validate_localhost function in url_blocker.rb could be bypassed
Slack integration CSRF Oauth2
GRPC::Unknown logging token disclosure
IDOR merge request approvals
Persistent XSS package.json
Persistent XSS merge request project import
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center