154 matches found
CVE-2026-1752 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...
BIT-GITLAB-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
BIT-GITLAB-2025-14103 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...
CVE-2025-14103
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...
CVE-2026-1747
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
EUVD-2025-208116
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...
CVE-2026-1747
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
CVE-2025-14103
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...
CVE-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...
CVE-2026-1747
Removed by vendor...
CVE-2026-1747
GitLab Enterprise Edition (GitLab EE) is affected by CVE-2026-1747 across affected lines: 17.11 up to 18.7.5, 18.8 up to 18.8.5, and 18.9 up to 18.9.1. Under certain conditions, Developer-role users with insufficient privileges could perform unauthorized modifications to protected Conan packages....
CVE-2025-14103 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...
CVE-2025-14103
GitLab CVE-2025-14103 affects GitLab CE/EE versions 17.7–before 18.7.5, 18.8–before 18.8.5, and 18.9–before 18.9.1, enabling an unauthorized user with Developer permissions to set pipeline variables for manually triggered jobs in certain conditions. The issue has been remediated with patch releas...
CVE-2025-14103 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...
CVE-2025-14103 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...
GitLab EE 安全漏洞
GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. There were security vulnerabilities in versions of GitLab EE from 17.11 to 18.7.5, as well as in versions 18.8 to 18.8.5 and 18.9 to 18.9.1. These vulnerabilities stemmed from the possibility that...
PT-2026-21987
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.7 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 Description An issue existed in GitLab CE/EE that potentially allowed an unauthorized user with Developer-role...
CVE-2020-7910
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
CVE-2023-4317
An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch ...