3128 matches found
PT-2024-40501 · Packagist · Silverstripe/Graphql
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns a lack of CSRF protection in the GraphQL controller. This means that authenticated users could be forced or tricked into visiting a URL that sends a GET request to the...
CVE-2024-34152
Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server...
CVE-2024-34152 Playbook Run Metadata leak to Guest
Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server...
CVE-2024-34152 Playbook Run Metadata leak to Guest
Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server...
PT-2024-25722 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue is related to improper access control, allowing a guest to obtain metadata of a public playbook ru...
GitLab 12.6 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13317)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. CVE-2020-13317 Note that...
GitLab 8.6 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13334)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query...
GitLab 13.4 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26413)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. CVE-2020-2641...
GitLab < 13.11.6 (CVE-2021-22228)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting from 13.12 before 13.12.6, and all versions starting from 14.0 before 14.0.2. Improper access contro...
HackerOne: [IDOR] Improper Access Control on Embedded Submission Form
The researcher discovered an improper access control vulnerability that allowed them to access sensitive program information for private/inactive embedded submission forms by leveraging the form's UUID. The researcher used reconnaissance techniques to obtain a list of UUIDs for various private...
OSV-2024-359 Security exception in graphql.schema.GraphQLTypeUtil.simplePrint
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67751 Crash type: Security exception Crash state: graphql.schema.GraphQLTypeUtil.simplePrint graphql.schema.GraphQLTypeUtil.simplePrint graphql.schema.GraphQLTypeUtil.unwrapOne...
BIT-GITLAB-2024-4006 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
UBUNTU-CVE-2024-4006
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
Removed by vendor...
CVE-2024-4006 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006 Incorrect Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions...
CVE-2024-4006
CVE-2024-4006 affects GitLab CE/EE: personal access scopes were not honored by GraphQL subscriptions, exposing authorization checks to GraphQL-based access. Affected versions are 16.7 up to 16.9.6 (pre-16.9.6), 16.10 up to 16.10.4 (pre-16.10.4), and 16.11 up to 16.11.1 (pre-16.11.1). The issue ha...