3121 matches found
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...
CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure
A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version...
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment CI/CD pipelines as any user. The weaknesses, which affect GitLab Community Edition CE and Enterprise Edition EE,...
BIT-GITLAB-2024-5430 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...
CVE-2024-5430
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...
CVE-2024-5430
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...
UBUNTU-CVE-2024-5430
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...
CVE-2024-5430 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...
CVE-2024-5430
CVE-2024-5430 affects GitLab CE/EE. Affected are all versions from 16.10 up to but not including 16.11.5, from 17.0 up to but not including 17.0.3, and from 17.1 up to but not including 17.1.1. The underlying issue allows a project maintainer to delete the merge request approval policy via GraphQ...
CVE-2024-5430
Removed by vendor...
CVE-2024-5430 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...
Cross Site Request Forgery (CSRF)
silverstripe/graphql is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to the lack of CSRF protection, allowing authenticated users to unwittingly trigger GET requests that can modify or delete data on the server...
GitLab Access Control Error Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. An access control error vulnerability exists in GitLab CE/EE versions 16.10...
Gitlab -- Vulnerabilities
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's mer...
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
GHSA-HQ4F-MV3Q-8WCV Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
CVE-2024-37843
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
CVE-2024-37843
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint...
Malicious code in openapi-to-graphql-root (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2800 Malicious code in openapi-to-graphql-root (npm)
--- -= Per source details. Do not edit below this line.=-...