Lucene search
K

19 matches found

CNNVD
CNNVD
added 2026/02/06 12:0 a.m.8 views

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier have a security vulnerability. This vulnerabilit...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 2:15 p.m.6 views

CVE-2025-14025

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS0.00389EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/01/08 2:13 p.m.4 views

ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS5.7AI score0.00389EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/08 2:12 p.m.12 views

ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS5.7AI score0.00389EPSS
Exploits0References5
CVE
CVE
added 2026/01/08 1:44 p.m.23 views

CVE-2025-14025

CVE-2025-14025 affects Red Hat Ansible Automation Platform (AAP) where read-only OAuth2 tokens bypass gateway write restrictions, enabling write operations to backend services (Controller, Hub, EDA) limited only by RBAC. The issue is fixed via Red Hat advisories RHSA-2026:0360/0361, which note a ...

8.5CVSS6.2AI score0.00389EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/08 1:44 p.m.20 views

CVE-2025-14025 Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

8.5CVSS0.00389EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.8 views

PT-2026-1730

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform AAP affected versions not specified Description A flaw exists in Ansible Automation Platform AAP where read-only scoped OAuth2 API Tokens, enforced at the Gateway level for Gateway-specific operations, can be used t...

8.5CVSS6.4AI score0.00389EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-11340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed...

7.7CVSS5.5AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2025/10/11 9:4 a.m.4 views

BIT-GITLAB-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.8AI score0.00349EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 12:25 p.m.4 views

CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.6AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2025/10/09 12:15 p.m.4 views

UBUNTU-CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS5.8AI score0.00349EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/09 12:4 p.m.2 views

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.4AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/09 12:4 p.m.5 views

EUVD-2025-33333

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.3AI score0.00349EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/10/09 12:4 p.m.4 views

CVE-2025-11340

Removed by vendor...

7.7CVSS5.8AI score0.00349EPSS
Exploits0
Cvelist
Cvelist
added 2025/10/09 12:4 p.m.8 views

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS0.00349EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 12:4 p.m.5 views

CVE-2025-11340 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scope...

7.7CVSS6.4AI score0.00349EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/08/29 5:35 p.m.41 views

Improper log output when using GitHub Status Notifications in spinnaker

Impact ONLY IMPACTS those use GitHub Status Notifications Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the...

5.3CVSS6.8AI score0.00324EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/28 7:47 p.m.10 views

CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...

4CVSS6.7AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2023/08/28 7:47 p.m.12 views

CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker

Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...

4CVSS6.7AI score0.00324EPSS
Exploits0References4
Rows per page
Query Builder