43 matches found
CVE-2025-5315
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...
CVE-2025-5315
CVE-2025-5315 affects GitLab CE/EE: versions 17.2–before 17.11.5, 18.0–before 18.0.3, and 18.1–before 18.1.1 are vulnerable. The issue allows authenticated users with the Guest role to add child items to incident work items by crafting API requests that bypass UI-enforced role restrictions, effec...
CVE-2025-5315 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...
CVE-2025-5315 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...
CVE-2025-5315 Missing Authorization in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...
DEBIAN-CVE-2024-46704
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in flushwork When flushing a work item for cancellation, flushwork knows that it exclusively owns the work item through its PENDING bit. 134874e2eee9 "workqueue: Allow cancelworksync and...
UBUNTU-CVE-2024-41063
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: cancel all works upon hciunregisterdev syzbot is reporting that calling hcireleasedev from hcierrorreset due to hcidevput from hcierrorreset can cause deadlock at destroyworkqueue, for hcierrorreset is called...
BIT-GITLAB-2023-3443 Incorrect Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items...
kernel: media: usb: siano: Fix use after free bugs caused by do_submit_urb
A use-after-free vulnerability was found in the Linux kernel's Siano USB driver for digital TV receivers. In dosubmiturb, memory allocated during smsusbprobe can be freed by smsusbtermdevice while URB work items are still referencing it. This leads to a use-after-free condition when worker thread...
Improper Access Control
Gitlab is vulnerable to Improper access control. It is possible for a Guest user to add an emoji on confidential work items...
GitLab 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-6396)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admingroupmember custom permission can add members with higher role Release Description visible in public projects...
GitLab 12.1 < 16.4.3 / 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-3443)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items...
CVE-2023-3443
Removed by vendor...
CVE-2023-3443
GitLab vulnerability CVE-2023-3443 affects GitLab Community and Enterprise Editions, with versions 12.1–16.4.3, 16.5–16.5.2, and 16.6–16.6.0; a Guest user could add an emoji to confidential work items. The issue is documented across multiple sources (NVD/NIST entry, OSV/PRION, and OSV BIT-GITLAB-...
CVE-2023-3443 Incorrect Authorization in GitLab
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items...
PT-2023-24871 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 16.4.2 GitLab versions 16.5 through 16.5.2 GitLab versions 16.6 through 16.6.0 Description: An issue has been discovered in GitLab where a Guest user could add an emoji on confidential work items. Recommendations:...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from guest users being ab...
CVE-2022-4007
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behal...
CVE-2022-4007
Removed by vendor...