Lucene search
+L

43 matches found

RedhatCVE
RedhatCVE
added 2025/06/28 6:19 a.m.11 views

CVE-2025-5315

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2025/06/26 5:31 a.m.37 views

CVE-2025-5315

CVE-2025-5315 affects GitLab CE/EE: versions 17.2–before 17.11.5, 18.0–before 18.0.3, and 18.1–before 18.1.1 are vulnerable. The issue allows authenticated users with the Guest role to add child items to incident work items by crafting API requests that bypass UI-enforced role restrictions, effec...

4.3CVSS6.4AI score0.00221EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/26 5:31 a.m.16 views

CVE-2025-5315 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

4.3CVSS0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/26 5:31 a.m.4 views

CVE-2025-5315 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

4.3CVSS6.6AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2025/06/26 5:31 a.m.4 views

CVE-2025-5315 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

4.3CVSS6.3AI score0.00221EPSS
Exploits0References5
OSV
OSV
added 2024/09/13 7:15 a.m.2 views

DEBIAN-CVE-2024-46704

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in flushwork When flushing a work item for cancellation, flushwork knows that it exclusively owns the work item through its PENDING bit. 134874e2eee9 "workqueue: Allow cancelworksync and...

4.7CVSS5.1AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 3:15 p.m.2 views

UBUNTU-CVE-2024-41063

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: cancel all works upon hciunregisterdev syzbot is reporting that calling hcireleasedev from hcierrorreset due to hcidevput from hcierrorreset can cause deadlock at destroyworkqueue, for hcierrorreset is called...

5.5CVSS6.2AI score0.00182EPSS
Exploits0References38
OSV
OSV
added 2024/03/06 11:4 a.m.25 views

BIT-GITLAB-2023-3443 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items...

4.3CVSS4.2AI score0.00397EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/02/07 4:33 p.m.5 views

kernel: media: usb: siano: Fix use after free bugs caused by do_submit_urb

A use-after-free vulnerability was found in the Linux kernel's Siano USB driver for digital TV receivers. In dosubmiturb, memory allocated during smsusbprobe can be freed by smsusbtermdevice while URB work items are still referencing it. This leads to a use-after-free condition when worker thread...

5.7AI score0.00177EPSS
Exploits0References5
Veracode
Veracode
added 2023/12/26 12:29 a.m.17 views

Improper Access Control

Gitlab is vulnerable to Improper access control. It is possible for a Guest user to add an emoji on confidential work items...

4.3CVSS6.7AI score0.00397EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/07 12:0 a.m.30 views

GitLab 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-6396)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admingroupmember custom permission can add members with higher role Release Description visible in public projects...

6.5CVSS6.5AI score0.00497EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/12/07 12:0 a.m.18 views

GitLab 12.1 < 16.4.3 / 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-3443)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was...

4.3CVSS5.1AI score0.00397EPSS
Exploits0References4
Prion
Prion
added 2023/12/01 7:15 a.m.15 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items...

4CVSS6.6AI score0.00397EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/12/01 7:2 a.m.40 views

CVE-2023-3443

Removed by vendor...

4.3CVSS5.8AI score0.00397EPSS
Exploits0
CVE
CVE
added 2023/12/01 7:2 a.m.71 views

CVE-2023-3443

GitLab vulnerability CVE-2023-3443 affects GitLab Community and Enterprise Editions, with versions 12.1–16.4.3, 16.5–16.5.2, and 16.6–16.6.0; a Guest user could add an emoji to confidential work items. The issue is documented across multiple sources (NVD/NIST entry, OSV/PRION, and OSV BIT-GITLAB-...

4.3CVSS4.3AI score0.00397EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/12/01 7:2 a.m.29 views

CVE-2023-3443 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items...

3.1CVSS4.5AI score0.00397EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.4 views

PT-2023-24871 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 16.4.2 GitLab versions 16.5 through 16.5.2 GitLab versions 16.6 through 16.6.0 Description: An issue has been discovered in GitLab where a Guest user could add an emoji on confidential work items. Recommendations:...

4.3CVSS4.7AI score0.00397EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/12/01 12:0 a.m.5 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from guest users being ab...

4.3CVSS7AI score0.00397EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/03/08 11:15 p.m.22 views

CVE-2022-4007

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behal...

6.1CVSS6.2AI score0.00555EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/03/08 12:0 a.m.66 views

CVE-2022-4007

Removed by vendor...

6.1CVSS6.3AI score0.00555EPSS
Exploits0
Rows per page
Query Builder