Lucene search
K

86 matches found

NVD
NVD
added 2024/02/21 11:15 p.m.15 views

CVE-2023-3509

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated...

5.4CVSS4.9AI score0.00322EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 11:15 p.m.24 views

Information disclosure

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated...

5.5CVSS7AI score0.00322EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/21 11:15 p.m.5 views

UBUNTU-CVE-2023-3509

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated...

5.4CVSS5.7AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2024/02/21 10:57 p.m.15 views

CVE-2023-3509 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group members with sub-maintainer role to change the title of privately accessible deploy keys associated...

3.7CVSS5.2AI score0.00322EPSS
Exploits0References5
CVE
CVE
added 2024/02/21 10:57 p.m.116 views

CVE-2023-3509

CVE-2023-3509 affects GitLab across versions: before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16.9.1. The issue allows group members with sub-maintainer rights to rename privately accessible deploy keys associated with projects within the group. Mitigations are published by GitLab in fixed rel...

5.4CVSS4.8AI score0.00322EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/02/21 10:57 p.m.16 views

CVE-2023-3509

Removed by vendor...

5.4CVSS6AI score0.00322EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/02/21 12:0 a.m.22 views

GitLab 0 < 16.7.6 / 16.8 < 16.8.3 / 16.9 < 16.9.1 (CVE-2023-3509)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for group...

5.4CVSS5.6AI score0.00322EPSS
Exploits0References4
Veracode
Veracode
added 2023/12/26 5:44 a.m.12 views

Improper Authorization

gitlab is vulnerable to Improper Authorization. It is possible for a removed project member to write to protected branches by using deploy keys...

4.3CVSS6.8AI score0.00425EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/29 8:15 a.m.2 views

UBUNTU-CVE-2023-5198

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys...

4.3CVSS5.7AI score0.00425EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/29 7:1 a.m.16 views

CVE-2023-5198 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys...

4.3CVSS4.6AI score0.00425EPSS
Exploits0References2
OSV
OSV
added 2023/09/29 7:1 a.m.12 views

CVE-2023-5198 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys...

4.3CVSS4.6AI score0.00425EPSS
Exploits0References5
CVE
CVE
added 2023/09/29 7:1 a.m.195 views

CVE-2023-5198

Summary: CVE-2023-5198 affects GitLab installations older than 16.2.7, and releases 16.3 before 16.3.5 and 16.4 before 16.4.1. The root cause is an issue where a removed project member could write to protected branches via deploy keys. Affected software: GitLab (versions prior to 16.2.7; 16.3.x b...

4.3CVSS4.6AI score0.00425EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/09/29 7:1 a.m.23 views

CVE-2023-5198

Removed by vendor...

4.3CVSS5.8AI score0.00425EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/29 12:0 a.m.7 views

PT-2023-31905 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 16.2.7 GitLab versions 16.3 through 16.3.5 GitLab versions 16.4 through 16.4.1 Description: An issue has been discovered in GitLab where a removed project member could write to protected branches using deploy keys...

4.3CVSS6.6AI score0.00425EPSS
Exploits0References12
Veracode
Veracode
added 2023/07/22 9:36 p.m.22 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. When external authorization is enabled, a group owner may be able to overcome it in order to access git repositories and package registries by utilizing deploy tokens or deploy keys...

6.5CVSS6.7AI score0.0089EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/04 12:0 a.m.4 views

PT-2023-8702 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 16.7.6 GitLab versions 16.8 through 16.8.2 GitLab versions 16.9 through 16.9.0 Description: An issue has been discovered in GitLab that allows group members with a sub-maintainer role to change the title of privately...

5.4CVSS6.6AI score0.00322EPSS
Exploits0References15
OSV
OSV
added 2023/01/26 9:15 p.m.4 views

UBUNTU-CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS5.7AI score0.0089EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/01/26 9:15 p.m.34 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.1AI score0.0089EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.2 views

PT-2023-1347 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.9 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.3 GitLab CE/EE versions 15.5 through 15.5.1 Description: The issue is related to a flaw in the authorization procedure when managing keys and tokens using...

9.4CVSS5.6AI score0.0089EPSS
Exploits0References14
OSV
OSV
added 2023/01/24 12:0 a.m.20 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS5.1AI score0.0089EPSS
Exploits0References5
Rows per page
Query Builder