Lucene search
+L

85 matches found

nvd
nvd
added 2023/09/01 11:15 a.m.22 views

CVE-2023-3915

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privilege...

7.2CVSS6.5AI score0.00565EPSS
Exploits0References2
prion
prion
added 2023/09/01 11:15 a.m.120 views

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privilege...

5.8CVSS6.8AI score0.00565EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/09/01 10:1 a.m.18 views

CVE-2023-3915 Incorrect Execution-Assigned Permissions in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privilege...

6.5CVSS6.6AI score0.00565EPSS
Exploits0References2
debiancve
debiancve
added 2023/09/01 10:1 a.m.35 views

CVE-2023-3915

Removed by vendor...

7.2CVSS7AI score0.00565EPSS
Exploits0
cvelist
cvelist
added 2023/09/01 10:1 a.m.35 views

CVE-2023-3915 Incorrect Execution-Assigned Permissions in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privilege...

6.5CVSS7AI score0.00565EPSS
Exploits0References2
osv
osv
added 2023/09/01 10:1 a.m.23 views

CVE-2023-3915 Incorrect Execution-Assigned Permissions in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privilege...

6.5CVSS6.8AI score0.00565EPSS
Exploits0References5
cnnvd
cnnvd
added 2023/09/01 12:0 a.m.7 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that if ...

7.2CVSS7.2AI score0.00565EPSS
Exploits0References4
zdi
zdi
added 2023/08/30 12:0 a.m.21 views

PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of ...

7.2CVSS7.4AI score0.5809EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/08/04 12:0 a.m.6 views

Matrix-appservice-bridge Authorization Issues Vulnerability

Matrix-appservice-bridge is an open source service. It is used to bridge application services for the Matrix communication program. Matrix-appservice-bridge suffers from an authorization issue vulnerability that stems from the fact that a malicious Matrix server can use an external user's MXID in...

6.5CVSS6.8AI score0.00386EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/06/07 12:0 a.m.5 views

PT-2023-4723 · Papercut · Papercut Ng

Name of the Vulnerable Software and Affected Versions: PaperCut NG affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this issue. The specific flaw exists within...

8.5CVSS7.6AI score0.5809EPSS
Exploits0References9
osv
osv
added 2023/03/21 3:15 p.m.4 views

CVE-2023-27871

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

7.5CVSS5.8AI score0.00903EPSS
Exploits0References2
nvd
nvd
added 2023/03/21 3:15 p.m.23 views

CVE-2023-27871

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

7.5CVSS7.5AI score0.00903EPSS
Exploits0References2
prion
prion
added 2022/07/27 11:15 p.m.19 views

Path traversal

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a...

4CVSS6.5AI score0.00864EPSS
Exploits0References3Affected Software1
prion
prion
added 2022/07/15 1:15 p.m.30 views

Authorization

Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...

4.6CVSS7.2AI score0.02546EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2022/03/23 8:15 p.m.73 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4.3CVSS0.00754EPSS
Exploits0References1
prion
prion
added 2022/03/23 8:15 p.m.19 views

Information disclosure

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4CVSS4.1AI score0.00754EPSS
Exploits0References1Affected Software2
debiancve
debiancve
added 2022/03/18 6:0 p.m.53 views

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

9.8CVSS7.7AI score0.03519EPSS
Exploits0
cnnvd
cnnvd
added 2021/12/07 12:0 a.m.6 views

GitLab代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A code issue vulnerability exists in GitLab CE/EE that stems from an...

7.5CVSS7.9AI score0.35649EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2021/10/11 12:0 a.m.3 views

PT-2021-14924 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.0 through 14.0.8 GitLab versions 14.1 through 14.1.3 GitLab versions 14.2 through 14.2.1 Description: An issue has been discovered in GitLab where a user account with 'external' status, granted the 'Maintainer' role on any...

6.5CVSS6.1AI score0.0106EPSS
Exploits1References11
huntr
huntr
added 2021/06/15 8:7 a.m.8 views

Improper Privilege Management in polonel/trudesk

💥 BUG external user can submit ticket even when its disabled 💥 SUMMURY external user can submit ticket even when its disabled 💥 STEP TO REPRODUCE 1. First from admin account goto settings--tickets and disallow Allow public tickets .\ So, external user cant create ticket using url...

0.3AI score
Exploits0
Rows per page
Query Builder