CVE-2026-3117

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

CVE-2026-3117

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

EUVD-2026-30748

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

CVE-2026-3117

Mattermost plugins contain a permission-check flaw in the GitLab plugin command processing. Versions affected: Mattermost Plugins

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

PT-2026-41650

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

EUVD-2022-3266

Malicious code in bioql PyPI...

EUVD-2022-2627

Malicious code in bioql PyPI...

EUVD-2022-2746

Malicious code in bioql PyPI...

EUVD-2022-7090

Malicious code in bioql PyPI...

EUVD-2025-0210

Malicious code in bioql PyPI...

EUVD-2022-4265

Malicious code in bioql PyPI...

CVE-2025-24397

An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credential IDs of GitLab API token and Secret text credentials stored in Jenkins...

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2022-43411

Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2022-34777

Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-30955

Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2019-10300

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...