CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

Tenable Nessus•added 2025/08/30 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-2307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions...

3.8CVSS5AI score0.00085EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 6:20 p.m.•4 views

CVE-2021-22186

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners...

4.9CVSS6.2AI score0.0017EPSS

Exploits0References1

OSV•added 2024/03/06 11:20 a.m.•13 views

BIT-GITLAB-2021-22186

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners...

4.9CVSS4.5AI score0.0017EPSS

Exploits0References3

OSV•added 2024/03/06 11:15 a.m.•15 views

BIT-GITLAB-2022-2307

A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted,...

3.8CVSS3.9AI score0.00085EPSS

Exploits0References3

CNNVD•added 2023/09/01 12:0 a.m.•2 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that if ...

7.2CVSS7.2AI score0.00047EPSS

Exploits0References4

Veracode•added 2023/07/22 9:36 p.m.•18 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. When external authorization is enabled, a group owner may be able to overcome it in order to access git repositories and package registries by utilizing deploy tokens or deploy keys...

6.5CVSS6.7AI score0.00185EPSS

Exploits0References4Affected Software1

WPVulnDB•added 2023/07/18 12:0 a.m.•21 views

ProfileGrid < 5.5.3 - Group Owner+ Unauthorized Data Modification

Description The plugin does not adequately check capabilities on the 'editgroup' handler, enabling authenticated users with group ownership to improperly update group options, including the 'associaterole' parameter, which sets the member's role...

8.8CVSS6.8AI score0.00179EPSS

Exploits0References1Affected Software1

Prion•added 2023/01/26 9:15 p.m.•31 views

Authorization

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

3.3CVSS5AI score0.00185EPSS

Exploits0References3Affected Software1

Prion•added 2022/08/05 4:15 p.m.•19 views

Code injection

An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to preven...

3.3CVSS3.7AI score0.00181EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2022/08/05 4:15 p.m.•33 views

CVE-2022-2307

3.8CVSS5.9AI score0.00085EPSS

Exploits0References1

UbuntuCve•added 2022/08/05 4:15 p.m.•21 views

CVE-2022-2459

2.7CVSS5.7AI score0.00181EPSS

Exploits0References1

CVE•added 2022/08/05 3:12 p.m.•98 views

CVE-2022-2459

GitLab Enterprise Edition (GitLab EE) is affected by CVE-2022-2459 in affected versions prior to 15.0.5, versions 15.1 before 15.1.4, and versions 15.2 before 15.2.1. Description: an issue could allow email-invited members to join a project even after the group-owner setting to prevent adding mem...

2.7CVSS3.7AI score0.00181EPSS

Exploits0References3Affected Software1

Cvelist•added 2019/04/22 3:35 p.m.•23 views

CVE-2011-3145 mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group

When mount.ecrpytfsprivate before version 87-0ubuntu1.2 calls setreuid it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfsprivate...

3.8CVSS9.4AI score0.00234EPSS

Exploits0References1

Veracode•added 2017/04/12 6:29 a.m.•9 views

Information Disclosure And Elevation Of Priveleges

Loopback is vulnerable to elevation of privilege attacks and information disclosure. This is possible because ACL relations are not enforced. This means that if a malicious user has user group relation, it may allow the group owner to view all user tokens in that group. They can then use that...

6.3AI score

Exploits0

Prion•added 2013/03/20 3:55 p.m.•16 views

Code injection

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors...

3.6CVSS6.7AI score0.00056EPSS

Exploits0References3Affected Software1