18 matches found
BIT-GITLAB-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
EUVD-2026-30225
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
CVE-2026-3074
GitLab CVE-2026-3074 affects GitLab CE/EE: versions 16.7–before 18.9.7, 18.10–before 18.10.6, and 18.11–before 18.11.3. An unauthenticated user could download private debugging symbols from inaccessible projects due to improper access control. Root cause: improper access control. Vectors/exploita...
CVE-2026-3074 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...
PT-2026-40862
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper access control allows an unauthenticated user to download private debugging symbols from...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE 16.7 to 18.9.7, 18.10...
CVE-2026-25531
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25531
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
UBUNTU-CVE-2026-25531
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25531
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25530
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
UBUNTU-CVE-2026-25530
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
GitLab 授权问题漏洞
GitLab is an open source, end-to-end software development platform from US-based GitLab with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An authorization issue vulnerability exists in GitLab Community Edition,...