EUVD-2025-199760

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests...

CVE-2025-12653

Affected products/versions: GitLab CE/EE 18.3–18.4.5, 18.5–18.5.3, and 18.6–18.6.1. Vulnerability: unauthenticated users could join arbitrary organizations by altering headers on certain requests. Root cause / vector: manipulation of request headers leading to org-join authorization bypass (per t...

PT-2025-48180

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests...

SUSE CVE-2022-39306

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...