16 matches found
EUVD-2024-16205
Malicious code in bioql PyPI...
CVE-2024-0410
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
BIT-GITLAB-2024-0410 Improper Enforcement of Behavioral Workflow in GitLab
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
CVE-2024-0410
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
Authorization
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
CVE-2024-0410
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
CVE-2024-0410 Improper Enforcement of Behavioral Workflow in GitLab
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
CVE-2024-0410 Improper Enforcement of Behavioral Workflow in GitLab
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
CVE-2024-0410
CVE-2024-0410 affects GitLab with an authorization bypass: a developer could bypass CODEOWNERS approvals by creating a merge conflict. Affected versions are 15.1 before 16.7.6, 16.8 before 16.8.3, and 16.9 before 16.9.1. The vulnerability has a HIGH impact (CVSS 7.7) with a network attack vector,...
CVE-2024-0410
Removed by vendor...
CVE-2024-0410 Improper Enforcement of Behavioral Workflow in GitLab
An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict...
GitLab Access Control Error Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an Access Control Error vulnerability that stems from the...
Merge Conflict PRs in Confluence-frontend-plugin
Merge Conflict PRs in Confluence-frontend-plugin after NPM Audit Fix...
PT-2024-1871 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 15.1 through 16.7.5 GitLab versions 16.8 through 16.8.2 GitLab versions 16.9 through 16.9.0 Description: The issue is related to insufficient access control in GitLab, allowing a remote attacker to bypass security restrictions...
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Context Merge conflict resolution issue when porting the v5.0.1 Multicall update to the v4.9 branch caused a duplicated line. Impact Versions using Multicall from @openzeppelin/[email protected] and @openzeppelin/[email protected] will execute each subcall twice. Concretely, this exposes ...
GHSA-699G-Q6QH-Q4V8 OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Context Merge conflict resolution issue when porting the v5.0.1 Multicall update to the v4.9 branch caused a duplicated line. Impact Versions using Multicall from @openzeppelin/[email protected] and @openzeppelin/[email protected] will execute each subcall twice. Concretely, this exposes ...