Lucene search
K

7 matches found

CVE
CVE
added 2026/06/25 5:43 p.m.31 views

CVE-2026-54091

CVE-2026-54091 : File Browser public shares allow information disclosure due to incorrect access control when rebasing the owner’s filesystem root for public share paths. Before 2.63.6, the public share handler sets d.user.Fs to a BasePathFs rooted at the shared directory and then checks access w...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 9:53 p.m.7 views

GHSA-J9JX-HP4C-GHHH File Browser has incorrect access control for public directory shares via rule path rebasing

Summary File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's scope. As a result, a...

7.5CVSS5.6AI score0.00471EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6063

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.6AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:16 a.m.5 views

UBUNTU-CVE-2026-6063

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 5:34 a.m.32 views

CVE-2026-6063

GitLab EE vulnerability CVE-2026-6063 affects multiple release lines where an authenticated user with developer permissions could remove code owner approval rules from merge requests due to improper access control. Affected versions include all 11.10.x prior to 18.9.7, 18.10.x prior to 18.10.6, a...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 5:34 a.m.8 views

CVE-2026-6063 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge request...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions of GitLab EE from 11.10...

4.3CVSS5.9AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder