CVE-2026-29789 Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...

Gitlab -- vulnerabilities

Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they...

CVE-2023-2485

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they...