Lucene search
K

38 matches found

OSV
OSV
added last week6 views

GO-2026-5876 Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher

Rancher has Privilege Escalation from Project Owner to Host in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

9.4CVSS5.9AI score0.00319EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 8:57 p.m.11 views

EUVD-2026-40130

Rancher has Privilege Escalation from Project Owner to Host...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/01 8:57 p.m.7 views

Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/01 8:57 p.m.5 views

GHSA-VX8H-4PRV-G744 Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 3:41 p.m.43 views

CVE-2026-41052 Rancher Privilege Escalation from Project Owner to Host

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10...

9.4CVSS0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 3:41 p.m.60 views

CVE-2026-41052

Rancher CVE-2026-41052 describes improper privilege handling that enables users with the Project Owner role to escalate to host-level privileges. Affected releases include Rancher 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10. The entry provides a CVSS v4.0 score of 9.4 (CRITICA...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53314

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.14.2 Rancher versions prior to 2.13.6 Rancher versions prior to 2.12.10 Description Improper privilege handling allows users assigned the Project Owner role to escalate their privileges. Recommendations Update Ranch...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References10
OSV
OSV
added 2026/04/24 9:9 a.m.7 views

BIT-GITLAB-2025-9957 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

2.7CVSS5.4AI score0.00381EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2025-209556

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

2.7CVSS5.8AI score0.00381EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 4:5 p.m.60 views

CVE-2025-9957

GitLab CVE-2025-9957 affects GitLab CE/EE across all versions 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1. The issue stemmed from improper authorization checks that could allow an authenticated user with project owner permissions to bypass group fork prevention settings. Th...

2.7CVSS5.8AI score0.00381EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:5 p.m.3 views

CVE-2025-9957 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

2.7CVSS5.8AI score0.00381EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-26260

Malware in sbrugna...

4.3CVSS4.5AI score0.00815EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-53902

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00614EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.6 views

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 13.3 through prior to 17.11.6, 18.0 through prior to 18.0.4, and 18.1 through prior to 18.1.2, which stems from the possibility that ...

4.3CVSS6.3AI score0.00295EPSS
Exploits0References4
OSV
OSV
added 2025/02/13 1:15 a.m.50 views

UBUNTU-CVE-2024-8266

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances...

6.6CVSS5.8AI score0.00428EPSS
Exploits1References4
CVE
CVE
added 2025/02/13 12:54 a.m.60 views

CVE-2024-8266

CVE-2024-8266 affects GitLab CE/EE, versions starting from 17.1 up to, but not including, 17.6.0. The issue allows an attacker with the maintainer role to trigger a pipeline as the project owner under certain circumstances, exposing potential high-privilege pipeline execution. The vulnerability i...

6.6CVSS6.5AI score0.00428EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2025/02/13 12:54 a.m.26 views

CVE-2024-8266

Removed by vendor...

6.6CVSS5.8AI score0.00428EPSS
Exploits1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.6 views

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...

6.6CVSS6.5AI score0.00428EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.6 views

PT-2025-6770 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.1 through 17.5 Description: An issue was discovered in GitLab CE/EE, which allows an attacker with a maintainer role to trigger a pipeline as the project owner under certain circumstances. Recommendations: For version...

6.6CVSS6.5AI score0.00428EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2024/03/21 12:0 a.m.13 views

CVE-2024-29866

Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges...

7.2AI score0.0069EPSS
Exploits0References2
Rows per page
Query Builder